04-30-2014
If you put the public SSH key on each of the servers, then you will be able to have password-less authentication to run the commands. Do you know how to generate the keys and what to do with them?
If you are running as the root user, then you will need to make sure that the /etc/ssh/sshd.conf configuration file permits root login. There are a number of options to consider and balance against the risks.
I'm afraid that there is no easy way to get them onto each server - it will be a manual task, but the investment of time in a one off action.
Note
When you are adding your users, you will need to make sure that their UID is unique too. Some servers will object if you try to add a user with a specific UID that already exists. You could get away with not specifying the UID, but then if you are NFS sharing files (or moving them keeping original permissions) then you will all sorts of problems because files are owned by the UID not the alphabetic userid.
I agree with jlliagre that you would be better to use NIS (historically also known as YP) or LDAP. Once set up, that would cut down the administration effort.
Robin
This User Gave Thanks to rbatte1 For This Post:
8 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
hi all :
i am new to unix and linux world , my experience is near zero, so i am seeking your help to maintain a learning environment to try to catch up with linux and unix in the same time , furthermore win 2000 server is a must for my current job , so what do u think , can this triple boot... (1 Reply)
Discussion started by: behmoth
1 Replies
2. Solaris
All,
I have a problem with booting up of servers. I am involved in application programming(Perl/Shell), but don't have much hardware knowledge about the Sun Solaris Server's we use.
Our Development Servers are located at a remote place from the Development Centre. Every time there is a Power... (1 Reply)
Discussion started by: rahulrathod
1 Replies
3. Shell Programming and Scripting
I have a couple of servers that can't see each other and need to copy files from one to the other. I try to invoke scp from a 3rd server that can see both servers - get error msgs that are cryptic.
from server C
I can do
scp user@serverA:~/file .
scp file user@serverB:~
but if I try to... (2 Replies)
Discussion started by: bigjohn-nj
2 Replies
4. AIX
Hello,
I've created new DNS servers and changed all of the clients /etc/resolv.conf to point to them, but when I check the old DNS logs, I see that the clients are still querying it. Does anybody know why?
thanks, (2 Replies)
Discussion started by: ctcuser
2 Replies
5. Shell Programming and Scripting
hi
I wish to fire certain set of commands on different servers using single script on one of the server. The problem is that these servers only allow ssh session. telnet to these systems is blocked.
Is there any way i can do this as rsh does not works.
Regards
Rochit (7 Replies)
Discussion started by: rochitsharma
7 Replies
6. UNIX for Dummies Questions & Answers
Hello,
I tried ssh in debug mode and below is the debug snippet.ssh to a host is not working from any of the hosts
No credentials cache found
debug1: Miscellaneous failure
No credentials cache found
debug1: Next authentication method: publickey
debug1: Offering RSA public key:... (7 Replies)
Discussion started by: Vishal_dba
7 Replies
7. Solaris
Hey Guys
i've got a question about the AI Server. Is there any possibility to backup existing servers to reinstall them automaticly by using the AI Server?
Regards
Marcus (3 Replies)
Discussion started by: Marcusg562
3 Replies
8. UNIX for Advanced & Expert Users
Hey everyone,
I have got 100 different servers(all linux and same version).One of them admin server can reach to others and their structures are same.For example I want to change OS dates and weblogic(java dates) for the timezone project.But I do not want to deal with each one separately.I want... (10 Replies)
Discussion started by: daggerphobia_
10 Replies
LEARN ABOUT SUNOS
ssh-keysign
ssh-keysign(1M) ssh-keysign(1M)
NAME
ssh-keysign - ssh helper program for host-based authentication
SYNOPSIS
ssh-keysign
ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication
with SSH protocol version 2. This signature is of data that includes, among other items, the name of the client host and the name of the
client user.
ssh-keysign is disabled by default and can be enabled only in the global client configuration file /etc/ssh/ssh_config by setting Host-
basedAuthentication to yes.
ssh-keysign is not intended to be invoked by the user, but from ssh. See ssh(1) and sshd(1M) for more information about host-based authen-
tication.
/etc/ssh/ssh_config
Controls whether ssh-keysign is enabled.
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, readable
only by root, and not accessible to others. Because they are readable only by root, ssh-keysign must be set-uid root if host-based
authentication is used.
ssh-keysign will not sign host-based authentication data under the following conditions:
o If the HostbasedAuthentication client configuration parameter is not set to yes in /etc/ssh/ssh_config. This setting cannot be overri-
den in users' ~/.ssh/ssh_config files.
o If the client hostname and username in /etc/ssh/ssh_config do not match the canonical hostname of the client where ssh-keysign is
invoked and the name of the user invoking ssh-keysign.
In spite of ssh-keysign's restrictions on the contents of the host-based authentication data, there remains the ability of users to use it
as an avenue for obtaining the client's private host keys. For this reason host-based authentication is turned off by default.
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWsshu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
ssh(1), sshd(1M), ssh_config(4), attributes(5)
AUTHORS
Markus Friedl, markus@openbsd.org
HISTORY
ssh-keysign first appeared in Ox 3.2.
9 Jun 2004 ssh-keysign(1M)