#!/bin/bash -x # sshkeyauth - setup ssh key-based authentication - version 1.0 - July 11 # Copyright 2011 Giuseppe Cuccu, http://www.idsia.ch/~giuse all rights reserved # Licensed under CC BY-SA 3.0 http://creativecommons.org/licenses/by-sa/3.0/ # This script is provided AS I USE IT and under constant updating - NO WARRANTY # # Configure the variables below and just run the script # # User name is supposed to be the same on all servers, as often the case. # Empty the proxy field to disable port forwarding configuration (VPN SSH tunneling) # # VARS TO SET svlst="salvia.idsia.ch ares.dti.supsi.ch copernicio.idsia.supsi.ch" proxy="bastion.idsia.ch" svuser="cuccu" # DEFAULT VARIABLES kalgo="dsa" ksize="1024" sshconfdir=".ssh" # AUTOMATIC VARIABLES privkey="${sshconfdir}/id_${kalgo}" pubkey="${privkey}.pub" authkeys="${sshconfdir}/authorized_keys" # Robustness tweak - ${svlst} is robust to containing or not the proxy svlst="${svlst//${proxy}/} ${proxy}" # DEBUG - start from zero #echo "BEWARE!! YOUR SETTINGS WILL BE ERASED!!" && exit for sv in ${svlst}; do ssh "${svuser}@${sv}" "rm -rf ${sshconfdir}"; done rm -rf .ssh # DEBUG - end # Generate your keys and add them to ssh-agent cd ${HOME} mkdir -m 700 -p ${sshconfdir} ssh-keygen -t ${kalgo} -b ${ksize} -N "" -f ${privkey} ssh-add # If you want to use a proxy, do the same on itand get its key if [ -n "${proxy}" ]; then # proxykey will be not set unless a proxy is provided proxykey="${sshconfdir}/proxy.pub" ssh "${svuser}@${proxy}" \ "mkdir -m 700 -p ${sshconfdir} && \ ssh-keygen -t ${kalgo} -b ${ksize} -N \"\" -f ${privkey} >/dev/null \ && cat ${pubkey}" > ${proxykey} # ugly but saves one login # note: in my case I didn't need to run ssh-add on the proxy # add the call before the cat if needed fi # Add the public key from local machine (and eventually proxy) to all servers for sv in ${svlst}; do cat "${pubkey}" "${proxykey}" | \ ssh "${svuser}@${sv}" \ "mkdir -m 700 -p ${sshconfdir} && \ cat - >> ${authkeys}" echo -n "Shared key authentication" if [ $? == 0 ]; then echo -n " set "; else echo "\n\t FAILED"; fi echo "on server ${sv}" done # Recreate ssh configuration file #./sshconf .ssh/config echo -e "\n\tDone!\n"