Ssh keys

From OpenVZ Virtuozzo Containers Wiki
Revision as of 12:41, 11 September 2006 by Kir (talk | contribs) (Generating ssh keys moved to Ssh keys: It's not just about generation...)
Jump to: navigation, search

If you intend to accomplish VEs migration between nodes you have to generate ssh keys for these nodes and put these keys to the appropriate place on remote side. Kir has recently written a script to facilitate this operation. Take a look: 

#!/bin/bash
#
# Copyright (C) 2001, 2002, 2006 by SWsoft.
# Author: Kir Kolyshkin
#
# This script is used to put your public ssh keys to another host's
# authorized_keys[2], so you will be able to ssh login without entering
# a password. Key pairs are generated if needed, and connectivity
# is checked after putting the keys.

PROGNAME=`basename $0`

function usage()
{
	echo "Usage: $PROGNAME [user@]IP [[user@]IP ...]" 1>&2
	exit 0
}

# Check for correct number of parameters
test $# -gt 0 || usage;

SSH_KEYGEN=`which ssh-keygen`
if test $? -ne 0; then
	# Error message is printed by 'which'
	exit 1
fi

SSH_DIR=~/.ssh
if ! test -d $SSH_DIR; then
	mkdir $SSH_DIR
fi
chmod 700 $SSH_DIR


if [ ! -f $SSH_DIR/identity ] || [ ! -f $SSH_DIR/identity.pub ]; then
	echo "Generating ssh1 RSA keys - please wait..."
	rm -f $SSH_DIR/identity $SSH_DIR/identity.pub
	$SSH_KEYGEN -t rsa1 -f $SSH_DIR/identity -P ''
	if [ $? -ne 0 ]; then
		echo "Command \"$SSH_KEYGEN -t rsa1 -f $SSH_DIR/identity" \
			 "-P ''\" failed" 1>&2
		exit 1
	fi
else
	echo "ssh1 RSA key is present"
fi

if [ ! -f $SSH_DIR/id_dsa ] || [ ! -f $SSH_DIR/id_dsa.pub ]; then
	echo "Generating ssh2 DSA keys - please wait..."
	rm -f $SSH_DIR/id_dsa $SSH_DIR/id_dsa.pub
	$SSH_KEYGEN -t dsa -f $SSH_DIR/id_dsa -P ''
	if test $? -ne 0; then
		echo "Command \"$SSH_KEYGEN -t dsa -f $SSH_DIR/id_dsa" \
			 "-P ''\" failed" 1>&2
		exit 1
	fi
else
	echo "ssh2 DSA key is present"
fi

SSH1_RSA_KEY=`cat $SSH_DIR/identity.pub`
SSH2_DSA_KEY=`cat $SSH_DIR/id_dsa.pub`

for IP in $*; do
	echo "You will now be asked for password for $IP"
#	set -x
	ssh -oStrictHostKeyChecking=no $IP "mkdir -p ~/.ssh; chmod 700 ~/.ssh; \
		echo \"$SSH1_RSA_KEY\" >> ~/.ssh/authorized_keys; \
		echo \"$SSH2_DSA_KEY\" >> ~/.ssh/authorized_keys2; \
		chmod 600 ~/.ssh/authorized_keys ~/.ssh/authorized_keys2"
#	set +x
	if test $? -eq 0; then
		echo "Keys were put successfully"
	else
		echo "Error putting keys to $IP" 1>&2
	fi
done

for IP in $*; do
	for ver in 1 2; do
		echo -n "Checking $IP connectivity by ssh$ver... "
		ssh -q -oProtocol=${ver} -oBatchMode=yes \
		  -oStrictHostKeyChecking=no $IP /bin/true
		if [ $? -eq 0 ]; then
			echo "OK"
		else
			echo "failed" 1>&2
		fi
	done
done
Retrieved from "https://wiki.openvz.org/index.php?title=Ssh_keys&oldid=2265"