HiveBrain v1.2.0
Get Started
← Back to all entries
patternbashModerate

SSH passing your Public key to all the users on remote host

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
theyourallpublicpassinghostremoteuserssshkey

Problem

I've grown tired of typing my password back and forth to all the hosts you connect to, i want to be able to jump to every single user on all the hosts with ease.

So i've made this script with a quite messy oneliner at the end of it.

The script first reads user input where to connect to.

remote_user, remote_host and remote_port.

echo "Enter the user you want to connect with (sudo needs to be enabled and installed)"
read -e rUser

echo "Enter the host you want to connect to"
read -e rHost

echo "Enter the SSH-port"
read -e rPort

read -s -p "Enter Password: " password


Checks if ssh-key is generated, if not proceeds with ssh-keygen for the user to generate a strong key.

if [ ! -d "$HOME/.ssh" ] && [ ! -f "$HOME/.ssh/id_rsa" ] && [ ! -f "$HOME/.ssh/id_rsa.pub" ]; then
    echo -e "Private / Public keys not generated"
    echo -e "Generating..."
    ssh-keygen -b 4096
fi


After that we proceed with establishing ssh-connection and creating the authorized_keys file on the remote host.

(Annoying 'bug' here you have to enter the password twice, since it doesnt seem possible to read ssh-password from stdin.)

cat "$HOME/.ssh/id_rsa.pub" | ssh "$rUser@$rHost" -p $rPort "cat >> ~/.ssh/authorized_keys"


Since the script will only be run once per remote host, its acceptable.

We continue with the quite messy oneliner.

We're establishing an SSH connection, to solve the problem with password over SSH we pass the -S parameter to SUDO that lets us read the password from STDIN. Now our subsequent SUDO calls will work. We proceed and create the .ssh directories for all the users on the system if they dont exist.

We create the authorized_keys file for all users and set correct owner, then we append authorized_keys file of the user we connected with.

```
remoteUsers=($(ssh "$rUser@$rHost" -p $remotePort
'echo '"$password"' | sudo -S ls /home/ && for localUser
in $(ls /home | grep -v $USER); do sudo mkdir -p /home/$localUser/.ssh &&
sudo touch /home/

Solution

That looks crazy. But some constructive comments:

-
Did you check for ssh-copy-id script, that is usually shipped with openssh? It solves for you the first part of your problem in standard way.

-
The second problem is in my eyes non-existent. Do you really need your authorized_keys in all accounts? Isn't it enough for one user that can do sudo?

-
The third is part is interesting. SSH config file is useful thing and I appreciate that you use it. I see the main plus in the auto-complete of full user_host string in your case (instead of user@host, where ssh would help only with the host part), but if you would use only one user, you would not need that either.

-
You need to count with the case that sudo might not accept password without TTY or from pipe on command-line.

-
Sending password in command like this might be also security issue, since the command might get logged somewhere on the remote host (debug output or in audit).

Context

StackExchange Code Review Q#123943, answer score: 16

Revisions (0)

No revisions yet.