SSH Key-based authentication (also known as public-key authentication) allows for password-less authentication and it is a more secure and a much better solution than password authentication. One major advantage of SSH password-less login, let alone security is that it allows for automation of various kinds of cross-server processes.
In this article, we will demonstrate how to create an SSH key pair and copy the public key to multiple remote Linux hosts at once, with a shell script.
Create a New SSH Key in Linux
First, generate the SSH key pair (the private/identity key that an SSH client uses to authenticate itself when logging into a remote SSH server and the public key stored as an authorized key on a remote system running an SSH server) using the ssh-keygen command as follows:
Create a Shell Script for Mulitple Remote Logins
Next, create a shell script that will help in copying a public key to multiple remote Linux hosts.
# vim ~/.bin/ssh-copy.sh
Copy and paste the following code in the file (replace the following variables accordingly
USER_NAME – the username to connect with,
HOST_FILE – a file which contains the list of hostnames or IP addresses, and
ERROR_FILE – a file to store any ssh command errors).
#!/bin/bash USER_NAME="root" HOST_FILE="/root/hosts" ERROR_FILE="/tmp/ssh-copy_error.txt" PUBLIC_KEY_FILE="$1" if [ ! -f $PUBLIC_KEY_FILE ]; then echo "File '$PUBLIC_KEY_FILE' not found!" exit 1 fi if [ ! -f $HOST_FILE ]; then echo "File '$HOST_FILE' not found!" exit 2 fi for IP in `cat $HOST_FILE`; do ssh-copy-id -i $PUBLIC_KEY_FILE [email protected]$IP 2>$ERROR_FILE RESULT=$? if [ $RESULT -eq 0 ]; then echo "" echo "Public key successfully copied to $IP" echo "" else echo "$(cat $ERROR_FILE)" echo exit 3 fi echo "" done
Save the file and close it.
Then make the script executable with the chmod command as shown.
# chmod +x ssh-copy.sh
Now run the
ssh-copy.sh script and specify your public key file as the first argument as shown in the screenshot:
# ./ssh-copy.sh /root/.ssh/prod-rsa.pub
ssh-agent to manage your keys, which holds your decrypted private key in memory and uses it to authenticate logins. After starting the
ssh-agent, add your private key to it as follows:
# eval "$(ssh-agent -s)" # ssh-add ~/.ssh/prod_rsa
Login to Remote Linux Server without Password
Now you can log into any of your remote hosts without providing a password for SSH user authentication. This way, you can automate cross-server processes.
# ssh [email protected]
That’s all we had for you! If you have any contribution(s) to make particularly towards improving the shell script, let us know via the feedback form below.