Table of Contents
Ubuntu - SSH - Distribute public keys
For a bunch of networked servers, I'd rather recommend one of the two following approaches:
- Store SSH keys in LDAP (OpenSSH servers generally will require LPK patch set).
- Provide CA signed certificates to your users and keep a certificate revocation list to centrally disable certain certificates.
Using generic configuration management software
Any generic configuration management software like Puppet, Chef, Bcfg2 or cfengine could accomplish the task.
Ansible is a very lightweight CM system that has a module to muck with authorized key files over ssh.
SSH KeyDB is meant to do exactly that, administrate roles, servers and users, distribute user keys, gather host keys etc. It even has something called “locations”.
Using cron
Since the authorized_keys file is not that complicated, you could also use rsync or a (D)SCM like git or hg to manage this file.
You have the “master” file on one of your servers and serve it via rsync/git/hg/…. On every other server you run a cron job which periodically retrieves the master copy (if it was changed) and copies it to the correct local location. This would even work with pure HTTP or FTP.
Let the “clients” (the computers, which should have the current authorized_keys file) fetch it from your master server and deploy it locally.
Using a bash script
A very easy solution, that does the same with firewall-rules
Example file hosts.conf:
- hosts.conf
192.168.0.1 192.168.2.99 192.168.2.100
- distribute.sh
#!/bin/bash for d in `cat ./hosts.conf`; do echo "copying to $d ..."; scp /root/.ssh./authorized_keys root@$d:/root/.ssh./authorized_keys done;