In my environment I manage about 10 Linux servers that require regular package updates. I have a script written to connect to each individually and run the update. Additionally, I have RSA keys installed on each server. Here is my code:
hosts=(host1 host2 host3 host4)
read -sp "sudo password (will be used on all servers): " password && echo ""
for host in ${hosts[@]}
do
echo "-------------------------------------------$host----------------"
ssh -t $host "sudo -Sp '' apt-get update <<EOP && sudo apt-get upgrade -y
$password
EOP"
done
My goal is to read in a password once and have the apt-get update run without prompting.
Currently when running the script, I am prompted just after the echo statement for a password on each system. When monitoring the /var/log/auth.log file there is no entry generated until after I enter a password. (I would expect a failed login attempt with the RSA key).
When connecting directly to each server, the RSA keys work correctly and can be verified by checking the /var/log/auth.log file. Using tail -F /var/log/auth.log on the server I can see that the password request is for authentication rather than using the RSA key.
I have checked:
- Permissions on the identity file.
- Using -i to specify an identity file
- using the full path to the identity file.
- adding 'user@' $host to the ssh command to force a specific user.
