I know I can do the following to copy an SSH key
ssh-copy-id user@server.com
but when I deploy a new server, I need to authorize multiple SSH keys to it. Is there anyway to make life easier for authorizing multiple SSH keys?
Asked
Active
Viewed 2,040 times
0
-
3I have an Ansible playbook for [distributing ssh keys](http://docs.ansible.com/authorized_key_module.html). – Michael Hampton May 21 '15 at 06:56
-
I don't use ansible so its useless for me to setup something just to transfer SSH keys :) @MichaelHampton – Asim May 25 '15 at 19:19
-
2Something that makes your life easier is "useless"? And if you don't use ansible, what do you use? – Michael Hampton May 25 '15 at 19:23
-
Do you know what ssh-copy-id does, i.e. about the purpose and existence of the file `~/.ssh/authorized_keys`? – AD7six May 25 '15 at 22:53
-
@MichaelHampton sorry if it offended you but my point was that doing all that just to transfer SSH keys is a big task – Asim May 26 '15 at 19:45
-
@AD7six of course I do – Asim May 26 '15 at 19:46
2 Answers
0
Reading the man-page of ssh-copy-id, it seems that it should copy all the keys from the ssh-agent that aren't accepted for login. So, load all the keypairs into ssh-agent using ssh-add and use ssh-copy-id after that.
If that doesn't work, you can try specifying the keys for ssh-copy-id:
for i in ~/.ssh/*.pub; do
ssh-copy-id -i $i user@host
done
If that still doesn't work for you, maybe take a look at something like ansible:
# sshkeys.yml
---
- hosts: all
remote_user: foo
tasks:
- authorized_key:
user: foo
key: '{{lookup("file", item)}}'
with_items:
- id_rsa.pub
- id_rsa_alternate.pub
Use like:
ansible-playbook -i remote.host.com, -k sshkeys.yml
Be sure to read more about ansible if you choose to go this route.
ptman
- 28,394
- 2
- 30
- 45
-4
INTRO
This way beats ssh copy id by miles as you can copy the keys to any user, for an ssh server with any port, not just 22. oh and u can have multiple keys in your authorized_keys.org that will get appended to the authorized_keys file on the server. Make sure authorized_keys.org has one ssh public key per line.
There are many ways you can construct these lines to your likeing. I suggest never forgetting this cat | ssh cat method or the similar echo | ssh ssh cat method, as they are perfect for writing on remote servers. cat SOMETHING | ssh SERVER "cat - > REMOTEFILE" or you can use echo like so echo "SOMETHING" | ssh SERVER "cat - > REMOTEFILE" these are perfect methods to read in something locally & then write it or append it on another server. Write it like this cat - > REMOTEFILE or append it like this cat - >> REMOTEFILE
THE ANSWERS
cat authorized_keys.org | ssh -p 22 root@server.com "cat - >> /root/.ssh/authorized_keys"
or
cat authorized_keys.org | ssh -p 22 root@server.com "cat - >> ~/.ssh/authorized_keys"
Also if you have the ssh key (one ssh key):
cat id_rsa.pub | ssh -p 22 root@server.com "cat - >> /root/.ssh/authorized_keys"
or
cat id_rsa.pub | ssh -p 22 anyuser@server.com "cat - >> ~/.ssh/authorized_keys"
That should be enough to make sense of it all.
MORE INFO
NOTE: Read my comments below on the fact that your not limited to using "root". Here you can see all parts of it are modifyable:
[input of ssh keys or keys (as long as new line sepearted)] | ssh -p PORT USER@SERVER "cat - >> AUTHORIZEDKEY"
BONUS: lets say that ssh server doesnt allow password logins and only allows SSH keys, yet you want to let it know about more key[s].
[input of ssh keys or keys (as long as new line sepearted)] | ssh -i PRIVATE -p PORT USER@SERVER "cat - >> AUTHORIZEDKEY"- [input of ssh keys or keys (as long as new line sepearted)]: this can be a cat of a file with 1 or more public keys as long as they are new line sepeareted or an echo of a full public key (or many public keys, again as long as they are new line seperated - you can use "echo -e 'line1\nline2'" to seperate new lines with echo.)
- PRIVATE: if your ssh server only lets a certain key in, because it has ssh key auth only configured and it has your public key. then specify the private key of that public key key
- USER: the user to which you want to connect and edit its key. If you connect as root (example: root@server.com), you can add to anyones keys "cat - >> /home/anyuser/.ssh/authorized_keys" or you can add to roots keys "cat - >> /root/.ssh/autorized_keys" . However if you connect up as user1 then you can only change user1s keys "cat - >> /home/user1/.ssh/authorized_keys" or more simply "cat - >> ~/.ssh/authorized_keys" (this last one works for any user).
- SERVER: the server you want to connect to. In this case its server.com
- PORT: the accepted SSH server port on the server. Usually its Port 22. Note if its port 22 you can leave out "-p 22" as that is default.
- AUTHORIZEDKEY: this is the location of the authorized_keys. I covered this in USER point. This will either be "/root/.ssh/authorized_keys" or "/home/user1/.ssh/authorized_keys" or "~/.ssh/authorized_keys"
-
I think you may have misinterpreted my first comment and gone in the wrong direction - ssh-copy-id _can_ use a different port because it's just a wrapper to ssh itself. It would be in your interest to: remove emotion and hyperbole from your answer and comments, especially when it's so trivial to counter (`any port, not just 22`, `This way beats ssh copy id by miles`), make your answer _much_ shorter - the primary audience of SF are not noobs, and don't need the basics of bash explained to them. Note also that I alluded to exactly what you've answered in a comment to the question. – AD7six May 26 '15 at 12:14
-
@user2580961If you feel any of the responses you've received were unjust, you're always welcome to open a discussion on meta.SF. – EEAA May 26 '15 at 18:05