-1

I need to use a bash script to do the following:

  1. generate public private key on NodeA
  2. Copy the public key into a remote NodeB 's authorized_keys
  3. Add NodeB to NodeA's known_hosts.

I need to do all this without a password prompt for ssh-ing into NodeB

In the second step I am even specifying the private key with "-i".

The following script I have now still asks for password 

#!/bin/bash

sudo ssh-keygen -t rsa -N "" -f /root/.ssh/id_ccn_rsa
ssh -i /root/.ssh/id_ccn_rsa -o StrictHostKeyChecking=no $1
sudo sh -c "ssh-keyscan $1 >> /root/.ssh/known_hosts"
Etan Reisner
  • 77,877
  • 8
  • 106
  • 148
Aishwarya
  • 47
  • 6
  • 1
    Tell us first how you are able to access the remote server without using a password and what user and/or permissions you have. Exclude the part about transferring any files first. – konsolebox Aug 14 '14 at 20:43
  • I am able to ssh into the two nodes from my system. I need to ssh from one node to the other. For these two nodes to talk to each other, I wish to setup a separate key pair. I do not have access to the password. The only way I can get this to work right now is by copy pasting the publickey from nodeA into the authorized_keys list of nodeB , while I am ssh-ed into both of them from my pc – Aishwarya Aug 14 '14 at 21:06
  • Consider using something like saltstack or ansible. Or, since this activity is a one of, use cluster ssh to edit the file on all hosts at the same time. – tink Aug 14 '14 at 21:21

1 Answers1

0

There is no magic.

To deploy the key you MUST be able to login without the key at least one time. Or have someone who can login and has root access deploy the public key for you.

You cannot login without a password and without a key unless your account was set up without a password AND sshd was configured with the non-default PermitEmptyPasswords yes option.

Jim Garrison
  • 85,615
  • 20
  • 155
  • 190
  • If I have 10//more nodes who need to scp something to a remote node, I can't log into it from each node manually. That is what I am doing right now. But is there any way to automate it ? – Aishwarya Aug 14 '14 at 21:14
  • You have to use `ssh-copy-id` once to deploy the public key to each target. After that, if the private key has no password, you can login without a password. You can set up an entry in `~/.ssh/config` to make a short alias for each destination and tell it which private key to use. – Jim Garrison Aug 14 '14 at 21:33