Menu Close

SSH Bash Script – Copy ID

It is quite normal within a tech business to need to rapidly distribute SSH keys across a number of servers. This could be for an number of reasons, a new member of staff needing access to certain servers, a new Admin needing access to all servers, or even a system service of application needing access to a group of servers.

The current best practice for SSH access is to use an SSH key rather than a password, as this restricts access to a set computer, or group of computers, where as a password can be used from anywhere.

Naturally it is recommended that firewall and ACL rules be set up, but to reinforce this the SSH key is key.

Many companies will have a set password, or short list of passwords, for internal server access. This is to facilitate easy access for staff to systems inside a firewall. My company have over 700 servers, and 3/4 of them are internal systems used for development and staging. As you can imagine, trying to add an SSH key to that many servers can take forever, and that is where this simple bash script comes in.

To use this script you will need to be using a bash terminal, and have sshpass installed, to do this select the install option for your system, and run the command in a terminal window

Ubuntu/Debian Systems

# sudo apt install -y sshpass

CentOS/Redhat Ssystems

# sudo yum install -y sshpass

# sudo dnf install -y sshpass   [Fedora 22 or above]

sshpass allows you to logon to SSH including your password in the command line, although not something you should leave hanging around once this script is finished with, for the purpose of this script is is essential.

This script removed the need to manually add your key to each server using the following command

# ssh-copy-id [email protected]

Imagine having to run that command 50 times, 100 times or more, each time typing in your password when prompted, pretty time consuming.

This little script will automatically carry out this action in a fraction of the time.

Next you need to create a .txt file contain a list of host names or IPs you need to get your key added to, creating this in your user folder (/home/<username>/) will make it easier to use. Each host or IP should be on a new line like so

host1
host2
host3
host4

I advise calling the file hosts.txt, this makes it easy to remember, and use when executing the script

Now create a new file called sshcopyid.sh, again I advise doing this in your user folder. Add the following to this file changing the words USER and PASSWORD for your own details

#!/bin/bash

remotehosts="$1"
username="USER"
password="PASSWORD"

for host in `cat ${remotehosts}`
do
sshpass -p${password} ssh-copy-id -o StrictHostKeyChecking=no ${username}@${host}
echo "Uploaded key to " ${host}
done

echo "Finished!"

Once saved, you need to set the permissions as follows

# sudo chmod 766 sshcopyid.sh

Your script is now ready to run. Make sure you have all the host names or IPs needed in the hosts.txt file and use the following command to run it

./sshcopyid.sh ~/hosts.txt

The script will now cycle through each host name or IP and add your SSH key to that system. If the password isn’t correct for any of the servers, a permission denied warning will be displayed in the terminal under the host name or IP. You can then amend the password in the script and re-run it.

2 Comments

  1. Pingback:The Life of Alan - Mass Distribution Of SSH Keys Across Server Estate

  2. Avatar
    Hans Bergger

    This is handy to have in the arsenal, I have a stack of servers to deal with, and this makes it simple to access to the systems

Leave a Comment

%d bloggers like this: