Site icon DesignLinux

Setup Passwordless SSH Login for Multiple Remote Servers Using Script

designlinux

SSH Key-based authentication (also known as public-key authentication) allows for password-less authentication and it is a more secure and a much better solution than password authentication. One major advantage of SSH password-less login, let alone security is that it allows for automation of various kinds of cross-server processes.

Related Read: How to Secure and Harden OpenSSH Server

In this article, we will demonstrate how to create an SSH key pair and copy the public key to multiple remote Linux hosts at once, with a shell script.

Create a New SSH Key in Linux

First, generate the SSH key pair (the private/identity key that an SSH client uses to authenticate itself when logging into a remote SSH server and the public key stored as an authorized key on a remote system running an SSH server) using the ssh-keygen command as follows:

# ssh-keygen
Generate SSH Key in Linux

Create a Shell Script for Mulitple Remote Logins

Next, create a shell script that will help in copying a public key to multiple remote Linux hosts.

# vim ~/.bin/ssh-copy.sh

Copy and paste the following code in the file (replace the following variables accordingly USER_NAME – the username to connect with, HOST_FILE – a file which contains the list of hostnames or IP addresses, and ERROR_FILE – a file to store any ssh command errors).

#!/bin/bash
USER_NAME="root"
HOST_FILE="/root/hosts"
ERROR_FILE="/tmp/ssh-copy_error.txt"
PUBLIC_KEY_FILE="$1"

if [ ! -f  $PUBLIC_KEY_FILE ]; then
        echo "File '$PUBLIC_KEY_FILE' not found!"
        exit 1
fi

if [ ! -f $HOST_FILE ]; then
        echo "File '$HOST_FILE' not found!"
        exit 2
fi

for IP in `cat $HOST_FILE`; do
        ssh-copy-id -i $PUBLIC_KEY_FILE [email protected]$IP 2>$ERROR_FILE
        RESULT=$?
        if [ $RESULT -eq 0 ]; then
                echo ""
                echo "Public key successfully copied to $IP"
                echo ""
        else
                echo "$(cat  $ERROR_FILE)"
                echo 
                exit 3
        fi
        echo ""
done

Save the file and close it.

Then make the script executable with the chmod command as shown.

# chmod +x ssh-copy.sh

Now run the ssh-copy.sh script and specify your public key file as the first argument as shown in the screenshot:

# ./ssh-copy.sh /root/.ssh/prod-rsa.pub
Run SSH Copy Script

Next, use ssh-agent to manage your keys, which holds your decrypted private key in memory and uses it to authenticate logins. After starting the ssh-agent, add your private key to it as follows:

# eval "$(ssh-agent -s)"
# ssh-add  ~/.ssh/prod_rsa
Start SSH Agent

Login to Remote Linux Server without Password

Now you can log into any of your remote hosts without providing a password for SSH user authentication. This way, you can automate cross-server processes.

# ssh [email protected]
SSH Passwordless Login

That’s all we had for you! If you have any contribution(s) to make particularly towards improving the shell script, let us know via the feedback form below.

Exit mobile version