Task: add a local user to about 1000 machines.
Pre-requisits: there are private/public key authentication setup already.
The trick was to prevent ssh to ask a password in any circumstances.
First I prepared a very simple script:
#!/bin/sh
getent passwd user > /dev/null
USERCHECK=$?
getent passwd 6211 > /dev/null
IDCHECK=$?
if [ $USERCHECK -eq 2 ] && [ $IDCHECK -eq 2 ]; then
echo 'user::6211:10:Test Account:/usr/local/home/user:/bin/sh' \
>> /etc/passwd
echo 'user:dkadDSKJhfakj38LDJ:6211::::::' \
>> /etc/shadow
mkdir -p /usr/local/home/user/.ssh
echo 'ssh-dss (some public key here) user@host' \
>> /usr/local/home/user/.ssh/authorized_keys
chown -R user /usr/local/home/user
grep '[^#]PubkeyAuthentication no' /etc/ssh/sshd_config \
2>&1 > /dev/null
if [ $? != 0 ] ; then
echo PubkeyAuthentication might be disallowed on this system!
echo Please check it manually in /etc/ssh/sshd_config
fi
fi
The reason I create home in /usr/local/home and not in /home is, that some machines can have /home filesystem auto-mounted by NFS.
And now the difficult part. How to avoid machines asking for a password?
One approach would be to use either expect language (see my previous post about scripting in expect) or to use dedicated tool like sshpass.
But I tough there must be some more simple way to do that. And I found the solution. Key is to use ssh option „BatchMode=yes“.
The script then looks like this:
#!/bin/bash
for IP in `cat ips.list`
do
scp -o StrictHostKeyChecking=no \
-o BatchMode=yes \
add_user.sh root@$IP:
if [ $? == 0 ] ; then
ssh -o StrictHostKeyChecking=no \
-o BatchMode=yes \
root@$IP 'sh ./add_user.sh'
fi
done
Napsat komentář
Pro přidávání komentářů se musíte nejdříve přihlásit.