Ssh 키를 대신 등록하기

1 개요[ | ]

클라이언트A를 통해 클라이언트B의 키를 서버에 등록하는 방법

서버가 SSH 키 접속만 허용하는 경우, 키가 등록된 클라이언트를 통해서만 ssh로 접속하여 키를 등록할 수 있다.

클라이언트A에서 다음을 실행

ssh target-server "echo `cat client_b.id_rsa.pub` >> .ssh/authorized_keys"

2 앱[ | ]

#!/bin/sh

KEY=$1
LST=$2
LOG=./ssh-copy-id-delegator.log

if [ "$#" -ne 2 ]; then
  echo "Usage: $0 <PUB KEY> <HOST LIST>" >&2
  exit 1
fi

echo | tee -a $LOG
echo '============================================================================================================' | tee -a $LOG

while read H; do
	D=$(date +"%Y-%m-%d %H:%M:%S")
  RET=$(ssh -n $H "echo `cat $KEY` >> .ssh/authorized_keys; sort -u ~/.ssh/authorized_keys -o ~/.ssh/authorized_keys" 2>&1)
  if [[ "$?" -eq "0" ]]; then
    printf "%20s  %20s  -> %30s  %s  %s\n" "$D" $KEY $H SUCC | tee -a $LOG
  else
  	printf "%20s  %20s  -> %30s  %s  %s\n" "$D" $KEY $H FAIL "`echo $RET | sed -e 's/.*: //g'`" | tee -a $LOG
  fi
done < $LST

echo '============================================================================================================' | tee -a $LOG

실행

$ ./ssh-copy-id-delegator.sh client_b.id_rsa.pub server_list.txt
============================================================================================================
 2021-02-03 13:39:54    lient_b.id_rsa.pub  ->                       server_a  FAIL  Connection refused
 2021-02-03 13:40:04    lient_b.id_rsa.pub  ->                       server_b  SUCC
 2021-02-03 13:40:05    lient_b.id_rsa.pub  ->                       server_c  FAIL  Operation timed out

3 같이 보기[ | ]

sshd_config