Table of content

www.kudos.be

Management scripts

update_ssh.pl

This script activates SSH public keys on the client host into the designated repository based on the configuration in the access, alias and keys configuration files.

Syntax:

$ pod2text update_ssh.pl

		  update_ssh.pl [-d|--debug]
				[-h|--help]
				([-p|--preview] [-g|--global]) | [-r|--remove]
				[-v|--verbose]
				[-V|--version]

Note:

  • update_ssh.pl requires a correctly configured update_ssh.conf or update_ssh.conf.local in order to work.
  • this script should only be run on the client hosts (unless the SSH master is also its own client) and requires root privileges


manage_ssh.sh

This script is the administrative wrapper script and performs basic functions for SSH controls such as:

  • distribute the SSH controls files (copy)
  • trigger a SSH keys update locally or remote (apply)
  • create SSH key fingerprints
  • discover SSH host keys

Note:


Syntax:

$ manage_ssh.sh --help

**** manage_ssh.sh ****
**** (c) KUDOS BVBA - Patrick Van der Veken ****

Performs basic functions for SSH controls: update SSH keys locally or
remote, create SSH key fingerprints or copy/distribute the SSH controls files

Syntax: ./manage_ssh.sh [--help] | (--backup | --check-syntax | --preview-global | --make-finger | --update ) |
            (--apply [--slave] [--remote-dir=<remote_directory>] [--targets=<host1>,<host2>,...]) |
            ((--copy|--distribute) [--slave] [--remote-dir=<remote_directory> [--targets=<host1>,<host2>,...]]) |
            (--discover [--targets=<host1>,<host2>,...]) |
            ([--fix-local --fix-dir=<repository_dir> [--fix-user=<unix_account>] [--create-dir]] |
 	     [--fix-remote [--slave] [--create-dir] [--targets=<host1>,<host2>,...]])
            [--local-dir=<local_directory>] [--no-log] [--log-dir=<log_directory>] [--debug]

Parameters:

--alias             : name of the alias to process
--apply|-a          : apply SSH controls remotely (~targets)
--backup|-b         : create a backup of the SSH controls repository (SSH master)
--check-syntax|-s   : do basic syntax checking on SSH controls configuration
                      (access, alias & keys files)
--copy|-c           : copy SSH control files to remote host (~targets)
--create-dir        : also create missing directories when fixing the SSH controls
                      repository (see also --fix-local/--fix-remote)
--debug             : print extra status messages on STDERR
--discover|-d       : discover SSH host keys (STDOUT)
--distribute        : same as --copy
--fix-dir           : location of the local SSH controls client repository
--fix-local         : fix permissions on the local SSH controls repository
                      (local SSH controls repository given by --fix-dir)
--fix-remote        : fix permissions on the remote SSH controls repository
--fix-user          : UNIX account to own SSH controls files [default: current user]
--help|-h           : this help text
--local-dir         : location of the SSH control files on the local filesystem.
                      [default: see LOCAL_DIR setting]
--log-dir           : specify a log directory location.
--no-log            : do not log any messages to the script log file.
--make-finger|-m    : create (local) key fingerprints file
--preview-global|-p : dump the global access namespace (after alias resolution)
--remote-dir        : directory where SSH control files are/should be
                      located/copied on/to the target host
                      [default: see REMOTE_DIR setting]
--resolve-alias|-r  : resolve an alias into its individual components
--slave             : perform actions in master->slave mode
--targets           : comma-separated list of target hosts or @groups to operate on.
                      Overrides hosts/@groups contained in the 'targets' file.
--update|-u         : apply SSH controls locally

--version|-V        : show the script version/release/fix

Note 1: copy and apply actions are run in parallel across a maximum of clients
        at the same time [default: see MAX_BACKGROUND_PROCS setting]

Note 2: for fix and apply actions: make sure correct 'sudo' rules are setup
        on the target systems to allow the SSH controls script to run with
        elevated privileges.

Note 3: only GLOBAL configuration files will be distributed to target hosts.


convert_pubkey.pl

This helper script converts a standard public key into the format required by the SSH Controls framework.

$ pod2text convert_pubkey.pl 

		update_ssh.pl -f|--file=<public_key> -l|--label=<label_name>
					  [-h|--help]   
					  [-V|--version]

whereby:

  • public_key: represents the OpenSSH or RFC4716 public key file. (See als the FAQ on key formats)
  • label_name : represent a label that denotes the key in the access & alias master configuration files.

Note: convert_pubkey.pl only support RSA keys.




Backlinks: Projects:SSH Controls Projects:SSH Controls:Configuring a client host Projects:SSH Controls:Discovering SSH host keys Projects:SSH Controls:FAQ Projects:SSH Controls:Master configuration files Projects:SSH Controls:Master to slave operations Projects:SSH Controls:Requirements & components Projects:SSH Controls:Setting up an SSH master Projects:SSH Controls:Troubleshooting tips Projects:SSH Controls:Updating a client host Projects:SUDO Controls:Configuring a client host Projects:SUDO Controls:Requirements & components Projects:SUDO Controls:Updating a client host