Table of content

Management scripts

This script activates SSH public keys on the client host into the designated repository based on the configuration in the access, alias and keys configuration files.


$ pod2text [-d|--debug]
				([-p|--preview] [-g|--global]) | [-r|--remove]


  • requires a correctly configured update_ssh.conf or update_ssh.conf.local in order to work.
  • this script should only be run on the client hosts (unless the SSH master is also its own client) and requires root privileges

This script is the administrative wrapper script and performs basic functions for SSH controls such as:

  • distribute the SSH controls files (copy)
  • trigger a SSH keys update locally or remote (apply)
  • create SSH key fingerprints
  • discover SSH host keys



$ --help

**** ****
**** (c) KUDOS BVBA - Patrick Van der Veken ****

Performs basic functions for SSH controls: update SSH keys locally or
remote, create SSH key fingerprints or copy/distribute the SSH controls files

Syntax: ./ [--help] | (--backup | --check-syntax | --preview-global | --make-finger | --update ) |
            (--apply [--slave] [--remote-dir=<remote_directory>] [--targets=<host1>,<host2>,...]) |
            ((--copy|--distribute) [--slave] [--remote-dir=<remote_directory> [--targets=<host1>,<host2>,...]]) |
            (--discover [--targets=<host1>,<host2>,...]) |
            ([--fix-local --fix-dir=<repository_dir> [--fix-user=<unix_account>] [--create-dir]] |
 	     [--fix-remote [--slave] [--create-dir] [--targets=<host1>,<host2>,...]])
            [--local-dir=<local_directory>] [--no-log] [--log-dir=<log_directory>] [--debug]


--alias             : name of the alias to process
--apply|-a          : apply SSH controls remotely (~targets)
--backup|-b         : create a backup of the SSH controls repository (SSH master)
--check-syntax|-s   : do basic syntax checking on SSH controls configuration
                      (access, alias & keys files)
--copy|-c           : copy SSH control files to remote host (~targets)
--create-dir        : also create missing directories when fixing the SSH controls
                      repository (see also --fix-local/--fix-remote)
--debug             : print extra status messages on STDERR
--discover|-d       : discover SSH host keys (STDOUT)
--distribute        : same as --copy
--fix-dir           : location of the local SSH controls client repository
--fix-local         : fix permissions on the local SSH controls repository
                      (local SSH controls repository given by --fix-dir)
--fix-remote        : fix permissions on the remote SSH controls repository
--fix-user          : UNIX account to own SSH controls files [default: current user]
--help|-h           : this help text
--local-dir         : location of the SSH control files on the local filesystem.
                      [default: see LOCAL_DIR setting]
--log-dir           : specify a log directory location.
--no-log            : do not log any messages to the script log file.
--make-finger|-m    : create (local) key fingerprints file
--preview-global|-p : dump the global access namespace (after alias resolution)
--remote-dir        : directory where SSH control files are/should be
                      located/copied on/to the target host
                      [default: see REMOTE_DIR setting]
--resolve-alias|-r  : resolve an alias into its individual components
--slave             : perform actions in master->slave mode
--targets           : comma-separated list of target hosts or @groups to operate on.
                      Overrides hosts/@groups contained in the 'targets' file.
--update|-u         : apply SSH controls locally

--version|-V        : show the script version/release/fix

Note 1: copy and apply actions are run in parallel across a maximum of clients
        at the same time [default: see MAX_BACKGROUND_PROCS setting]

Note 2: for fix and apply actions: make sure correct 'sudo' rules are setup
        on the target systems to allow the SSH controls script to run with
        elevated privileges.

Note 3: only GLOBAL configuration files will be distributed to target hosts.

This helper script converts a standard public key into the format required by the SSH Controls framework.

$ pod2text -f|--file=<public_key> -l|--label=<label_name>


  • public_key: represents the OpenSSH or RFC4716 public key file. (See als the FAQ on key formats)
  • label_name : represent a label that denotes the key in the access & alias master configuration files.

Note: only support RSA keys.

Backlinks: Projects:SSH Controls Projects:SSH Controls:Configuring a client host Projects:SSH Controls:Discovering SSH host keys Projects:SSH Controls:FAQ Projects:SSH Controls:Master configuration files Projects:SSH Controls:Master to slave operations Projects:SSH Controls:Requirements & components Projects:SSH Controls:Setting up an SSH master Projects:SSH Controls:Troubleshooting tips Projects:SSH Controls:Updating a client host Projects:SUDO Controls:Configuring a client host Projects:SUDO Controls:Requirements & components Projects:SUDO Controls:Updating a client host