update_ssh.pl

This script activates SSH public keys on the client host into the designated repository based on the configuration in the access, alias and keys configuration files.

Syntax:

$ pod2text update_ssh.pl

	  update_ssh.pl [-d|--debug]
			[-h|--help]
			([-p|--preview] [-g|--global]) | [-r|--remove]
			[-v|--verbose]
			[-V|--version]

:pushpin: update_ssh.pl requires a correctly configured update_ssh.conf or update_ssh.conf.local in order to work.

:pushpin: this script should only be run on the client hosts (unless the SSH master is also its own client) and requires root privileges

manage_ssh.sh

This script is the administrative wrapper script and performs basic functions for SSH controls such as:

  • distribute the SSH controls files (copy)
  • trigger a SSH keys update locally or remote (apply)
  • create SSH key fingerprints
  • discover SSH host keys

:pushpin: manage_ssh.sh requires a correctly configured manage_ssh.conf or manage_ssh.conf.local in order to work.

Syntax:

$ manage_ssh.sh --help

**** manage_ssh.sh ****
**** (c) KUDOS BVBA - Patrick Van der Veken ****

Performs basic functions for SSH controls: update SSH keys locally or
remote, create SSH key fingerprints or copy/distribute the SSH controls files

Syntax: ./manage_ssh.sh [--help] | (--backup | --check-syntax | --preview-global | --make-finger | --update ) |
    (--apply [--slave] [--remote-dir=<remote_directory>] [--targets=<host1>,<host2>,...]) |
    ((--copy|--distribute) [--slave] [--remote-dir=<remote_directory> [--targets=<host1>,<host2>,...]]) |
    (--discover [--targets=<host1>,<host2>,...]) |
    ([--fix-local --fix-dir=<repository_dir> [--fix-user=<unix_account>] [--create-dir]] |
 	[--fix-remote [--slave] [--create-dir] [--targets=<host1>,<host2>,...]])
    [--local-dir=<local_directory>] [--no-log] [--log-dir=<log_directory>] [--debug]

Parameters:

--alias             : name of the alias to process
--apply|-a          : apply SSH controls remotely (~targets)
--backup|-b         : create a backup of the SSH controls repository (SSH master)
--check-syntax|-s   : do basic syntax checking on SSH controls configuration
                      (access, alias & keys files)
--copy|-c           : copy SSH control files to remote host (~targets)
--create-dir        : also create missing directories when fixing the SSH controls
                      repository (see also --fix-local/--fix-remote)
--debug             : print extra status messages on STDERR
--discover|-d       : discover SSH host keys (STDOUT)
--distribute        : same as --copy
--fix-dir           : location of the local SSH controls client repository
--fix-local         : fix permissions on the local SSH controls repository
                      (local SSH controls repository given by --fix-dir)
--fix-remote        : fix permissions on the remote SSH controls repository
--fix-user          : UNIX account to own SSH controls files [default: current user]
--help|-h           : this help text
--local-dir         : location of the SSH control files on the local filesystem.
                      [default: see LOCAL_DIR setting]
--log-dir           : specify a log directory location.
--no-log            : do not log any messages to the script log file.
--make-finger|-m    : create (local) key fingerprints file
--preview-global|-p : dump the global access namespace (after alias resolution)
--remote-dir        : directory where SSH control files are/should be
                      located/copied on/to the target host
                      [default: see REMOTE_DIR setting]
--resolve-alias|-r  : resolve an alias into its individual components
--slave             : perform actions in master->slave mode
--targets           : comma-separated list of target hosts or @groups to operate on.
                      Overrides hosts/@groups contained in the 'targets' file.
--update|-u         : apply SSH controls locally
--version|-V        : show the script version/release/fix

Note 1: copy and apply actions are run in parallel across a maximum of clients
        at the same time [default: see MAX_BACKGROUND_PROCS setting]
Note 2: for fix and apply actions: make sure correct 'sudo' rules are setup
        on the target systems to allow the SSH controls script to run with
        elevated privileges.
Note 3: only GLOBAL configuration files will be distributed to target hosts.

convert_pubkey.pl

This helper script converts a standard public key into the format required by the SSH Controls framework.

$ pod2text convert_pubkey.pl

	update_ssh.pl -f|--file=<public_key> -l|--label=<label_name>
				  [-h|--help]   
				  [-V|--version]

whereby:

  • public_key: represents the OpenSSH or RFC4716 public key file. (See also the FAQ on key formats)
  • label_name : represent a label that denotes the key in the access & alias master configuration files.

:pushpin: convert_pubkey.pl only support RSA keys.

Updated:

Leave a comment