update_ssh.pl
This script activates SSH public keys on the client host into the designated repository based on the configuration in the access
, alias
and keys
configuration files.
Syntax:
$ pod2text update_ssh.pl
update_ssh.pl [ -d |--debug]
[ -h |--help]
([ -p |--preview] [ -g |--global]) | [ -r |--remove]
[ -v |--verbose]
[ -V |--version]
update_ssh.pl
requires a correctly configured update_ssh.conf
or update_ssh.conf.local
in order to work.
this script should only be run on the client hosts (unless the SSH master is also its own client) and requires root privileges
manage_ssh.sh
This script is the administrative wrapper script and performs basic functions for SSH controls such as:
distribute the SSH controls files (copy )
trigger a SSH keys update locally or remote (apply )
create SSH key fingerprints
discover SSH host keys
manage_ssh.sh
requires a correctly configured manage_ssh.conf
or manage_ssh.conf.local
in order to work.
Syntax:
$ manage_ssh.sh --help
**** manage_ssh.sh ****
**** ( c) KUDOS BVBA - Patrick Van der Veken ****
Performs basic functions for SSH controls: update SSH keys locally or
remote, create SSH key fingerprints or copy/distribute the SSH controls files
Syntax: ./manage_ssh.sh [ --help ] | ( --backup | --check-syntax | --preview-global | --make-finger | --update ) |
( --apply [ --slave ] [ --remote-dir = <remote_directory>] [ --targets = <host1>,<host2>,...]) |
(( --copy |--distribute) [ --slave ] [ --remote-dir = <remote_directory> [ --targets = <host1>,<host2>,...]]) |
( --discover [ --targets = <host1>,<host2>,...]) |
([ --fix-local --fix-dir = <repository_dir> [ --fix-user = <unix_account>] [ --create-dir ]] |
[ --fix-remote [ --slave ] [ --create-dir ] [ --targets = <host1>,<host2>,...]])
[ --local-dir = <local_directory>] [ --no-log ] [ --log-dir = <log_directory>] [ --debug ]
Parameters:
--alias : name of the alias to process
--apply |-a : apply SSH controls remotely ( ~targets)
--backup |-b : create a backup of the SSH controls repository ( SSH master)
--check-syntax |-s : do basic syntax checking on SSH controls configuration
( access, alias & keys files)
--copy |-c : copy SSH control files to remote host ( ~targets)
--create-dir : also create missing directories when fixing the SSH controls
repository ( see also --fix-local /--fix-remote)
--debug : print extra status messages on STDERR
--discover |-d : discover SSH host keys ( STDOUT)
--distribute : same as --copy
--fix-dir : location of the local SSH controls client repository
--fix-local : fix permissions on the local SSH controls repository
( local SSH controls repository given by --fix-dir )
--fix-remote : fix permissions on the remote SSH controls repository
--fix-user : UNIX account to own SSH controls files [ default: current user]
--help |-h : this help text
--local-dir : location of the SSH control files on the local filesystem.
[ default: see LOCAL_DIR setting]
--log-dir : specify a log directory location.
--no-log : do not log any messages to the script log file.
--make-finger |-m : create ( local ) key fingerprints file
--preview-global |-p : dump the global access namespace ( after alias resolution)
--remote-dir : directory where SSH control files are/should be
located/copied on/to the target host
[ default: see REMOTE_DIR setting]
--resolve-alias |-r : resolve an alias into its individual components
--slave : perform actions in master->slave mode
--targets : comma-separated list of target hosts or @groups to operate on.
Overrides hosts/@groups contained in the 'targets' file.
--update |-u : apply SSH controls locally
--version |-V : show the script version/release/fix
Note 1: copy and apply actions are run in parallel across a maximum of clients
at the same time [ default: see MAX_BACKGROUND_PROCS setting]
Note 2: for fix and apply actions: make sure correct 'sudo' rules are setup
on the target systems to allow the SSH controls script to run with
elevated privileges.
Note 3: only GLOBAL configuration files will be distributed to target hosts.
convert_pubkey.pl
This helper script converts a standard public key into the format required by the SSH Controls framework.
$ pod2text convert_pubkey.pl
update_ssh.pl -f |--file= <public_key> -l |--label= <label_name>
[ -h |--help]
[ -V |--version]
whereby:
public_key
: represents the OpenSSH or RFC4716 public key file. (See also the FAQ on key formats)
label_name
: represent a label that denotes the key in the access
& alias
master configuration files.
convert_pubkey.pl
only support RSA keys.
Leave a comment