This will update one or more client hosts remotely from the SSH master
Requirements
A working SSH login for the sshadmin user for each of the client hosts you wish to update (chicken-and-the-egg!)
A running SSH agent that will propagate sshadmin’s private key to each of the client hosts upon remote access/control (so that you do not have to enter the passphrase at each connection!)
SUDO rules for the SSH Controls must be pre-configured on each of the client hosts you wish to update (run as root)
Step 1: Distribute/copy the latest configuration (mappings + key files) to the client systems
What does it do?
Syncs all configuration, scripts & public key files from the SSH master to client systems into the /etc/ssh_controls/holding directory (via SFTP)
How to do it?
Logon the SSH master server and become sshadmin.
Choice 1: execute a global distribution
(=all client systems configured in the targets files):
Distribution to multiple client systems will be done in parallel (background). Be aware that this will cause log messages to be multiplexed (out-of-sync).
Output has been truncated for convenience.
Choice 2: execute a limited distribution
By using the --targets command-line parameter with a comma-separated list of hostnames:
Step 2: Updating the authorized keys on the client systems
What does it do?
Runs the update_ssh.pl script remotely and updates the SSH public keys in /etc/ssh_controls/keys.d on each client host.
How to do it?:
Logon the SSH master server and become sshadmin
Choice 1: execute a global update
(=all client systems configured in the targets files):
Distribution to multiple client systems will be done in parallel (background). Beware that this will cause log messages to be multiplexed (out-of-sync).
Output has been truncated for convenience.
Choice 2: execute a limited distribution
using the --targets command-line parameter (comma-separated list):
Updating clients locally
This will update a single client host from its own local repository.
Requirements
A working SSH logon for the sshadmin user for each of the client hosts you wish to update (chicken-and-the-egg!)
SUDO rules for the SSH Controls must be pre-configured on each of the client hosts you wish to update -OR- full root access locally.
Procedure
When refreshing the SSH public keys locally on a client you can only use the current locally available configuration data from the /etc/ssh_controls/holding directory.
**Login **to the client host and become sshadmin
Execute the local update (as non-root user), e.g.:
-OR-
Execute the local update directly using the Perl script:
Output of both commands is to similar to those of remote updates (see above).
Leave a comment