-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathHost-basedAuthentication.sh
More file actions
110 lines (80 loc) · 3.3 KB
/
Host-basedAuthentication.sh
File metadata and controls
110 lines (80 loc) · 3.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#!/bin/bash
# A UNIX / Linux shell script to add ssh authentication between machines.
# This script permit ssh authentication without password to all users.
# You can run script when you add a new machine to the cluster.
# Script must run as root or configure permission via sudo.
#--------------------------------------------------------------------------
# http://cert.uni-stuttgart.de/doc/ssh-host-based.html
# http://itg.chem.indiana.edu/inc/wiki/software/openssh/189.html
# Nodos en /root/bin/machines
# -------------------------------------------------------------------------
# Copyright (c) 2012 David Trigo <david.trigo@gmail.com>
# This script is licensed under GNU GPL version 3.0 or above
# -------------------------------------------------------------------------
# Last updated on : June-2012 - Script created.
# -------------------------------------------------------------------------
echo -ne "Introduce el nombre de la nueva maquina (FQDN): \t"
read PC
echo "Has introducido el nombre de la nueva maquina: $PC"
echo "Si no es correcto, no continues (NO)"
#Exportamos la clave de root para tener acceso desde el master sin pass
if [ ! -f /root/.ssh/id_dsa.pub ];then
ssh-keygen -t dsa -N "" -f /root/.ssh/id_dsa
fi
ssh-copy-id -i /root/.ssh/id_dsa.pub root@$PC
#Anadimos la maquina a la lista de hosts del cluster
echo $PC>>/root/bin/maquinas
#############################
# Comandos en el servidor #
#############################
#Agregamos la clave del host como conocida
ssh-keyscan -t rsa $PC >> /etc/ssh/ssh_known_hosts
#Agregamos el nombre de los hosts que tienen nombres identicos
cat /etc/ssh/ssh_known_hosts | cut -d" " -f1 > /etc/hosts.equiv
#Configuramos el servicio ssh
#Agregamos la posibilidad de acceso por host en la config del serv
grep ^HostbasedAuthentication /etc/ssh/sshd_config > /dev/null
if [ $? -ne 0 ];then
echo "HostbasedAuthentication yes">>/etc/ssh/sshd_config
fi
grep ^RhostsRSAAuthentication /etc/ssh/sshd_config > /dev/null
if [ $? -ne 0 ];then
echo "RhostsRSAAuthentication yes">>/etc/ssh/sshd_config
fi
#Permitimos tambien la conexion de root
grep ^IgnoreRhosts /etc/ssh/sshd_config > /dev/null
if [ $? -ne 0 ];then
echo "IgnoreRhosts no">>/etc/ssh/sshd_config
fi
#Agregamos las lineas al cliente de SSH para que pueda conectarse el server tambien a los nodos
grep ^HostbasedAuthentication /etc/ssh/ssh_config > /dev/null
if [ $? -ne 0 ];then
echo "HostbasedAuthentication yes">>/etc/ssh/ssh_config
fi
grep ^EnableSSHKeysign /etc/ssh/ssh_config > /dev/null
if [ $? -ne 0 ];then
echo "EnableSSHKeysign yes">>/etc/ssh/ssh_config
fi
#Reiniciamos el servicio ssh
/etc/init.d/sshd restart
#Ponemos los permisos correctos
if [ -f /usr/lib64/ssh/ssh-keysign ];then
chmod u+s /usr/lib64/ssh/ssh-keysign
else
chmod u+s /usr/lib/ssh/ssh-keysign
fi
############################
# Comandos en el cliente #
############################
scp /etc/ssh/sshd_config $PC:/etc/ssh/
scp /etc/ssh/ssh_config $PC:/etc/ssh/
ssh $PC "if [ -f /usr/lib64/ssh/ssh-keysign ];then chmod u+s /usr/lib64/ssh/ssh-keysign; else chmod u+s /usr/lib/ssh/ssh-keysign; fi"
for NODE in `cat /root/bin/maquinas`
do
echo $NODE:
scp /etc/hosts.equiv $NODE:/etc/hosts.equiv
scp /etc/ssh/ssh_known_hosts $NODE:/etc/ssh/ssh_known_hosts
/etc/init.d/sshd restart
done
unset PC
unset NODE