Enabling bulk logins on multiple hosts for multiple users
Sometimes it makes sense to let users log into other machines without having to set up authentication themselves. The easiest way to do this is to create and modify all the files on one machine, as described in the following procedure, and then use tar and ssh in a pipe to transfer them to the other hosts.
HostbasedAuthenticationin /etc/ssh/sshd_config configuration files on all hosts.
Your client configuration is in /etc/ssh/ssh_config. All hosts should have
HostbasedAuthentication yesset there, and if they have a
PreferredAuthenticationsstatement, it should list
hostbasedfirst. The hosts’ private keys should be readable only by root (otherwise, the key would not be all that secret). Exactly what is needed to get SSH access to the keys depends on the version. If your SSH package includes an executable called ssh-keysign, it must be SUID root (it may not be installed that way, so you must check this manually) and must provide the signing service that proves the host’s identity in the key exchange. If the package does not contain ssh-keysign, make sure the ssh executable is SUID root through chmod u+s /usr/bin/ssh.
On each host, create /etc/ssh/shosts.equiv. This file defines the hosts with equivalent security levels. In these ...