Enabling bulk logins on multiple hosts for multiple users

Sometimes it makes sense to let users log into other machines without having to set up authentication themselves. The easiest way to do this is to create and modify all the files on one machine, as described in the following procedure, and then use tar and ssh in a pipe to transfer them to the other hosts.

  1. Enable HostbasedAuthentication in /etc/ssh/sshd_config configuration files on all hosts.

  2. Your client configuration is in /etc/ssh/ssh_config. All hosts should have HostbasedAuthentication yes set there, and if they have a PreferredAuthentications statement, it should list hostbased first. The hosts’ private keys should be readable only by root (otherwise, the key would not be all that secret). Exactly what is needed to get SSH access to the keys depends on the version. If your SSH package includes an executable called ssh-keysign, it must be SUID root (it may not be installed that way, so you must check this manually) and must provide the signing service that proves the host’s identity in the key exchange. If the package does not contain ssh-keysign, make sure the ssh executable is SUID root through chmod u+s /usr/bin/ssh.

  3. On each host, create /etc/ssh/shosts.equiv. This file defines the hosts with equivalent security levels. In these ...

Get LPI Linux Certification in a Nutshell, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.