How to set up password-less SSH for all users

I can set up password-less SSH for a single user by doing the following:

1) Generate RSA key pair for the local machine in ~/.ssh

2) Copy the local machine's public key to the remote machine's ~/.ssh/authorized_keys

But is there a way to do this action for all users? Perhaps doing the same steps as above in /root/.ssh or something? Or is there a good way for root user to deploy keys and modify authorized_key lists in every users' ~/.ssh directory?

Thanks.

tomocafe

Posted 2014-05-29T18:24:25.867

Reputation: 371

Answers

If you want to provide password-less access for all users to a single remote host, then OpenSSH supports host-based public key authentication that user's the host key of the client to authenticate to the server and /etc/ssh/shosts.equiv to authorize users.

There is a good guide on how to configure it here: http://en.wikibooks.org/wiki/OpenSSH/Cookbook/Host-based_Authentication

djm

Posted 2014-05-29T18:24:25.867

Reputation: 76

How about something like this?

for u in $USERLIST; do
    su $u
    ssh-keygen [options] -f /home/$u/.ssh/id_rsa
    scp /home/$u/.ssh/id_rsa.pub $REMOTEHOST:/home/$u/.ssh/authorized_keys
    exit
done

Of course this involves typing a lot of passwords for the scp. You could do it all as root to avoid typing passwords (assuming your root passwordless ssh is set up), but then you'd have to chown everything:

for u in $USERLIST; do
    ssh-keygen [options] -f /home/$u/.ssh/id_rsa

    # assuming "users" is the common group on the system
    chown $u:users /home/$u/.ssh/id_rsa

    # use -a to preserve ownership
    rsync -av /home/$u/.ssh/id_rsa.pub $REMOTEHOST:/home/$u/.ssh/authorized_keys
done

And of course you need to make sure each user's home directory and .ssh directory has the correct permissions (on both machines) when you're done.

dg99

Posted 2014-05-29T18:24:25.867

Reputation: 525