SSH-COPY-ID on AIX. SSH remote AIX’s box without password

I’m sure most unix administrators knows the utility ‘ssh-copy-id’  part of OpenSSH. It’s very useful when we need to exchange SSH keys between hosts.
This simple shell script is available on most Linux distros, but it’s not available on AIX.  As ssh-copy-id is a simple script it will work on AIX as in Linux.

Here’s the code:

#!/bin/sh

# Shell script to install your public key on a remote machine
# Takes the remote machine name as an argument.
# Obviously, the remote machine must accept password authentication,
# or one of the other keys in your ssh-agent, for this to work.

ID_FILE="${HOME}/.ssh/id_rsa.pub"

if [ "-i" = "$1" ]; then
  shift
  # check if we have 2 parameters left, if so the first is the new ID file
  if [ -n "$2" ]; then
    if expr "$1" : ".*\.pub" > /dev/null ; then
      ID_FILE="$1"
    else
      ID_FILE="$1.pub"
    fi
    shift         # and this should leave $1 as the target name
  fi
else
  if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then
    GET_ID="$GET_ID ssh-add -L"
  fi
fi

if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then
  GET_ID="cat \"${ID_FILE}\""
fi

if [ -z "`eval $GET_ID`" ]; then
  echo "$0: ERROR: No identities found" >&2
  exit 1
fi

if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
  echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2
  exit 1
fi

# strip any trailing colon
host=`echo $1 | sed 's/:$//'`

{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1

cat <<EOF
Now try logging into the machine, with "ssh '$host'", and check in:

  ~/.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

EOF

Let’s modify permissions:

[root@lpar:/] chmod 755 ssh-copy-id

Generate SSHs keys for the user, using ssh-keygen command:

[root@lpar:/] ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
37:f9:e6:67:23:17:eb:ad:d1:03:21:35:3d:34:38:56 user@lpar
The key's randomart image is:
+--[ RSA 2048]----+
|             o=E |
|            .+.o.|
|           .... .|
|           .. .  |
|        S +  .   |
|         . o  o. |
|            o .+.|
|           o. *o.|
|            .*oo.|
+-----------------+

Before execute ssh-copy-id, we need to know the syntaxis. The next bellowed is run only the first time, because it will create authorized_keys file on the remote side.

[user@lpar:/] ssh-copy-id remoteuser@remoteserver

Let’s see with an example.

We’ll set SSH Keys from user@lpar to user@remoteserver.

[user@lpar:/home/user] ./ssh-copy-id user@remoteserver
The authenticity of host 'remoteserver (172.17.32.102)' can't be established.
RSA key fingerprint is 8f:81:b7:3c:21:14:37:33:d3:af:9a:45:05:f9:73:a1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'remoteserver,172.17.32.102' (RSA) to the list of known hosts.
user@remoteserver's password:
Now try logging into the machine, with "ssh 'user@remoteserver'", and check in:

  ~/.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
[user@lpar:/home/user]

Once it has finished, we can verify we can ssh the remote user without prompt password. See:

[user@lpar:/home/user] ssh user@remoteserver
*******************************************************************************
*                                                                             *
*  Welcome to remoteserver!                                                   *
*                                                                             *
*******************************************************************************
Last unsuccessful login: Fri Sep  9 11:33:00 DFT 2011 on ssh from 172.21.10.78
Last login: Mon Nov 17 16:46:06 NFT 2014 on ssh from 172.16.32.104

[YOU HAVE NEW MAIL]
():[user] /home/user ->

That’s it!!

Just thanks if the post was helpful

5 (2)
Article Rating (2 Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
AIX, System Admin Configuring dsh DSH
Viewed 3702 times since Fri, Apr 19, 2019
AIX - How to get IP and MAC address of ethernet adapter in AIX
Viewed 23815 times since Fri, Jun 8, 2018
AIX: Configuring a network interface
Viewed 3005 times since Sat, Jun 2, 2018
Using Kerberos security with Server for NFS
Viewed 9166 times since Wed, Jun 27, 2018
O’Reilly’s CD bookshelf
Viewed 11683 times since Wed, Jun 27, 2018
AIX, Monitoring, Networking, Red Hat, Security, System Admin↑ Determining type of system remotely
Viewed 2038 times since Fri, Apr 19, 2019
Recovery from LED 552, 554, or 556 in AIX
Viewed 2408 times since Tue, Apr 16, 2019
Install and configure yum on AIX
Viewed 4353 times since Thu, Feb 21, 2019
Tunneling With SSH to Your Destination
Viewed 3939 times since Wed, May 30, 2018
Problem on resizing volume group on AIX 0516-1714, 0516-792, 0516-787, and 0516-404
Viewed 2355 times since Fri, Jul 6, 2018