The password utility, pwdutil.pl, is bundled under the scripts directory. The users can run the utility in their script to set up the ssh and rsh connection automatically.
# ./pwdutil.pl -h Usage: Command syntax with simple format: pwdutil.pl check|configure|unconfigure ssh|rsh <hostname|IP addr> [<user>] [<password>] [<port>] Command syntax with advanced format: pwdutil.pl [--action|-a 'check|configure|unconfigure'] [--type|-t 'ssh|rsh'] [--user|-u '<user>'] [--password|-p '<password>'] [--port|-P '<port>'] [--hostfile|-f '<hostfile>'] [--keyfile|-k '<keyfile>'] [-debug|-d] <host_URI> pwdutil.pl -h | -?
Table: Options with pwdutil.pl utility
You can check, configure, and unconfigure ssh or rsh using the pwdutil.plutility. For example:
To check ssh connection for only one host:
pwdutil.pl check ssh hostname
To configure ssh for only one host:
pwdutil.pl configure ssh hostname user password
To unconfigure rsh for only one host:
pwdutil.pl unconfigure rsh hostname
To configure ssh for multiple hosts with same user ID and password:
pwdutil.pl -a configure -t ssh -u user -p password hostname1 hostname2 hostname3
To configure ssh or rsh for different hosts with different user ID and password:
pwdutil.pl -a configure -t ssh user1:password1@hostname1 user2:password2@hostname2
To check or configure ssh or rsh for multiple hosts with one configuration file:
pwdutil.pl -a configure -t ssh --hostfile /tmp/sshrsh_hostfile
To keep the host configuration file secret, you can use the 3rd party utility to encrypt and decrypt the host file with password.
For example:
### run openssl to encrypt the host file in base64 format # openssl aes-256-cbc -a -salt -in /hostfile -out /hostfile.enc enter aes-256-cbc encryption password: <password> Verifying - enter aes-256-cbc encryption password: <password> ### remove the original plain text file # rm /hostfile ### run openssl to decrypt the encrypted host file # pwdutil.pl -a configure -t ssh 'openssl aes-256-cbc -d -a -in /hostfile.enc' enter aes-256-cbc decryption password: <password>
To use the ssh authentication keys which are not under the default $HOME/.ssh
directory, you can use --keyfile option to specify the ssh keys. For example:
### create a directory to host the key pairs: # mkdir /keystore ### generate private and public key pair under the directory: # ssh-keygen -t rsa -f /keystore/id_rsa ### setup ssh connection with the new generated key pair under the directory: # pwdutil.pl -a configure -t ssh --keyfile /keystore/id_rsa user:password@hostname
You can see the contents of the configuration file by using the following command:
# cat /tmp/sshrsh_hostfile user1:password1@hostname1 user2:password2@hostname2 user3:password3@hostname3 user4:password4@hostname4 # all default: check ssh connection with local user hostname5 The following exit values are returned: 0 Successful completion. 1 Command syntax error. 2 Ssh or rsh binaries do not exist. 3 Ssh or rsh service is down on the remote machine. 4 Ssh or rsh command execution is denied due to password is required. 5 Invalid password is provided. 255 Other unknown error.