Make change to config files on multiple servers using SSH

Question

Problem:

I'm trying to disable SSH password auth for multiple servers. Which means I have to modify the sshd_config file. From

#PasswordAuthentication yes

to

PasswordAuthentication no

I really don't wanna do it one by one. Is there any ways that I can distribute/modify the config file on multiple servers with a single command?

Assumptions you can make:

Other notes:

I set the config file to listen different address and/or port on each server.

So this could not be done by downloading the updated config file from a central server.

I prefer a text replacement command to do the job

Given the additional constraint, the answer would very likely depend on whether you can ssh into different servers as root, or if it's possible to run sudo without password to obtain root privilege. — Abel Cheung
– Abel Cheung, Commented Jul 10, 2015 at 12:01
yes, I can ssh all those servers as root, and broadcast the command — Shiji.J
– Shiji.J, Commented Jul 10, 2015 at 12:02
Super lazy For SERVER in $(cat servers.txt);do scp sshd_conf root@$SERVER:/etc/ssh/sshd_conf;done — TheFiddlerWins
– TheFiddlerWins, Commented Jul 10, 2015 at 20:55

Sven · Accepted Answer · 2015-07-10 12:00:34Z

Look into configuration management tools like Puppet, Ansible or cfengine. They are helpful in the long run.

For a one-off, you could use Augeas, that make this change extremly easy, or even sed, which is present on most systems without further installs.

sed -i s/\#PasswordAuthentication\ yes/PasswordAuthentication\ no/ /etc/ssh/sshd_config

This can be sent in a simple ssh command:

ssh user@server sed ......

And, in order to do it faster, install pssh (= parallell ssh) and use it to run the command - it'll give you nice output on where it worked and where it failed. — Jenny D
– Jenny D, Commented Jul 11, 2015 at 10:58

1 Answer 1