I can set up password-less SSH for a single user by doing the following:
1) Generate RSA key pair for the local machine in ~/.ssh
2) Copy the local machine's public key to the remote machine's ~/.ssh/authorized_keys
But is there a way to do this action for all users? Perhaps doing the same steps as above in /root/.ssh or something? Or is there a good way for root user to deploy keys and modify authorized_key lists in every users' ~/.ssh directory?
Thanks.
If you want to provide password-less access for all users to a single remote host, then OpenSSH supports host-based public key authentication that user's the host key of the client to authenticate to the server and /etc/ssh/shosts.equiv to authorize users.
There is a good guide on how to configure it here: http://en.wikibooks.org/wiki/OpenSSH/Cookbook/Host-based_Authentication
How about something like this?
for u in $USERLIST; do su $u ssh-keygen [options] -f /home/$u/.ssh/id_rsa scp /home/$u/.ssh/id_rsa.pub $REMOTEHOST:/home/$u/.ssh/authorized_keys exit done Of course this involves typing a lot of passwords for the scp. You could do it all as root to avoid typing passwords (assuming your root passwordless ssh is set up), but then you'd have to chown everything:
for u in $USERLIST; do ssh-keygen [options] -f /home/$u/.ssh/id_rsa # assuming "users" is the common group on the system chown $u:users /home/$u/.ssh/id_rsa # use -a to preserve ownership rsync -av /home/$u/.ssh/id_rsa.pub $REMOTEHOST:/home/$u/.ssh/authorized_keys done And of course you need to make sure each user's home directory and .ssh directory has the correct permissions (on both machines) when you're done.
