Google Git
Sign in
apache / hawq-docs / tutorial-proto / . / reference / cli / admin_utilities / hawqssh-exkeys.html.md.erb
blob: 2567faf870f2c02ce8a6250daea6902c08440485 [file] [log] [blame]
---
title: hawq ssh-exkeys
---
Exchanges SSH public keys between hosts.
## <a id="topic1__section2"></a>Synopsis
``` pre
hawq ssh-exkeys -f <hostfile_exkeys> | - h <hostname> [-h <hostname> ...] [-p <password>]
hawq ssh-exkeys -e <hostfile_exkeys> -x <hostfile_hawqexpand> [-p <password>]
hawq ssh-exkeys --version
hawq ssh-exkeys [-? | --help]
```
## <a id="topic1__section3"></a>Description
The `hawq ssh-exkeys` utility exchanges SSH keys between the specified host names (or host addresses). This allows SSH connections between HAWQ hosts and network interfaces without a password prompt. The utility is used to initially prepare a HAWQ system for password-free SSH access, and also to add additional ssh keys when expanding a HAWQ system.
To specify the hosts involved in an initial SSH key exchange, use the `-f` option to specify a file containing a list of host names (recommended), or use the `-h` option to name single host names on the command-line. At least one host name (`-h`) or a host file is required. Note that the local host is included in the key exchange by default.
To specify new expansion hosts to be added to an existing HAWQ system, use the `-e` and `-x` options. The `-e` option specifies a file containing a list of existing hosts in the system that already have SSH keys. The `-x` option specifies a file containing a list of new hosts that need to participate in the SSH key exchange.
Keys are exchanged as the currently logged in user. A good practice is performing the key exchange process twice: once as `root` and once as the `gpadmin` user (the designated owner of your HAWQ installation). The HAWQ management utilities require that the same non-root user be created on all hosts in the HAWQ system, and the utilities must be able to connect as that user to all hosts without a password prompt.
The `hawq ssh-exkeys` utility performs key exchange using the following steps:
- Creates an RSA identification key pair for the current user if one does not already exist. The public key of this pair is added to the `authorized_keys` file of the current user.
- Updates the `known_hosts` file of the current user with the host key of each host specified using the `-h`, `-f`, `-e`, and `-x` options.
- Connects to each host using `ssh` and obtains the `authorized_keys`, `known_hosts`, and `id_rsa.pub` files to set up password-free access.
- Adds keys from the `id_rsa.pub` files obtained from each host to the `authorized_keys` file of the current user.
- Updates the `authorized_keys`, `known_hosts`, and `id_rsa.pub` files on all hosts with new host information (if any).
## <a id="topic1__section4"></a>Options
<dt>-e \<hostfile\_exkeys\> </dt>
<dd>When doing a system expansion, this is the name and location of a file containing all configured host names and host addresses (interface names) for each host in your *current* HAWQ system (master, standby master and segments), one name per line without blank lines or extra spaces. Hosts specified in this file cannot be specified in the host file used with `-x`.</dd>
<dt>-f \<hostfile\_exkeys\> </dt>
<dd>Specifies the name and location of a file containing all configured host names and host addresses (interface names) for each host in your HAWQ system (master, standby master and segments), one name per line without blank lines or extra spaces.</dd>
<dt>-h \<hostname\> </dt>
<dd>Specifies a single host name (or host address) that will participate in the SSH key exchange. You can use the `-h` option multiple times to specify multiple host names and host addresses.</dd>
<dt>-p \<password\> </dt>
<dd>Specifies the password used to log in to the hosts. The hosts should share the same password. This option is useful when invoking `hawq ssh-exkeys` in a script.</dd>
<dt>-\\\-version </dt>
<dd>Displays the version of this utility.</dd>
<dt>-x \<hostfile\_hawqexpand\> </dt>
<dd>When doing a system expansion, this is the name and location of a file containing all configured host names and host addresses (interface names) for each new segment host you are adding to your HAWQ system, one name per line without blank lines or extra spaces. Hosts specified in this file cannot be specified in the host file used with `-e`.</dd>
<dt>-?, --help (help) </dt>
<dd>Displays the online help.</dd>
## <a id="topic1__section5"></a>Examples
Exchange SSH keys between all host names and addresses listed in the file `hostfile_exkeys`:
``` shell
$ hawq ssh-exkeys -f hostfile_exkeys
```
Exchange SSH keys between the hosts `sdw1`, `sdw2`, and `sdw3`:
``` shell
$ hawq ssh-exkeys -h sdw1 -h sdw2 -h sdw3
```
Exchange SSH keys between existing hosts `sdw1`, `sdw2`, and `sdw3`, and new hosts `sdw4` and `sdw5` as part of a system expansion operation:
``` shell
$ cat hostfile_exkeys
mdw
mdw-1
mdw-2
smdw
smdw-1
smdw-2
sdw1
sdw1-1
sdw1-2
sdw2
sdw2-1
sdw2-2
sdw3
sdw3-1
sdw3-2
$ cat hostfile_hawqexpand
sdw4
sdw4-1
sdw4-2
sdw5
sdw5-1
sdw5-2
$ hawq ssh-exkeys -e hostfile_exkeys -x hostfile_hawqexpand
```
## <a id="topic1__section6"></a>See Also
[hawq ssh](hawqssh.html#topic1), [hawq scp](hawqscp.html#topic1)