| COMMAND NAME: hawq ssh-exkeys |
| |
| Exchanges SSH public keys between hosts. |
| |
| |
| ***************************************************** |
| SYNOPSIS |
| ***************************************************** |
| |
| hawq ssh-exkeys -f <hostfile_exkeys> [-p <password>] | -h <hostname> |
| [-h <hostname> ...] [-p <password>] |
| |
| hawq ssh-exkeys -e <hostfile_exkeys> -x <hostfile_hawq_expand> |
| |
| hawq ssh-exkeys -? |
| |
| hawq ssh-exkeys --version |
| |
| |
| ***************************************************** |
| DESCRIPTION |
| ***************************************************** |
| |
| The hawq ssh-exkeys utility exchanges SSH keys between the specified host |
| names (or host addresses). This allows SSH connections between HAWQ |
| hosts and network interfaces without a password prompt. The utility is |
| used to initially prepare a HAWQ system for password-free |
| SSH access, and also to add additional ssh keys when expanding a |
| HAWQ system. |
| |
| To specify the hosts involved in an initial SSH key exchange, use the |
| -f option to specify a file containing a list of host names (recommended), |
| or use the -h option to name single host names on the command-line. At |
| least one host name (-h) or a host file is required. Note that the local |
| host is included in the key exchange by default. |
| |
| To specify new expansion hosts to be added to an existing HAWQ |
| system, use the -e and -x options. The -e option specifies a file containing |
| a list of existing hosts in the system that already have SSH keys. The -x |
| option specifies a file containing a list of new hosts that need to participate |
| in the SSH key exchange. |
| |
| Keys are exchanged as the currently logged in user. Greenplum recommends |
| performing the key exchange process twice: once as root and once as the |
| gpadmin user (the user designated to own your HAWQ installation). |
| The HAWQ management utilities require that the same non-root |
| user be created on all hosts in the HAWQ system, and the |
| utilities must be able to connect as that user to all hosts without a |
| password prompt. |
| |
| The hawq ssh-exkeys utility performs key exchange using the following steps: |
| |
| * Creates an RSA identification key pair for the current user if one does |
| not already exist. The public key of this pair is added to the |
| authorized_keys file of the current user. |
| |
| * Updates the known_hosts file of the current user with the host key |
| of each host specified using the -h, -f, -e, and -x options. |
| |
| * Connects to each host using ssh and obtains the authorized_keys, |
| known_hosts, and id_rsa.pub files to set up password-free access. |
| |
| * Adds keys from the id_rsa.pub files obtained from each host to the |
| authorized_keys file of the current user. |
| |
| * Updates the authorized_keys, known_hosts, and id_rsa.pub files on |
| all hosts with new host information (if any). |
| |
| |
| ***************************************************** |
| OPTIONS |
| ***************************************************** |
| |
| -e <hostfile_exkeys> |
| |
| When doing a system expansion, this is the name and location of a file |
| containing all configured host names and host addresses (interface names) |
| for each host in your current HAWQ system (master, standby master |
| and segments), one name per line without blank lines or extra spaces. |
| Hosts specified in this file cannot be specified in the host file used |
| with -x. |
| |
| |
| -f <hostfile_exkeys> |
| |
| Specifies the name and location of a file containing all configured host |
| names and host addresses (interface names) for each host in your HAWQ |
| system (master, standby master and segments), one name per line without |
| blank lines or extra spaces. |
| |
| |
| -h <hostname> |
| |
| Specifies a single host name (or host address) that will participate in |
| the SSH key exchange. You can use the -h option multiple times to |
| specify multiple host names and host addresses. |
| |
| -p <password> |
| |
| Specifies the password used to login to the hosts. The hosts should share the same password. |
| |
| --version |
| |
| Displays the version of this utility. |
| |
| |
| -x <hostfile_hawq_expand> |
| |
| When doing a system expansion, this is the name and location of a file |
| containing all configured host names and host addresses (interface names) |
| for each new segment host you are adding to your HAWQ system, one |
| name per line without blank lines or extra spaces. Hosts specified in |
| this file cannot be specified in the host file used with -e. |
| |
| |
| -? (help) |
| |
| Displays the online help. |
| |
| |
| ***************************************************** |
| EXAMPLES |
| ***************************************************** |
| |
| Exchange SSH keys between all host names and addresses listed in |
| the file hostfile_exkeys: |
| |
| $ hawq ssh-exkeys -f hostfile_exkeys |
| |
| |
| Exchange SSH keys between the hosts sdw1, sdw2, and sdw3: |
| |
| $ hawq ssh-exkeys -h sdw1 -h sdw2 -h sdw3 |
| |
| |
| Exchange SSH keys between existing hosts sdw1, sdw2 and sdw3, and new |
| hosts sdw4 and sdw5 as part of a system expansion operation: |
| |
| $ cat hostfile_exkeys |
| mdw |
| mdw-1 |
| mdw-2 |
| smdw |
| smdw-1 |
| smdw-2 |
| sdw1 |
| sdw1-1 |
| sdw1-2 |
| sdw2 |
| sdw2-1 |
| sdw2-2 |
| sdw3 |
| sdw3-1 |
| sdw3-2 |
| |
| $ cat hostfile_hawq_expand |
| sdw4 |
| sdw4-1 |
| sdw4-2 |
| sdw5 |
| sdw5-1 |
| sdw5-2 |
| |
| $ hawq ssh-exkeys -e hostfile_exkeys -x hostfile_hawq_expand |
| |
| ***************************************************** |
| SEE ALSO |
| ***************************************************** |
| |
| hawq ssh, hawq scp |
| |