| #!/bin/bash |
| ############################################################################### |
| # $Id$ |
| ############################################################################### |
| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| ############################################################################### |
| # DESCRIPTION |
| # Configures the root account on a VCL management node to be able to log on to a |
| # Windows computer via SSH using an identity key. The IP address or hostname of |
| # the Windows computer must be supplied as the first argument. An SSH private |
| # key path can optionally be specified as the 2nd argument. If the 2nd argument |
| # isn't supplied, the SSH identity key file used is /etc/vcl/vcl.key. The SSH |
| # identity key files will be created if they don't already exist. Enter the |
| # Windows computer's root accounts password when prompted. |
| ############################################################################### |
| function print_hr { |
| echo "----------------------------------------------------------------------" |
| } |
| |
| #------------------------------------------------------------------------------ |
| function help { |
| print_hr |
| echo "Usage:" |
| echo "$0 <IP or hostname> [SSH identity key path]" |
| print_hr |
| exit 1 |
| } |
| |
| #------------------------------------------------------------------------------ |
| function die { |
| message=$1 |
| |
| print_hr |
| echo "ERROR:" |
| |
| if [ "$message" != "" ] |
| then |
| echo $message |
| fi |
| |
| print_hr |
| exit 1 |
| } |
| |
| ############################################################################### |
| # Get the arguments |
| if [ $# == 0 -o $# -gt 2 ]; |
| then |
| help |
| fi |
| NODE=$1 |
| KEY_PATH=$2 |
| |
| # Make sure root is running this script |
| if [ `whoami | grep -ic "root"` -ne 1 ]; |
| then |
| die "this script must be run as root" |
| fi |
| |
| SSH_OPTIONS="-o CheckHostIP=no -o StrictHostKeyChecking=no -o BatchMode=no" |
| |
| print_hr |
| |
| # Set the default key path if argument not specified |
| if [ "$KEY_PATH" == "" ] |
| then |
| KEY_PATH='/etc/vcl/vcl.key' |
| echo Using default SSH identity key path: $KEY_PATH |
| else |
| echo Using specified SSH identity key path: $KEY_PATH |
| fi |
| |
| # Check if vcl.key already exists, create it if it doesn't |
| print_hr |
| if [ -f "$KEY_PATH" ]; |
| then |
| echo SSH key already exists on this management node: "$KEY_PATH" |
| else |
| echo Creating SSH keys on management node: "$KEY_PATH" |
| ssh-keygen -t rsa -f "$KEY_PATH" -N '' -b 1024 -C 'VCL root account' |
| if [ $? -ne 0 ]; then die "failed to generate SSH keys"; fi; |
| echo "IdentityFile $KEY_PATH" >> /etc/ssh/ssh_config |
| fi |
| print_hr |
| |
| # Remove existing entries for the node from known_hosts for the node specified by the argument |
| if [ `grep -ic "^$NODE " /root/.ssh/known_hosts` -ne 0 ]; |
| then |
| echo Removing $C entries for $NODE from '/root/.ssh/known_hosts' |
| sed -i -r -e "s/^$NODE .*//" /root/.ssh/known_hosts |
| else |
| echo Entry does not exist for $NODE in '/root/.ssh/known_hosts' |
| fi |
| print_hr |
| |
| # Remove existing entries for the node from xCAT gkh file |
| if [ `grep -ic "^$NODE " /opt/xcat/etc/gkh` -ne 0 ]; |
| then |
| echo Removing $C entries for $NODE from '/opt/xcat/etc/gkh' |
| sed -i -r -e "s/^$NODE .*//" /opt/xcat/etc/gkh |
| else |
| echo Entry does not exist for $NODE in '/opt/xcat/etc/gkh' |
| fi |
| print_hr |
| |
| # Add the node's key to the known hosts file |
| which makesshgkh |
| if [ $? == 0 ]; |
| then |
| echo Running xCAT makesshgkh utility for $NODE |
| makesshgkh $NODE |
| else |
| echo Scanning host key for $NODE and adding it to '/root/.ssh/known_hosts' |
| ssh-keyscan -t rsa $NODE >> /root/.ssh/known_hosts |
| fi |
| print_hr |
| |
| echo Copying public key to authorized_keys on $NODE |
| scp $SSH_OPTIONS $KEY_PATH.pub root@$NODE:.ssh/authorized_keys |
| if [ $? -ne 0 ]; then die "failed to copy $KEY_PATH.pub to $NODE:.ssh/authorized_keys"; fi; |
| print_hr |
| |
| echo Setting PasswordAuthentication to no in sshd_config on $NODE |
| ssh $SSH_OPTIONS -i $KEY_PATH root@$NODE 'sed -i -r -e "s/^[ #]*(PasswordAuthentication).*/\1 no/" /etc/sshd_config' |
| ssh $SSH_OPTIONS -i $KEY_PATH root@$NODE 'grep "^[ #]*PasswordAuthentication" /etc/sshd_config' |
| print_hr |
| |
| echo Restarting the sshd service on $NODE |
| ssh $SSH_OPTIONS -i $KEY_PATH root@$NODE 'net stop sshd ; net start sshd' |
| if [ $? -ne 0 ]; then die "failed to restart the sshd service on $NODE"; fi; |
| print_hr |
| |
| echo "SUCCESS: $0 done." |
| echo |
| echo "Try to run the following command, it should NOT prompt for a password:" |
| echo "ssh $SSH_OPTIONS -i $KEY_PATH $NODE" |
| |
| exit 0 |