Installing ssh on many hosts

Relevant classes: any To install the Secure Shell on all your machines, you first have to make the binaries available to all hosts, for instance by using an NFS binary server. Then you have to generate a public/private key pair on each machine. You can get cfengine to automate this, first checking that no key already exists, and then building one if it does. Here we assume that the secure shell is installed in /usr/local/bin. First we set a class based on whether a keyfile already exists: classes: # groups # # If this file exists, then ssh has been installed ok # Setup_SSH_OK = ( '/usr/bin/test -f /etc/ssh2/ssh2_config' ) If not, we execute a small script: shellcommands: !Setup_SSH_OK:: # If ssh is not properly installed, install it! "/usr/local/bin/SetupSSH" files: /etc/ssh2/ssh2_config m=644 o=root g=0 act=fixall /etc/ssh2/sshd2_config m=644 o=root g=0 act=fixall It is easiest to make a shell script to perform the installation. The following shell script is all that is required: #!/bin/sh # # SetupSSH script PATH=/bin:/local/gnu/bin:/usr/bin ( mkdir /etc/ssh2; cd /local/src/ssh-2.0.12/apps/ssh; \ make generate-host-key; cp -p ssh2_config /etc/ssh2/ssh2_c onfig; \ chmod 644 /etc/ssh2/ssh2_config; cp -p sshd2_config /etc/ssh2/sshd2_config; \ chmod 644 /etc/s\ sh2/sshd2_config ) After the standard installation of ssh version 2, you might want to arrange for compatability with version 1. editfiles: { /etc/ssh2/sshd2_config ReplaceAll "PrintMotd.*yes" With "PrintMotd no" AppendIfNoSuchLine "Ssh1Compatibility yes" AppendIfNoSuchLine "Sshd1Path /local/sbin/sshd1" } Finally, we need to start the daemon: processes: "sshd" restart "/usr/local/sbin/sshd" useshell=false Back to documentation