Simpler Navigation coming for Servers and Operating Systems
Coming soon: a much simpler Servers and Operating Systems section of the Community. We will combine many of the older boards, and you won't have to click through so many levels to get at the information you need. If you are looking for an older board and do not find it, check the consolidated boards, as the posts are still there.
Languages and Scripting
Showing results for 
Search instead for 
Did you mean: 

Automated SSH key distribution

Go to solution
Frequent Advisor

Automated SSH key distribution


Could you please advise with issue described below?

I've just generated an ssh key pair on HP-UX. Now I need to distribute my authorized_keys to over 200 systems, so I can connect them later without password.

What I'm trying to create is a script which will:
login to remote system
create .ssh directory
copy there authorized_keys

I'm searching for an automated login without requesting password for each system (it's always the same). I think expect would make my life easier, but don't know how to use it...
Honored Contributor

Re: Automated SSH key distribution

If I recall correctly, one of the example scripts that comes with expect is called "autoexpect": you can start it, then login to a remote system once. The autoexpect script will monitor your inputs and outputs and will auto-generate a script to perform the same procedure again.

After generating a script with autoexpect, you usually have to tweak it manually to make it work with all hosts, instead of only the specific one you used as an example: for example, you may want to replace hostnames in the script with command-line arguments or other variables, and edit the prompts and other strings incoming from the remote host, so that they will be applicable to all hosts (for example, remove or replace with wildcards any expected strings that include version numbers).

Here are some links to documentation about Expect:

Of course, the stupid lazy way is to make a simple script that issues all the necessary commands to all the hosts in sequence, and then use the Copy/Paste functionality of your workstation to repeatedly enter the password at each prompt as it appears.

Pressing Alt-V (the common Windows keyboard shortcut for Paste) or the middle mouse button (for the Paste function of the X11 Window System) repeatedly for 250..500 times is utterly boring and RSI-inducing (remember to flex your hands once in a while!), but doable if you only have to do it once.

If you can use one HP-UX (or any Unix-style system) to log on to all the others, here's one way to do your task:

- create the .ssh directory and the authorized_keys file on one HP-UX host, set the permissions properly, and make sure it works

- create a text file that contains the hostnames of your target systems, one per line

- use the "ssh-keyscan" command to gather a set of SSH host keys for all your hosts in advance, and store it to the known_hosts file, so you won't have to answer any "SSH hostkey is unknown" prompts.

- run "scp -rp .ssh username@second_host:" to recursively copy the entire .ssh directory to your home directory to one other host, to verify it works and the only thing you need to type is the password

- make a tiny script like this:

while read TARGET
echo "Connecting to ${TARGET}"
scp -rp .ssh username@${TARGET}:

- pipe the list of hostnames to the script:

sh < list_of_hostnames.txt

- use another terminal window (or Notepad etc.) to copy your password to the Copy/Paste buffer, then switch to the window that runs your script, and start hitting the Paste key.

- keep a notepad handy (either a physical one, or one in another window on your screen) so you can record the names of any hosts which seem to have problems, or need some further attention.

James R. Ferguson
Acclaimed Contributor

Re: Automated SSH key distribution


Look at 'csshsetup' which is a part of the Distributed Systems Administration Utilities (DSAU):

See the documentation here:



Frequent Advisor

Re: Automated SSH key distribution

Thanks a lot for feedback guys :)