I need to automate a way to distribute files to many servers. The problem of course is I need to use a secure protocol (SSH or SCP) and the username / password on each server is different.
The scenario is we have a master server a, with user a_prod and we need to send updated scripts / configs, etc. to servers b, c, d, … and on these servers the usernames are say b_dev, c_test, d_prod with each having unique passwords.
The usernames need to be unique across environments for a few reasons, dealing with DB2 and corporate security.
Shared keys will not work in this scenario, so I need to pass the usernames and passwords via a script. It is an AIX environment, and I do not have the ability to install expect.
Any ideas?
Shared keys are mentioned in multiple responses below: I have tried a few ways to do this, I think the main issue is the remote user ID's do not exist on any other host, so I can not do an ssh-keygen for them on the host I want to ssh from to do a shared key implementation with the main user (a_prod) having multiple identities depending upon the target host (b_dev, c_test_d_prod). The private key for these users needs to be generated on host a for the remote users, and then their public keys need to be copied to the target hosts.
Best Answer
"Corporate S(tupidity)" :-)
SSH / SCP generally lives with the realm of UNIX philosophy I think. It is very rare that the designers of Unix applications intentionally make it so the administrator can't easily do something stupid. There will be generally be a warning like: "You probably don't want to do this because ... but, if you really want to, fine!".
In the case of passing a password to ssh in a script, they intentionally make this difficult, because it just such a bad idea.
At this point, I wouldn't even bother with SSH. You really need to talk with the corporate security people and come up with a real solution for the scenario. If they don't want to use keys, ask them what you should do. If that doesn't work, tell your managers what they want can't be done due to corporate security restrictions. If the managers do insist that you do this, get it in writing, or it is your ass on the line