Open search page
Hello, I’m DocuDroid!
Open Ask AI page
Submitting feedback
Thank you for rating our AI Search!
We would be grateful if you could share your thoughts so we can improve our AI Search for you and other readers.
GitHub

gpssh-exkeys

Exchanges SSH public keys between hosts.

Synopsis

gpssh-exkeys -f <hostfile_exkeys> | -h <hostname> [-h <hostname> ...]

gpssh-exkeys -e <hostfile_exkeys> -x <hostfile_gpexpand>

gpssh-exkeys -?

gpssh-exkeys --version

Description

The gpssh-exkeys utility exchanges SSH keys between the specified host names (or host addresses). This allows SSH connections between Greengage DB hosts and network interfaces without a password prompt. The utility is used to initially prepare a Greengage DB system for passwordless SSH access, and also to prepare additional hosts for passwordless SSH access when expanding a Greengage DB system.

Keys are exchanged as the currently logged-in user. You run the utility on the master host as the gpadmin user (the user designated to own your Greengage DB installation). Greengage DB management utilities require that the gpadmin user be created on all hosts in the Greengage DB system, and the utilities must be able to connect as that user to all hosts without a password prompt.

You can also use gpssh-exkeys to enable passwordless SSH for additional users.

The gpssh-exkeys utility has the following prerequisites:

  • The user must have an account on the master, standby, and every segment host in the Greengage DB cluster.

  • The user must have an id_rsa SSH key pair installed on the master host.

  • The user must be able to connect with SSH from the master host to every other host machine without entering a password.

You can enable 1-n passwordless SSH using the ssh-copy-id command to add the user’s public key to each host’s authorized_keys file. The gpssh-exkeys utility enables n-n passwordless SSH, which allows the user to connect with SSH from any host to any other host in the cluster without a password.

To specify the hosts involved in an SSH key exchange, use the -f option to specify a file containing a list of host names, or use the -h option to name single host names on the command-line. At least one host name (-h) or a host file (-f) is required. Note that the local host is included in the key exchange by default.

To specify new expansion hosts to be added to an existing Greengage DB system, use the -e and -x options. The -e option specifies a file containing a list of existing hosts in the system that have already exchanged SSH keys. The -x option specifies a file containing a list of new hosts that need to participate in the SSH key exchange.

The gpssh-exkeys utility performs key exchange using the following steps:

  1. Adds the user’s public key to the user’s own authorized_keys file on the current host.

  2. Updates the known_hosts file of the current user with the host key of each host specified using the -h, -f, -e, and -x options.

  3. Connects to each host using ssh and obtains the user’s authorized_keys, known_hosts, and id_rsa.pub files.

  4. Adds keys from the id_rsa.pub files obtained from each host to the authorized_keys file of the current user.

  5. Updates the authorized_keys, known_hosts, and id_rsa.pub files on all hosts with new host information (if any).

Options

-e <hostfile_exkeys>

When doing a system expansion, this is the name and location of a file containing all configured host names and host addresses (interface names) for each host in your current Greengage DB system (master, standby master, and segments), one name per line without blank lines or extra spaces. Hosts specified in this file cannot be specified in the host file used with -x.

-f <hostfile_exkeys>

Specify the name and location of a file containing all configured host names and host addresses (interface names) for each host in your Greengage DB system (master, standby master, and segments), one name per line without blank lines or extra spaces.

-h <hostname>

Specify a single host name (or host address) that will participate in the SSH key exchange. You can use the -h option multiple times to specify multiple host names and host addresses.

--version

Display the version of this utility.

-x <hostfile_gpexpand>

When doing a system expansion, this is the name and location of a file containing all configured host names and host addresses (interface names) for each new segment host you are adding to your Greengage DB system, one name per line without blank lines or extra spaces. Hosts specified in this file cannot be specified in the host file used with -e.

-?

Display help.

Examples

  • Exchange SSH keys between all host names and addresses listed in the file hostfile_exkeys:

    $ gpssh-exkeys -f hostfile_exkeys

  • Exchange SSH keys between the hosts sdw1, sdw2, and sdw3:

    $ gpssh-exkeys -h sdw1 -h sdw2 -h sdw3

  • Exchange SSH keys between existing hosts sdw1, sdw2, and sdw3, and new hosts sdw4 and sdw5 as part of a system expansion operation:

    $ gpssh-exkeys -e hostfile_exkeys -x hostfile_gpexpand

    hostfile_exkeys looks as follows:

    mdw
mdw-1
mdw-2
smdw
smdw-1
smdw-2
sdw1
sdw1-1
sdw1-2
sdw2
sdw2-1
sdw2-2
sdw3
sdw3-1
sdw3-2

    hostfile_gpexpand looks as follows:

    sdw4
sdw4-1
sdw4-2
sdw5
sdw5-1
sdw5-2

See also

Previous
gpssh
Next
gpstart