1SSHEXPORT(1)                       Internet                       SSHEXPORT(1)
2
3
4

NAME

6       sshexport - install ssh public keys on remote servers
7

SYNOPSIS

9       sshexport [-h] [-c] [-p port] [-r] [-d] [-v] name@host...
10

DESCRIPTION

12       This script tries to export ssh public keys to specified sites. It will
13       walk the user through generating key pairs if it doesn't find any to
14       export. It handles all the fiddly details, like remembering the ssh
15       keyfile names, updating the authorized_keys and making sure local and
16       remote permissions are correct. It tells you what it's doing if it has
17       to change anything.
18
19       Each name@host argument is the name of a host where your public keys
20       should be installed. If it contains a @, the part before the @ will be
21       clipped off and used as the login name. Otherwise your local login name
22       will be used.
23
24       Note: this script does not parse your ssh configuration — therefore, if
25       you have specified a different remote user in your configuration, this
26       script will not know that. You can use the user@host syntax to force
27       the remote username.
28
29       On any remote Linux system using selinux, the security context of
30       root's authorized_keys is restored whenever it is modified or deleted.
31

RECORDING REMOTE KEY LOCATIONS

33       If either of the files ~/.config/sshexport or ~/.ssh/sshexport.rc
34       exists, places where you install keys will be recorded in it, along
35       with the password used to access the host and the port (if
36       non-default). This record will also be updated when you use the check
37       option, so you can use that option to check sites where you may have
38       previously installed keys and add them to the list. Entries are edited
39       when you delete remote keys; the key is deleted, but not the password
40       and port information.
41
42       Beware that if your account is cracked, this record will offer the
43       intruder a menu of other systems to attack, escalating security risks.
44       Thus, to enable the recording feature, you must explicitly create
45       ~/.ssh/sshexport.rc or ~/.config/sshexport.rcusing touch(1) or some
46       other means. This tool will not create the file for you. Also, it
47       checks permissions on these files at startup and bails out with a
48       message if they are not limited to the owning user.
49

OPTIONS

51       Invoked with the -h option, the program prints a usage summary and
52       exits.
53
54       Invoked with the -c option, the program checks your local and remote
55       ssh configuration for problems without changing anything (except that
56       your record of where you have installed keys is updated).
57
58       The -p option allows you to set a port number, overriding the default
59       22. This may be useful if you have a firewall and port forwarding
60       setup. Port numbers are recorded if you have recording set up.
61
62       Invoked with the -d option, the program deletes any public keys under
63       the specified login at the specified host. The password and the -p
64       option need not be specified if an entry was recorded for this host.
65       The configuration entries for any such keys are also removed, but not
66       port and password information.
67
68       The -r force-installs your keys on all sites recorded in your
69       installation log. By removing your keys (to force a key pair
70       generation) you can ship new keys to all sites.
71
72       The -v option says to report all commands and responses during the
73       session. It's mainly useful for debugging.
74

FILES

76       Sites where keys have been installed may be recorded in ~/.sshexport or
77       ~/.config/sshexport.  (the second location is preferred if ~/.config)
78       exists.
79

REQUIREMENTS

81       sshexport was written in Python 2.2a1. It will not work under Python
82       1.5.2.
83

BUGS

85       This program relies on ptys to work correctly in combination with exec,
86       but some implementations (notably under FreeBSD) don't. Suspect this if
87       you see termination with the message "Remote ls returned empty string,
88       bailing out"
89
90       If you encounter this or any other bug, the first thing to do is run
91       with -v and see if that clarifies matters. If not, send the maintainer
92       a session transcript.
93

SEE ALSO

95       ssh(1), ssh-keygen(1).
96

AUTHOR

98       Eric S. Raymond <esr@thyrsus.com>.
99
100       There is a project web page at http://www.catb.org/~esr/sshexport/.
101
102
103
104sshexport                         07/22/2023                      SSHEXPORT(1)
Impressum