SSH Key rotation to remote servers
How to rotate the Ezeelogin key pair from Gateway to remote servers?
The generated private key would be encrypted and cannot be retrieved.
1. To generate the new 4192-bit key pair in the Ezeelogin jump host installation, run the following command on the gateway server first.
The maximum supported private key size would be 4192 bits.
root@gateway ~]# /usr/local/ezlogin/eztool.php -regenerate_ssh_key
2. Run the highlighted command using the parallel shell so as to copy the new public key to all servers. The idea would be to copy the newly generated public key to /root/.ssh/authorized_keys on the remote servers.
####################################
# Ezeelogin Tool #
####################################
Checking environment... done
Checking license... done
Enter Ezeelogin administrator password: admin1234
Regenerate SSH key pair...
- New SSH key pair generated. Execute the following command on all remote servers using parallel shell feature to add the new public key in authorized keys:
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEaoCRxkhNdOrZk6olp+eh1RmVjrlHDHZmDyFkkNZnfZS/KXQAFPMtL3lJ9F7H4H498FQdU7wyFJLd+m00SjaYoolNx2VdhJzaBAfmqVx4Nt7wgech37wWN/NmYsFRgSC3HyZlgLycUQlcahwCp+rGJNEcjHMdmqlgX+hLFo1pXl498m5fvDXu8POga7Kq39wpURzy9gtzJyJYmHN8583qWWF4nduTy6S4ts/vd5qZVqfdky7BgqL6yMDzNId0sr1Hp90kQRbBP0wUoZ7iQ1GbtSUQmA/YBMy47OOjps86PhMR/LDqRb0a6NGvP2cpFHbGkumVECdSMuLTS8ncWUarad+yG3l3atFCwW6TxoMVNKMcqr+sAlCWzeLf87np0Ghtk1Cvy+Qxy0EzlLeX6YSYelnnnwLsBGi1kmkTmefoE3WH41yYOd4WAGA67hEgCIVQOCT+1A0Weg23SBGQUCYQbV9vII/8HDF2PFK7UJuCSO2c7lpeNE69LyZbMIvH5KeH3EMng6ljlpCOGv6xMo3Y0Qfh6bMI5GIrFBW1YMqKw36Fyer5LtsP1p3kh4Ye+tTnpGemvlXsTVABVDLFHII1MKlWAWKqDAllV74ocAd7vg5MOaaSGO+jACae8GaSF48JZ23cCElV2VF7AkMudFgHCb1h5/29y/ATTzZkIFilow== ezlogin' >> ~/.ssh/authorized_keys
You should execute the above command on all remote servers using the parallel shell feature to add the new public key in authorized keys and Wait for the parallel shell execution to complete before pressing any key to return to the command line.
After it is done, press enter key to continue...
3. Wait for the parallel shell execution to complete before pressing any key to return to the command line. This will ensure that the new public_key is copied across all servers.
4. You can view the updated global key under Servers -> Global key