SSH Key rotation to remote servers
How to rotate the Ezeelogin key pair from Gateway to remote servers?
- The generated private key would be encrypted and cannot be retrieved.
- The maximum supported private key size would be 4192 bits.
How to rotate the key pair from the Ezeelogin server to the Remote servers?
Synopsis: To regenerate the key manually, First, we will run the command to regenerate the key, followed by which we will open the parallel shell simultaneously and run the highlighted key in a parallel shell that we'll receive while regenerating a key(we'll be copying the newly generated key on remote servers). And later press Enter and Check the Global key from GUI to confirm the changes.
Step 1. To generate the new 4192-bit key pair in the Ezeelogin jump host installation, run the following command on the gateway server.
root@gateway ~]# /usr/local/ezlogin/eztool.php -regenerate_ssh_key
Step 2. Run the highlighted command using the parallel shell to copy the new public key to all servers.
The idea would be to copy the newly generated public key to /root/.ssh/authorized_keys on the remote servers.
####################################
# Ezeelogin Tool #
####################################
Checking environment... done
Checking license... done
Enter Ezeelogin administrator password: admin1234
Regenerate SSH key pair...
- New SSH key pair generated. Execute the following command on all remote servers using parallel shell feature to add the new public key in authorized keys:
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEaoCRxkhNdOrZk6olp+eh1RmVjrlHDHZmDyFkkNZnfZS/KXQAFPMtL3lJ9F7H4H498FQdU7wyFJLd+m00SjaYoo
lNx2VdhJzaBAfmqVx4Nt7wgech37wWN/NmYsFRgSC3HyZlgLycUQlcahwCp+rGJNEcjHMdmqlgX+hLFo1pXl498m5fvDXu8POga7Kq39wpURzy9gtzJyJY
mHN8583qWWF4nduTy6S4ts/vd5qZVqfdky7BgqL6yMDzNId0sr1Hp90kQRbBP0wUoZ7iQ1GbtSUQmA/YBMy47OOjps86PhMR/LDqRb0a6NGvP2cpFHbGku
mVECdSMuLTS8ncWUarad+yG3l3atFCwW6TxoMVNKMcqr+sAlCWzeLf87np0Ghtk1Cvy+Qxy0EzlLeX6YSYelnnnwLsBGi1kmkTmefoE3WH41yYOd4WAGA6
7hEgCIVQOCT+1A0Weg23SBGQUCYQbV9vII/8HDF2PFK7UJuCSO2c7lpeNE69LyZbMIvH5KeH3EMng6ljlpCOGv6xMo3Y0Qfh6bMI5GIrFBW1YMqKw36Fye
r5LtsP1p3kh4Ye+tTnpGemvlXsTVABVDLFHII1MKlWAWKqDAllV74ocAd7vg5MOaaSGO+jACae8GaSF48JZ23cCElV2VF7AkMudFgHCb1h5/29y/ATTzZk
IFilow== ezlogin' >> ~/.ssh/authorized_keys
You should execute the above command on all remote servers using the parallel shell feature to add the new public key in authorized keys and Wait for the parallel shell execution to complete before pressing any key to return to the command line.
After it is done, press enter key to continue...
Step 3. Wait for the parallel shell execution to complete before pressing any key to return to the command line.
This will ensure that the new public_key is copied across all servers.
Step 4. You can view the updated global key under Servers -> Global key
