gpssh-exkeys

Exchanges SSH public keys between hosts.

Synopsis

gpssh-exkeys -f <hostfile_exkeys> | - h <hostname> [-h <hostname> ...]

gpssh-exkeys -e <hostfile_exkeys> -x <hostfile_gpexpand>

gpssh-exkeys -? 

gpssh-exkeys --version

Description

The gpssh-exkeys utility exchanges SSH keys between the specified host names (or host addresses). This allows SSH connections between Greenplum hosts and network interfaces without a password prompt. The utility is used to initially prepare a Greenplum Database system for password-free SSH access, and also to add additional ssh keys when expanding a Greenplum Database system.

To specify the hosts involved in an initial SSH key exchange, use the -f option to specify a file containing a list of host names (recommended), or use the -h option to name single host names on the command-line. At least one host name (-h) or a host file is required. Note that the local host is included in the key exchange by default.

To specify new expansion hosts to be added to an existing Greenplum Database system, use the -e and -x options. The -e option specifies a file containing a list of existing hosts in the system that already have SSH keys. The -x option specifies a file containing a list of new hosts that need to participate in the SSH key exchange.

Keys are exchanged as the currently logged in user. You should perform the key exchange process twice: once as root and once as the gpadmin user (the user designated to own your Greenplum Database installation). The Greenplum Database management utilities require that the same non-root user be created on all hosts in the Greenplum Database system, and the utilities must be able to connect as that user to all hosts without a password prompt.

The gpssh-exkeys utility performs key exchange using the following steps:

  • Creates an RSA identification key pair for the current user if one does not already exist. The public key of this pair is added to the authorized_keys file of the current user.
  • Updates the known_hosts file of the current user with the host key of each host specified using the -h, -f, -e, and -x options.
  • Connects to each host using ssh and obtains the authorized_keys, known_hosts, and id_rsa.pub files to set up password-free access.
  • Adds keys from the id_rsa.pub files obtained from each host to the authorized_keys file of the current user.
  • Updates the authorized_keys, known_hosts, and id_rsa.pub files on all hosts with new host information (if any).

Options

-e hostfile_exkeys
When doing a system expansion, this is the name and location of a file containing all configured host names and host addresses (interface names) for each host in your current Greenplum system (master, standby master and segments), one name per line without blank lines or extra spaces. Hosts specified in this file cannot be specified in the host file used with -x.
-f hostfile_exkeys
Specifies the name and location of a file containing all configured host names and host addresses (interface names) for each host in your Greenplum system (master, standby master and segments), one name per line without blank lines or extra spaces.
-h hostname
Specifies a single host name (or host address) that will participate in the SSH key exchange. You can use the -h option multiple times to specify multiple host names and host addresses.
--version
Displays the version of this utility.
-x hostfile_gpexpand
When doing a system expansion, this is the name and location of a file containing all configured host names and host addresses (interface names) for each new segment host you are adding to your Greenplum system, one name per line without blank lines or extra spaces. Hosts specified in this file cannot be specified in the host file used with -e.
-? (help)
Displays the online help.

Examples

Exchange SSH keys between all host names and addresses listed in the file hostfile_exkeys:

$ gpssh-exkeys -f hostfile_exkeys

Exchange SSH keys between the hosts sdw1, sdw2, and sdw3:

$ gpssh-exkeys -h sdw1 -h sdw2 -h sdw3

Exchange SSH keys between existing hosts sdw1, sdw2, and sdw3, and new hosts sdw4 and sdw5 as part of a system expansion operation:

$ cat hostfile_exkeys
mdw
mdw-1
mdw-2
smdw
smdw-1
smdw-2
sdw1
sdw1-1
sdw1-2
sdw2
sdw2-1
sdw2-2
sdw3
sdw3-1
sdw3-2
$ cat hostfile_gpexpand
sdw4
sdw4-1
sdw4-2
sdw5
sdw5-1
sdw5-2
$ gpssh-exkeys -e hostfile_exkeys -x hostfile_gpexpand

See Also

gpssh, gpscp

check-circle-line exclamation-circle-line close-line
Scroll to top icon