Exchanges SSH public keys between hosts.
gpssh-exkeys -f <hostfile_exkeys> | -h <hostname> [-h <hostname> ...] gpssh-exkeys -e <hostfile_exkeys> -x <hostfile_gpexpand> gpssh-exkeys -? gpssh-exkeys --version
gpssh-exkeys utility exchanges SSH keys between the specified host names (or host addresses). This allows SSH connections between Greenplum hosts and network interfaces without a password prompt. The utility is used to initially prepare a Greenplum Database system for passwordless SSH access, and also to prepare additional hosts for passwordless SSH access when expanding a Greenplum Database system.
Keys are exchanged as the currently logged in user. You run the utility on the master host as the
gpadmin user (the user designated to own your Greenplum Database installation). Greenplum Database management utilities require that the
gpadmin user be created on all hosts in the Greenplum Database system, and the utilities must be able to connect as that user to all hosts without a password prompt.
You can also use
gpssh-exkeys to enable passwordless SSH for additional users,
root, for example.
gpssh-exkeys utility has the following prerequisites:
id_rsaSSH key pair installed on the master host.
You can enable 1-n passwordless SSH using the
ssh-copy-id command to add the user’s public key to each host’s
authorized_keys file. The
gpssh-exkeys utility enables “n-n passwordless SSH,” which allows the user to connect with SSH from any host to any other host in the cluster without a password.
To specify the hosts involved in an SSH key exchange, use the
-f option to specify a file containing a list of host names (recommended), or use the
-h option to name single host names on the command-line. At least one host name (
-h) or a host file (
-f) is required. Note that the local host is included in the key exchange by default.
To specify new expansion hosts to be added to an existing Greenplum Database system, use the
-x options. The
-e option specifies a file containing a list of existing hosts in the system that have already exchanged SSH keys. The
-x option specifies a file containing a list of new hosts that need to participate in the SSH key exchange.
gpssh-exkeys utility performs key exchange using the following steps:
authorized_keysfile on the current host.
known_hostsfile of the current user with the host key of each host specified using the
sshand obtains the user’s
id_rsa.pubfiles obtained from each host to the
authorized_keysfile of the current user.
id_rsa.pubfiles on all hosts with new host information (if any).
-hoption multiple times to specify multiple host names and host addresses.
Exchange SSH keys between all host names and addresses listed in the file
$ gpssh-exkeys -f hostfile_exkeys
Exchange SSH keys between the hosts
$ gpssh-exkeys -h sdw1 -h sdw2 -h sdw3
Exchange SSH keys between existing hosts
sdw3, and new hosts
sdw5 as part of a system expansion operation:
$ cat hostfile_exkeys mdw mdw-1 mdw-2 smdw smdw-1 smdw-2 sdw1 sdw1-1 sdw1-2 sdw2 sdw2-1 sdw2-2 sdw3 sdw3-1 sdw3-2 $ cat hostfile_gpexpand sdw4 sdw4-1 sdw4-2 sdw5 sdw5-1 sdw5-2 $ gpssh-exkeys -e hostfile_exkeys -x hostfile_gpexpand