On Apr 1, 2010, at 9:24 AM, Bazy <bazy84@xxxxxxxxx> wrote:
>>
>> Short of finding some remotely exploitable vulnerability, you'll have
>> to visit each server and login. Imagine if you *could* create IDs
>> without root authority? :D
>>
>> Are the servers identically configured?
>>
>> If you can login remotely as root you can automate some of them via
>> expect. What issues were you encountering?
>>
>> If you're doing this it might be the perfect opportunity to add some
>> sort of remote management or authentication to the systems.
>
> I cannot do any changes to the environment therefor I cannot configure
> centralized authentication :-) It's fun stuff.
> I managed to find a way with perl and Net::SSH::Expect.
>
> The simple expect script would enter the su password and die without
> sending the adduser commands.
Like another poster suggested, create root .ssh key, copy it to each
box, modify sshd.conf to allow login via either key or password in
each box, you hold the key, they hold the password.
You can then use one of those ssh cluster utilities out there that
issues the same command on a list of servers.
That is the best way and it requires minor changes with zero impact to
the operational environment.
-Ross
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
