COMMAND NAME: gpssh-exkeys

Exchanges SSH public keys between hosts.


*****************************************************
SYNOPSIS
*****************************************************

gpssh-exkeys -f <hostfile_exkeys> | -h <hostname> [-h <hostname> ...]

gpssh-exkeys -e <hostfile_exkeys> -x <hostfile_gpexpand>

gpssh-exkeys -? 

gpssh-exkeys --version


*****************************************************
DESCRIPTION
*****************************************************

The gpssh-exkeys utility exchanges SSH keys between the specified host 
names (or host addresses). This allows SSH connections between Cloudberry 
hosts and network interfaces without a password prompt. The utility is 
used to initially prepare a Apache Cloudberry system for password-free 
SSH access, and also to add additional ssh keys when expanding a 
Apache Cloudberry system. 

To specify the hosts involved in an initial SSH key exchange, use the 
-f option to specify a file containing a list of host names (recommended), 
or use the -h option to name single host names on the command-line. At 
least one host name (-h) or a host file is required. Note that the local 
host is included in the key exchange by default.

To specify new expansion hosts to be added to an existing Apache Cloudberry 
system, use the -e and -x options. The -e option specifies a file containing 
a list of existing hosts in the system that already have SSH keys. The -x 
option specifies a file containing a list of new hosts that need to participate 
in the SSH key exchange. 

Keys are exchanged as the currently logged in user. Cloudberry recommends 
performing the key exchange process twice: once as root and once as the 
gpadmin user (the user designated to own your Apache Cloudberry installation). 
The Apache Cloudberry management utilities require that the same non-root 
user be created on all hosts in the Apache Cloudberry system, and the 
utilities must be able to connect as that user to all hosts without a 
password prompt.

The gpssh-exkeys utility performs key exchange using the following steps:

* Creates an RSA identification key pair for the current user if one does 
  not already exist.  The public key of this pair is added to the 
  authorized_keys file of the current user.

* Updates the known_hosts file of the current user with the host key 
  of each host specified using the -h, -f, -e, and -x options.

* Connects to each host using ssh and obtains the authorized_keys, 
  known_hosts, and id_rsa.pub files to set up password-free access.

* Adds keys from the id_rsa.pub files obtained from each host to the 
  authorized_keys file of the current user.

* Updates the authorized_keys, known_hosts, and id_rsa.pub files on 
  all hosts with new host information (if any).


*****************************************************
OPTIONS
*****************************************************

-e <hostfile_exkeys>

 When doing a system expansion, this is the name and location of a file 
 containing all configured host names and host addresses (interface names) 
 for each host in your current Cloudberry system (coordinator, standby coordinator 
 and segments), one name per line without blank lines or extra spaces. 
 Hosts specified in this file cannot be specified in the host file used 
 with -x. 


-f <hostfile_exkeys>

 Specifies the name and location of a file containing all configured host 
 names and host addresses (interface names) for each host in your Cloudberry 
 system (coordinator, standby coordinator and segments), one name per line without 
 blank lines or extra spaces.


-h <hostname>

 Specifies a single host name (or host address) that will participate in 
 the SSH key exchange. You can use the -h option multiple times to 
 specify multiple host names and host addresses.


--version

 Displays the version of this utility.


-x <hostfile_gpexpand>

 When doing a system expansion, this is the name and location of a file 
 containing all configured host names and host addresses (interface names) 
 for each new segment host you are adding to your Cloudberry system, one 
 name per line without blank lines or extra spaces. Hosts specified in 
 this file cannot be specified in the host file used with -e.


-? (help)

 Displays the online help.


*****************************************************
EXAMPLES
*****************************************************

Exchange SSH keys between all host names and addresses listed in 
the file hostfile_exkeys:

  $ gpssh-exkeys -f hostfile_exkeys


Exchange SSH keys between the hosts sdw1, sdw2, and sdw3:

  $ gpssh-exkeys -h sdw1 -h sdw2 -h sdw3


Exchange SSH keys between existing hosts sdw1, sdw2 and sdw3, and new 
hosts sdw4 and sdw5 as part of a system expansion operation:

  $ cat hostfile_exkeys
    cdw
    cdw-1
    cdw-2
    scdw
    scdw-1
    scdw-2
    sdw1
    sdw1-1
    sdw1-2
    sdw2
    sdw2-1
    sdw2-2
    sdw3
    sdw3-1
    sdw3-2

  $ cat hostfile_gpexpand
    sdw4
    sdw4-1
    sdw4-2
    sdw5
    sdw5-1
    sdw5-2

 $ gpssh-exkeys -e hostfile_exkeys -x hostfile_gpexpand

*****************************************************
SEE ALSO
*****************************************************

gpssh, gpscp

