Example 1: Connect to multiple hosts, fetch their host keys in hashed (default) format, and save them under the user's
$HOME/.ssh2/hostkeys directory. Save the host key hash values with both the specified hostname and the IP address of the host. Store a log under
> ssh-keydist2 -N -i -A /tmp/newhosts.log host1 host2 host3
Example 2: Connect to multiple hosts defined in the
hostlist.txt file, fetch their host keys in plain format, and save them under both the user's
$HOME/.ssh2/hostkeys directory and the system-wide
/etc/ssh2/hostkeys directory. Running the command requires administrator privileges.
> ssh-keydist2 -N -F plain -g -H /home/userid/hostlist.txt
The keys are stored with the names specified in the host list file. For example, the following list would specify storing the keys with FQDN and also connecting to port 222 on host1.example.com:
Example 3: Create a 1024-bit DSA key with an empty passphrase, and upload it to a Unix server running OpenSSH, including the necessary conversions. Public-key upload uses password-from-file for authentication.
> ssh-keydist2 -t dsa -b 1024 -P -d -p /home/userid/passwd_file \
-u user1 -O open_server.example.com
Example 4: Create a 1536-bit RSA key with an empty passphrase, and upload it to multiple servers, including the necessary conversions. Public-key upload uses password-from-file for authentication. Note that only one password file can be defined. This means that all remote hosts must have the same password.
> ssh-keydist2 -t rsa -b 1536 -P -d \
-p /home/userid/passwd_file \
-S -u user1 tectia_unix.example.com \
-W -u user2 tectia_win.example.com \
-Z -u user3 tectia_zos.example.com \
-O -u user1 open_server.example.com \
Example 5: Distribute an existing RSA public key to several hosts using host lists. Accept new server host keys automatically and store the log under
The host lists need to be grouped so that all SSH Tectia Unix, SSH Tectia Windows, SSH Tectia z/OS, and OpenSSH hosts are in different host files, for example
openssh_hostlist.txt, each host list defined in the following way:
Note that only one password file can be defined. This means that all remote hosts must have the same password.
The command is as follows:
> ssh-keydist2 -f /home/userid/.ssh2/id_rsa_1024_a.pub \
-p /home/userid/passwd_file -a -F plain -A /tmp/newhosts.log \
-S -H tectiaunix_hostlist.txt \
-Z -H tectiazos_hostlist.txt \
-O -H openssh_hostlist.txt