Ruby net-ssh: How to authenticate with pubkey using a gateway

Question

I am trying to run a script in several machines I have at work, to gather some information about them, such as which OS they're running, what services run on them, some configurations, etc. I have a machine on which I log before ssh-ing to any of the other machines, because of the public key setup it has. From there, I can ssh into all of the other machines without being asked for my password.

What I want to do is to automate logging onto all of these machines from that one, but the script is running on my local machine. So I just learned about ruby-ssh-gateway and am trying that, but I can't seem to get pubkey authentication to work.

I do something like this:

gateway = Net::SSH::Gateway.new('gatewaymachine', 'username', :password => 'password')
all_machines.each do |machine|
  gateway.ssh(machine, 'username') do |ssh|
    uname = ssh.exec!('uname -a')
    puts "machine: #{machine}; OS: #{uname}"
  end
end

But I get a Net::SSH::AuthenticationFailed exception.

If, instead, I provide the password, like so:

gateway.ssh(machine, 'username', :password => 'password')

it does work, but that's not viable, since passwords are not the same across machines.

Does anyone know how I can make this work?

Thanks.

Answer 1

Are the machines you are talking to behind a NAT firewall? If not, you don't need ruby-ssh-gateway.

Have you created a public key on the origin box, for the user which runs the program, and given that key to the target user on each target box?

$ ssh-keygen -t dsa    # Only do this once
$ ssh-copy-id -i ~/.ssh/id_dsa.pub user@machine
(enter the password)

and to make sure the key is working:

$ ssh user@machine      # should not ask for a password

Once you've done that, it's as simple as using system or backtick to shell out to ssh:

system('ssh machine "ls -l"')