On Apr 1, 2010, at 9:24 AM, Bazy bazy84@gmail.com wrote:
Short of finding some remotely exploitable vulnerability, you'll have to visit each server and login. Imagine if you *could* create IDs without root authority? :D
Are the servers identically configured?
If you can login remotely as root you can automate some of them via expect. What issues were you encountering?
If you're doing this it might be the perfect opportunity to add some sort of remote management or authentication to the systems.
I cannot do any changes to the environment therefor I cannot configure centralized authentication :-) It's fun stuff. I managed to find a way with perl and Net::SSH::Expect.
The simple expect script would enter the su password and die without sending the adduser commands.
Like another poster suggested, create root .ssh key, copy it to each box, modify sshd.conf to allow login via either key or password in each box, you hold the key, they hold the password.
You can then use one of those ssh cluster utilities out there that issues the same command on a list of servers.
That is the best way and it requires minor changes with zero impact to the operational environment.
-Ross