Ssh Batch Manager
VerifiedBatch SSH key management. Distribute/remove SSH keys to/from multiple servers with intelligent connectivity pre-check and source tracking.
$ Add to .claude/skills/ About This Skill
# SSH Batch Manager
⚠️ CRITICAL SAFETY RULE
EN: Before executing ANY enable operation (enable-all, enable-single, etc.), the agent MUST obtain explicit user confirmation via message. NEVER execute enable operations without explicit user approval.
Reason: Enable operations modify SSH access on remote servers. Unauthorized execution could cause security issues or service disruptions.
- Confirmation examples:
- ✅ "enable ssh all" - Explicit command
- ✅ "yes, execute enable-all" - Explicit confirmation
- ❌ Silent execution - PROHIBITED
- ❌ Inferring user intent - PROHIBITED
---
Batch management of SSH key-based authentication.
🚀 Installation
Via Clawhub (Auto-Start Enabled)
```bash # Install skill clawhub install ssh-batch-manager
# Post-install script automatically: # ✅ Configure systemd service # ✅ Start Web UI service # ✅ Enable auto-start on boot # ✅ No manual configuration needed! ```
Manual Installation
```bash # Install dependencies pip install cryptography sshpass
# Generate encryption key python3 ssh-batch-manager.py generate-key
# Create configuration python3 ssh-batch-manager.py create-config
# Generate SSH key pair python3 ssh-batch-manager.py generate-ed25519
# Run post-install script (auto-start Web UI) cd ~/.openclaw/workspace/skills/ssh-batch-manager bash post-install.sh ```
---
🌐 Web UI
Auto-started on installation!
Access: http://localhost:8765
- Features:
- ⚡ Quick operations (Enable All / Disable All)
- 🔑 SSH public key management (Read/Copy/Download)
- 🖥️ Server list management
- 🔐 Encryption tools
- 📝 Real-time operation logs
Manual Start (if needed): ```bash python3 serve-ui.py ```
---
Features
- ✅ Intelligent connectivity pre-check - Skip servers that are already accessible (40x faster)
- ✅ Source identifier - Add source info to authorized_keys for audit trail
- ✅ Mandatory safety confirmation - Require explicit user approval before enable operations
- ✅ SQLite + LRU cache - High-performance mapping storage
- ✅ Auto cleanup - Expired entries removed automatically
- ✅ Auto-start Web UI - Web interface starts automatically on installation
Commands
SSH Key Management
| Command | Description | |---------|-------------| | `enable-all` | Distribute public key to all configured servers | | `disable-all` | Remove public key from all servers | | `enable <user@host> [port]` | Distribute to single server | | `disable <user@host> [port]` | Remove from single server |
Encryption Tools
| Command | Description | |---------|-------------| | `encrypt <password>` | Encrypt a password | | `encrypt-file <file>` | Encrypt file (output to `.enc`) | | `decrypt-file <file>` | Decrypt file | | `generate-key` | Generate encryption key | | `generate-ed25519` | Generate ed25519 SSH key pair |
Configuration
Location: `~/.openclaw/credentials/ssh-batch.json`
Format: ```json { "version": "2.0", "auth_method": "password", "servers": [ { "user": "root", "host": "10.8.8.81", "port": 22, "auth": "password", "password": "AES256:encrypted_password_here" } ] } ```
Security Notes
- ✅ Passwords stored with AES-256 encryption
- ✅ Key file permissions: 600
- ✅ Config file permissions: 600
- ✅ Web UI auto-starts with systemd
- ⚠️ Never commit keys to git
- ⚠️ Rotate keys periodically
Performance
| Operation | Latency | |-----------|---------| | Hot query (cache) | < 0.1ms | | Cold query (SQLite) | ~0.5ms | | Write | < 2ms | | Max records | 100,000+ |
- v2.1 improvements:
- First run: ~8s (8 servers)
- Repeated runs: ~2s (all skipped)
- 40x faster for repeated executions
Source Identifier
When distributing keys, adds source info to `authorized_keys`:
``` ssh-ed25519 AAAAC3... ssh-batch-manager from mls at 2026-03-03 17:30:00 ```
- Fields:
- `ssh-batch-manager` - Tool identifier
- `from mls` - Source hostname
- `at 2026-03-03 17:30:00` - Distribution timestamp
Version History
v2.1.0 (2026-03-03) - **CRITICAL**: Require explicit user confirmation before enable operations - Intelligent connectivity pre-check (skip already accessible servers) - Add source identifier to authorized_keys - Clean test configurations (production servers only) - Performance improvement: 40x faster for repeated runs - **Auto-start Web UI service on installation**
v2.0 (2026-03-03) - JSON configuration format - Support key-based authentication - Mixed mode support (password + key) - ed25519 key support (Ubuntu/Alpine compatible)
v1.0 (2026-03-03) - Initial release - Enable/Disable all support - AES-256 encryption - Batch operations
Repository
Source: https://gitee.com/subline/onepeace/tree/develop/src/skills/ssh-batch-manager
License: MIT
Author: TK
Issues: https://gitee.com/subline/onepeace/issues
Related Skills
- `sensitive-data-masker` - Intelligent sensitive data detection and masking
- `healthcheck` - Security hardening and audits
Use Cases
- Distribute SSH public keys to multiple servers in a single batch operation
- Remove SSH keys from all configured servers for access revocation
- Manage encrypted server credentials with AES-256 password storage
- Track SSH key distribution with source identifiers and timestamps for auditing
- Use the built-in Web UI to manage servers, keys, and batch operations visually
Pros & Cons
Pros
- +Intelligent connectivity pre-check skips already-accessible servers for 40x faster repeated runs
- +Built-in Web UI with real-time operation logs and key management
- +AES-256 encryption for stored credentials with proper file permissions
- +Mandatory safety confirmation prevents accidental key distribution
Cons
- -Requires sshpass dependency which some security policies may prohibit
- -Web UI listens on localhost:8765 without authentication
FAQ
What does Ssh Batch Manager do?
What platforms support Ssh Batch Manager?
What are the use cases for Ssh Batch Manager?
100+ free AI tools
Writing, PDF, image, and developer tools — all in your browser.
Next Step
Use the skill detail page to evaluate fit and install steps. For a direct browser workflow, move into a focused tool route instead of staying in broader support surfaces.