I don't know if it is such a good idea to be automating the installation of security software as root over the net with a fresh program and 1700 servers... um, how did you get the list of 1700 root passwords again? ;)

If there are other admins of these machines they might get ticked off if something happens.. and hopefully the bugs will be worked out on just a few machines first! That said, with the frequency of ssh upgrades recently I can understand the need to automate the upgrade, this could be a seriously needed tool. But I just wonder if you don't already have that kind of tool in your size department.

Anyway assuming this is all on the level, the company has fired all of its administrators and just hired you to admin 1700 unix servers even though (no personal offense intended) you don't know shell scripting, um, I think this could be a bad situation for you. Actually that isn't really fair. You may have the tool but still be assigned the job, and anyway how else do you learn? Maybe you can make something more useable than whatevery you have. So given that this is probably a good idea.

It is certainly possible to automate these kinds of things see for example Melbourne.pm's talk on Expect.pm. (by the way the link about fastmail.fm on mod_perl is interesting though off-topic.) It does seem to me that passwords sent over telnet, including the initial login itself, will be cleartext over your network (unless you installed something through another route, that would set up ssh on the target machine by itself). So you would need at least to quickly change them by logging in over ssh again. And maybe disable telnet right away, which could if a bug creeps in, lock you out of a lot of machines. Also there may be firewalls settings involved. Well anyway caveat emptor and all that. The tools are there, why not experiment with your own machine first? Maybe you want to set up a distribution server there too.

Sounds like maybe you should keep your private key on a very secure removable piece of equipment.. Also I guess I should mention that if you have machines without ssh installed, you may have a private interface (i.e. ethernet cable) which is not open to the outside world. So maybe you want to see if these machines are on an internal (i.e. 10.x.x.x) network. Telnet and ssh could be set to only be accessible from within.

Finally, my own two niggling cents but while shell scripting is fine, to a lot of people perl is more advanced than it, not less so. Though you maybe want to know both. Anyway I wish you luck.

Oh, finally I shold mention, though I have never used it, a hit on freshmeat.net that sounds quite fresh! SWUP - The Secure SoftWare UPdater written in python but maybe that's okay. Meant for linux but maybe you want to check it out anyway.