Ssh_key免秘钥登录
一,环境准备
1.1 操作系统
[root@manager ~]# cat /etc/redhat-release CentOS release 6.7 (Final) [root@manager ~]#
1.2内核版本
[root@manager ~]# uname -r 2.6.32-573.el6.x86_64 [root@manager ~]#
1.3 主机网络参数
|
主机名 |
网卡eth0 |
用途 |
|
manager |
192.168.1.90 |
管理机 |
|
web1 |
192.168.1.88 |
Test1 |
|
web2 |
192.168.1.89 |
Test2 |
二, 部署ssh秘钥交互批量分发
2.1 下载epel源并更新yum库
[root@manager ~]# wget -O /etc/yum.repos.d/epel.repohttp://mirrors.aliyun.com/repo/epel-6.repo [root@manager ~]# yum -y clean all [root@manager ~]# yum makecache
2.2 安装sshpass工具
[root@manager ~]#yum -y install sshpass
三, 第二步创建密钥对文件
3.1 免交互创建秘钥对
[root@manager ~]# ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ""
Generating public/private dsa key pair.
/root/.ssh/id_dsa already exists.
Overwrite (y/n)? y
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
6d:53:4b:e8:73:76:be:68:d1:95:71:38:b2:f3:fc:0e root@manager
The key's randomart image is:
+--[ DSA 1024]----+
| . |
| .. o..|
| . oo .+|
| o oo. ..|
| S * +=.. |
| . =.o+ |
| .E. |
| .. o.|
| .. ...|
+-----------------+
[root@manager ~]#
命令说明:
ssh-keygen:生成密钥对命令
-t:指定密钥对的密码加密类型(rsa,dsa两种)
-f:指定密钥对文件的生成路径包含文件名
-P(大写):指定密钥对的密码
3.2 第三步:免交互方式分发秘钥
[root@manager ~]# sshpass -p "ssh登录密码" ssh-copy-id -i ~/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no root@192.168.1.89"
Now try logging into the machine, with "ssh '-o StrictHostKeyChecking=no root@192.168.1.89'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@manager ~]#
命令说明:
sshpass:专为ssh连接服务的免交户工具
-p :指定登录的密码
ssh-copy-id:自动分发公钥的工具
-i:指定公钥路径
-o StrictHostKeyChecking=no :不进行对方主机信息的写入(第一次ssh连接会在know_hosts文件里记录)
3.3 第四步:测试ssh秘钥认证情况
[root@manager ~]# ssh root@192.168.1.89 Last login: Tue Jul 25 00:05:15 2017 from manager [root@web2 ~]#
3.4 编写ssh秘钥对免交互批量分发脚本
#!/bin/bash
# author:Mr.chen
# 2017-3-14
# description:SSH密钥批量分发
User=root
passWord=123.asd
function YumBuild(){
echo "正在安装epel源yum仓库,请稍后..."
cd /etc/yum.repos.d/ &&\
[ -d bak ] || mkdir bak
[ `find ./*.* -type f | wc -l` -gt 0 ] && find ./*.* -type f | xargs -i mv {} bak/
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo &>/dev/null
yum -y clean all &>/dev/null
yum makecache &>/dev/null
}
echo "正在进行网络连接测试,请稍后..."
ping www.baidu.com -c2 >/dev/null ||(echo "无法连同外网,本脚本运行环境必须和外网相连!" && exit)
[ $# -eq 0 ] && echo "没有参数!格式为:sh $0 参数1...n" && exit
rpm -q sshpass &>/dev/null || yum -y install sshpass &>/dev/null
if [ $? -gt 0 ];then
YumBuild
yum -y install sshpass &>/dev/null || (echo "sshpass build error!" && exit)
fi
[ -d ~/.ssh ] || mkdir ~/.ssh;chmod 700 ~/.ssh
echo "正在创建密钥对...."
rm -rf ~/.ssh/id_dsa ~/.ssh/id_dsa.pub
ssh-keygen -t dsa -f ~/.ssh/id_dsa -P "" &>/dev/null
for ip in $*
do
ping $ip -c1 &>/dev/null
if [ $? -gt 0 ];then
echo "$ip无法ping通请检查网络"
continue
fi
sshpass -p "$passWord" ssh-copy-id -i ~/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no ${User}@$ip" &>/dev/null
echo "$ip 密钥分发成功"
done
3.5 第五步:脚本分发测试
[root@manager scripts]# sh ssh_key.sh 192.168.1.88 192.168.1.89 正在进行网络连接测试,请稍后... 正在创建密钥对.... 192.168.1.88 密钥分发成功 192.168.1.89 密钥分发成功 [root@manager scripts]# [root@manager scripts]# ssh root@192.168.1.89 Last login: Tue Jul 25 01:07:13 2017 from 192.168.1.225 [root@web2 ~]#
