ssh免密码认证

ssh-keygen

SSH-keygen参数说明 - code.world - 博客园 (cnblogs.com)

ssh-keygen 的 详解_快乐&&平凡-CSDN博客_ssh-keygen

DSA与RSA_博客&brz-CSDN博客

加解密篇 - 非对称加密算法 (RSA、DSA、ECC、DH)_u014294681的博客-CSDN博客_非对称加密算法

 

配置主机互信

ssh-keygen
ssh-copy-id 10.1.10.71
ssh-copy-id 10.1.10.72
ssh-copy-id 10.1.10.73

或

ssh-keygen -t rsa
ssh-copy-id -i /root/.ssh/id_rsa.pub root@controller01
ssh-copy-id -i /root/.ssh/id_rsa.pub root@controller02
ssh-copy-id -i /root/.ssh/id_rsa.pub root@controller03

删除互信

[root@localhost .ssh]# pwd
/root/.ssh
[root@localhost .ssh]# ls -a
.  ..  authorized_keys
[root@localhost .ssh]# rm -rf authorized_keys

删除ECDSA key

[root@localhost .ssh]# pwd
/root/.ssh
[root@localhost .ssh]# ls -a
.  ..  authorized_keys  id_rsa  id_rsa.pub  known_hosts
[root@localhost .ssh]# cat known_hosts 
10.1.10.72 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDm82gKqV6SlFxY21++gLDal5WwPT2gkubLc9uJbnRaL7XCty953KtWdMBlMklyFgG3j/dg8NameOeAy6QiPfEA=

 

sshpass

sshpass用于非交互SSH的密码验证，一般用在sh脚本中，无须手动输入密码

yum -y install sshpass

sshpass用法_时光Boy的博客-CSDN博客_sshpass

sshpass-Linux命令之非交互SSH密码验证 - chenlaichao - 博客园 (cnblogs.com)

 

利用sshpass批量实现基于key验证

1.免应答known_hosts

echo 'StrictHostKeyChecking no' > ~/.ssh/config

SSH之known_hosts文件_EricXiao666的博客-CSDN博客

ssh密钥登陆，免输入yes和更新known_hosts文件_weixin_34149796的博客-CSDN博客

2.shell脚本

ssh-keygen -t rsa -f /root/.ssh/id_rsa -P ''
NET=10.1.10
export SSHPASS=1        ## 密码
for IP in {1..200};do
    sshpass -e ssh-copy-id $NET.$IP        ## -e参数通过前面SSHPASS定义密码
done

报错1：

[root@localhost ~]# ssh-copy-id 10.1.10.72

/usr/bin/ssh-copy-id: ERROR: failed to open ID file '/root/.pub': No such file or directory
(to install the contents of '/root/.pub' anyway, look at the -f option)

解决1：

ssh-keygen -t rsa

 

 

 

##