Linux之SSH管理
1.1 生成密钥
ssh2同时支持RSA和DSA密钥,但是ssh1仅支持RSA密钥。
[root@linux-node1 ~]# ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 15:91:d4:10:10:62:a8:1d:66:50:36:21:87:30:62:a2 root@linux-node1.example.com The key's randomart image is: +--[ DSA 1024]----+ |=oo+*oo o+** | |=..+=o . ... | |E = . . | | . . . | | S | | | | | | | | | +-----------------+ [root@linux-node1 ~]# ll .ssh/ total 12
-rw------- 1 root root 668 Apr 27 20:52 id_dsa 钥匙 (私钥) -rw-r--r-- 1 root root 618 Apr 27 20:52 id_dsa.pub 锁 (公钥)
一键生成密钥
[root@linux-node2 .ssh]# ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa >/dev/null 2>&1 [root@linux-node2 .ssh]# ll total 12-rw-------. 1 root root 672 Dec 3 03:28 id_dsa -rw-r--r--. 1 root root 618 Dec 3 03:28 id_dsa.pub
1.2 分发密钥把公钥传到客户端
id_dsa(钥匙)留到管理机,id_dsa.pub(锁)发送到所有的被管理机
ssh-copy-id原理:
将id_dsa.pub(锁)发送到所有的被管理机,改名为~/.ssh/authorized_keys
同时权限是600, ~/.ssh权限为700
1.3 密钥分发
[root@linux-node1 ~]# ssh-copy-id -i .ssh/id_dsa.pub root@192.168.1.117
root@192.168.1.117's password:
Now try logging into the machine, with "ssh 'root@192.168.1.117'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
1.4非交互式密钥分发
for n in 1 2 3 4 do sshpass -p 123456 ssh -o StrictHostKeyChecking=no 192.168.1.$n "mkdir -m 700 -p ~/.ssh/" sshpass -p 123456 scp -o StrictHostKeyChecking=no ~/.ssh/id_dsa.pub root@192.168.1.$n:~/.ssh/authorized_keys sshpass -p 123456 ssh -o StrictHostKeyChecking=no 192.168.1.$n "chmod 600 ~/.ssh/authorized_keys" done