Linux之SSH管理

1.1 生成密钥

ssh2同时支持RSA和DSA密钥，但是ssh1仅支持RSA密钥。

[root@linux-node1 ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
15:91:d4:10:10:62:a8:1d:66:50:36:21:87:30:62:a2 root@linux-node1.example.com
The key's randomart image is:
+--[ DSA 1024]----+
|=oo+*oo o+**     |
|=..+=o .  ...    |
|E  = .    .      |
|  . .    .       |
|        S        |
|                 |
|                 |
|                 |
|                 |
+-----------------+
[root@linux-node1 ~]# ll .ssh/
total 12
-rw------- 1 root root 668 Apr 27 20:52 id_dsa          钥匙    （私钥）
-rw-r--r-- 1 root root 618 Apr 27 20:52 id_dsa.pub      锁      （公钥）

一键生成密钥

[root@linux-node2 .ssh]# ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa >/dev/null 2>&1
[root@linux-node2 .ssh]# ll
total 12-rw-------. 1 root root 672 Dec  3 03:28 id_dsa
-rw-r--r--. 1 root root 618 Dec  3 03:28 id_dsa.pub

1.2 分发密钥把公钥传到客户端

id_dsa（钥匙）留到管理机，id_dsa.pub（锁）发送到所有的被管理机

ssh-copy-id原理：

将id_dsa.pub（锁）发送到所有的被管理机，改名为~/.ssh/authorized_keys

同时权限是600, ~/.ssh权限为700

1.3 密钥分发

[root@linux-node1 ~]# ssh-copy-id -i .ssh/id_dsa.pub root@192.168.1.117
root@192.168.1.117's password:
Now try logging into the machine, with "ssh 'root@192.168.1.117'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

 1.4非交互式密钥分发

for n in 1 2 3 4
do
sshpass -p 123456 ssh -o StrictHostKeyChecking=no 192.168.1.$n "mkdir -m 700 -p ~/.ssh/"
sshpass -p 123456 scp -o StrictHostKeyChecking=no ~/.ssh/id_dsa.pub root@192.168.1.$n:~/.ssh/authorized_keys
sshpass -p 123456 ssh -o StrictHostKeyChecking=no 192.168.1.$n "chmod 600 ~/.ssh/authorized_keys"
done