SSH密钥分发

1.环境准备

[[email protected] 7 ~]# cat /etc/redhat-release

CentOS Linux release 7.2.1511 (Core)

[[email protected] 7 ~]# uname -r

3.10.0-327.el7.x86_64

[[email protected] 7 ~]# getenforce

Disabled

[[email protected] 7 ~]# systemctl status firewalld.service

● firewalld.service - firewalld - dynamic firewall daemon

Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)

Active: inactive (dead)

[[email protected] 7 ~]# ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 10.0.0.201 netmask 255.255.255.0 broadcast 10.0.0.255

inet6 fe80::20c:29ff:fe40:1a4e prefixlen 64 scopeid 0x20<link>

ether 00:0c:29:40:1a:4e txqueuelen 1000 (Ethernet)

RX packets 79743 bytes 65986287 (62.9 MiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 54690 bytes 70448334 (67.1 MiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 172.16.1.201 netmask 255.255.255.0 broadcast 172.16.1.255

inet6 fe80::20c:29ff:fe40:1a58 prefixlen 64 scopeid 0x20<link>

ether 00:0c:29:40:1a:58 txqueuelen 1000 (Ethernet)

RX packets 0 bytes 0 (0.0 B)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 10 bytes 744 (744.0 B)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

inet 127.0.0.1 netmask 255.0.0.0

inet6 ::1 prefixlen 128 scopeid 0x10<host>

loop txqueuelen 0 (Local Loopback)

RX packets 0 bytes 0 (0.0 B)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 0 bytes 0 (0.0 B)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

2.查看SSH端口

[[email protected] 7 ~]# netstat -lntup | grep sshd

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1518sshd

tcp6 0 0 :::22 :::* LISTEN 1518sshd

3.密钥认证

3.1创建密钥对

[[email protected] 7 ~]# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa): ----密钥对保存路径

Created directory '/root/.ssh'.

Enter passphrase (empty for no passphrase): ----为密钥对创建密码

Enter same passphrase again: ----确认密码

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

7d:dc:8c:89:80:5d:79:97:6b:e4:2d:53:89:ba:d6:13 [email protected] 7

The key's randomart image is:

+--[ RSA 2048]----+ ----加密的位数为20048

| .. ...|

| o .. ..+..|

| . o ..+ + |

| o + E* .|

| S o B.+o |

| + o |

| . . |

| |

+-----------------+

3.2分发公钥

[[email protected] 7 .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]

The authenticity of host '172.16.1.63 (172.16.1.63)' can't be established.

ECDSA key fingerprint is 0b:bf:14:a7:9e:87:69:5d:7c:a5:25:b9:65:22:35:08.

Are you sure you want to continue connecting (yes/no)? yes

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

[email protected]'s password: ----第一次分发公钥，需要输入密码

Number of key(s) added: 1

Now try logging into the machine, with: "ssh '[email protected]'"

and check to make sure that only the key(s) you wanted were added.

3.3测试

[[email protected] 7 ~]# ssh 172.16.1.63

Last login: Fri Mar 30 17:11:08 2018 from 10.0.0.1

[[email protected] ~]# ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 10.0.0.63 netmask 255.255.255.0 broadcast 10.0.0.255

inet6 fe80::20c:29ff:feae:fb74 prefixlen 64 scopeid 0x20<link>

ether 00:0c:29:ae:fb:74 txqueuelen 1000 (Ethernet)

RX packets 9568 bytes 2809779 (2.6 MiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 382 bytes 30216 (29.5 KiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 172.16.1.63 netmask 255.255.255.0 broadcast 172.16.1.255

inet6 fe80::20c:29ff:feae:fb7e prefixlen 64 scopeid 0x20<link>

ether 00:0c:29:ae:fb:7e txqueuelen 1000 (Ethernet)

RX packets 87 bytes 18256 (17.8 KiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 88 bytes 21538 (21.0 KiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

inet 127.0.0.1 netmask 255.0.0.0

inet6 ::1 prefixlen 128 scopeid 0x10<host>

loop txqueuelen 0 (Local Loopback)

RX packets 66294 bytes 49504554 (47.2 MiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 66294 bytes 49504554 (47.2 MiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

4.认证代理

4.1管理主机创建密钥对（以上步骤）

4.2分发公钥（以上步骤）

4.3管理主机启动认证代理

[[email protected] 7 ~]# eval `ssh-agent -s`

Agent pid 2994

4.4管理主机向agent代理服务器注册本地服务器私钥信息

[[email protected] 7 ~]# ssh-add

Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)

4.5管理主机将凭证信息通过远程登陆方式给被代理主机

[[email protected] 7 ~]# ssh -A 172.16.1.63

Last login: Fri Mar 30 20:03:21 2018 from 172.16.1.21

4.6测试

[[email protected] ~]# ssh 172.16.1.21

Last login: Fri Mar 30 20:08:27 2018 from 172.16.1.63

5.自动创建密钥对，分发公钥（Shell脚本）

#!/bin/bash

##############################################################

# File Name: ssh_fenfa.sh

# Version: V7.4

# Author: feng yu

# Organization: http://blog.51cto.com/13520761

# Created Time : 2018-03-30 20:13:36

# Description:

##############################################################

fil=/root/.ssh/id_rsa*

if [ $(ls $fil|wc -l) > 0 ];then

rm -rf $fil

ssh-keygent -t rsa -f /root/.ssh/id_rsa -P "" >> /dev/null 2>&1

else

ssh-keygent -t rsa -f /root/.ssh/id_rsa -P "" >> /dev/null 2>&1

if [ $(rpm -qa sshpass|wc -l) -lt 1 ];then

yum install -y sshpass &>/dev/null

for ip in 21 63

sshpass -p123456 ssh-copy-id -i /root/.ssh/id_rsa.pub "172.16.1.$ip -o StrictHostKeyChecking=no"

done

原文地址：http://blog.51cto.com/13520761/2095798

时间： 2024-10-04 15:04:35

SSH密钥分发的相关文章

关于ssh密钥分发的简单脚本

1.生成密钥和分发公钥的两条命令 ssh-keygen -t rsa|dsa -P '' ssh-copy-id -i ~/.ssh/id_dsa.pub "-p2222 [email protected]" 2.使用expect的简单分发脚本,实现自动交互 ###shell scripts powered by troy### #!/bin/bash ##deliver pubkey## dsa_pub_key="/home/troy/.ssh/id_dsa.pub&quo

ssh密钥分发与ansible部署指南

当我们公司的服务器达到几十台或几百台或更高的时候,利用批量管理工具管理系统是我们要做的常用的批量管理工具有ansible,stalstack. 那首先我们要实现管理机对所有服务器的免密钥登录---ssh-key #管理机生成密钥对 [[email protected] ~]# ssh-keygen -t dsa #-t指定加密的方式,默认为rsa #提示生成的密钥放在/root/.ssh/id_dsa#提示是否给生成的密钥再加密一次,回车即可#让你再确认一次,回车即可. [[email pro

SSH批量分发与管理

一.SSH服务介绍 SSH是Secure Shell Protocol的简写,由IETF网络工作小组制定:在进行数据传输之前,SSH先对联机数据包通过加密技术进行加密处理,加密后再进行数据传输,确保了传递的数据安全. SSH是专为远程登录会话和其他网络服务提供的安全性协议.利用SSH协议可以有效的防止远程管理过程中的信息泄露问题,在当前的生产环境当中,绝大多数企业普遍采用SSH协议服务来代替传统的不安全的远程联机服务软件.如telnet等. SSH服务结构: SSH服务是由服务端软件OpenSS

ssh密钥的分发之一：ssh-copy-id

ssh密钥的分发我们在使用客户端账号对主机记性管理的时候,可以分为以下两种情况: 1.第一种情况,直接使用root账号: 优点:使用root账号密钥分发简单,指令执行简单缺点:不安全 2.第二种情况,使用普通用户账号: 优点:比较安全缺点:配置比较复杂,命令执行的时候也比较复杂. 这里因为是测试环境,我们选择第一种情况,直接使用root账号来远程管理主机. ssh密钥的分发这里我们有多种方式: 1.第一种,直接使用ssh自带的密钥分发工具命令ssh-copy-id: ssh-copy-id

ssh密钥分发之二：使用sshpass配合ssh-kopy-id编写脚本批量分发密钥：

使用sshpass配合ssh-kopy-id编写脚本批量分发密钥: 首先sshpass是一个ssh连接时的免交互工具,首先要安装一下: yum install sshpass -y 接下来我们就可以使用sshpass工具了,一条命令形式分发ssh公钥: sshpass -p "ssh登录密码" ssh-copy-id -i /root/.ssh/id_dsa.pub -o StrictHostKeyChecking=no [email protected]123.56.221.190

[转] SSH 密钥认证机制

使用 RSA 密钥对进行 SSH 登录验证使用 RSA 密钥对验证 SSH 的优点是 1) 不用打密码 2) 比密码验证更安全:缺点是 1) 第一次配置的时候有点麻烦 2) 私钥需要小心保存.Anyway 用密钥验证比密码验证还是方便不少的.推荐所有用户使用密钥认证. 目录生成密钥对上传密钥 ~/.ssh 相关文件权限 Over~ 附:公钥加密原理进一步阅读 1. 生成密钥对 OpenSSH 提供了ssh-keygen用于生成密钥对,不加任何参数调用即可: % ssh-keygen Ge

ssh key分发

rsa与das区别: rsa:是一种加密算法,是由Ron Rivest.Adi Shamir和LeonardAdleman这三个名称的第一个字母连接起来. dsa:就是数字签名算法的英文全称的简写,即DigitalSignature Algorithm 测试环境: 机器 IP Cl1 a 192.168.2.30 Cl2 b 192.168.2.31 Cl3 c 192.168.2.32 密钥分发

ssh批量分发服务搭建

SSH批量分发服务 1. 系统环境 [[email protected] ~]# uname -a Linux A 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 2203:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux [[email protected] ~]# ifconfig eth0 | grep 'inet addr' |awk'{print $2}'|awk -F':' '{print $2}' 10.0.0.3

(转)SSH批量分发管理&非交互式expect

目录 1 SSH批量分发管理 1.1 测试环境 1.2 批量管理步骤 1.3 批量分发管理实例 1.3.1 利用sudo提权来实现没有权限的用户拷贝 1.3.2 利用sudo提权开发管理脚本 1.3.3 利用rsync来实现增量备份 1.4 SSH批量管理分发脚本实战 1.5 SSH批量管理总结 2 非交互式expect 2.1 非交互式生成密钥及实现批量管理 2.2 一键批量安装httpd服务 2.3 一键自动化50台规模集群网站 1 SSH批量分发管理基于口令的,如何实现批量管理:expe