SSH 登录问题 (生成RSA Key,无密码登录,root SSH登录,etc.)
来源:互联网 发布:java runnable thread 编辑:程序博客网 时间:2024/04/29 13:10
先让root能ssh登录一台机器:
update_ini('/etc/ssh/sshd_config', 'PermitRootLogin', 'yes')update_ini('/etc/ssh/sshd_config', 'PasswordAuthentication', pwauth)update_ini('/etc/ssh/sshd_config', 'ChallengeResponseAuthentication', 'no')
就是修改/etc/ssh/sshd_config 中的3个值.
关于不用密码从一台linux机器登录另外一台机器:
1:用ssh-keygen 生成一个用户的RSA key
一路默认,这样可以得到两个文件 id_ras 和id_ras.pub
和一个像是这样的fingerprints
e9:37:e4:48:1f:96:f3:3a:1a:ac:57:cc:85:39:bb:6f mac@ngmp-master
[mac@ngmp-master .ssh]$ lltotal 16-rw------- 1 mac mac 1675 May 24 10:33 id_rsa-rw-r--r-- 1 mac mac 397 May 24 10:33 id_rsa.pub[mac@ngmp-master .ssh]$ pwd/home/mac/.ssh
2: 用ssh-copy-id user@host 把你刚刚创建的SSH公钥传到host机器上
或者, 自己拷贝 id_ras.pub 文件内容到目标机器的 .ssh/authorized_keys2 文件中就好了
3:从A机器ssh去B机器,A机器上你的帐号下~/.ssh/known_hosts文件中多了一行,关于B机器的记录,看起来像是:
10.36.126.32 ssh-rsa AAAAB3NzaC1yc2EAAAQEAqB1PcXHO7....yDZGvKqYJIYluKQ==
不是密钥,是B机器的fingerpringts, (应该是base64编码过的)
如果B机器重新安装了,要从A的known_hosts文件中把B的记录删除掉
多台相互信任机器的SSH设置:
1: 在其中一台机器上的root下用 ssh-keygen生成key
2: 把文件id_rsa 和 id_ras.pub 拷贝到各台信任的机器上 /root/.ssh/
3: 在authorized_keys2文件中加入一行:
from="server1, server2, server3, ...." ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtSVYgX8z5WiHpaKpb9eYQ+Ubytap34tcKbhTW7Pw69I9OVFcGtrPhc35o4OO4aPb47MKBlnq/bVOMzKginDOGnw== root@master.server
格式是 from="server, .... server list" ssh-ras ASSDFA(公用的pub秘钥)aASDFASDFAf <user>@<server>
用于做这件事情的ruby script:
#!/usr/bin/rubyIMHT_ROOT = "/opt/trend/imht"require 'central_config' require 'tempfile'def update_ini(fn, kw, value) f = Tempfile.new(File.basename(fn)) f.close system("awk \"BEGIN {i=0} {if (/^#?#{kw}[ \t]+.*/) {if(i == 0) print \\\"#{kw} #{value}\\\"; i++} else print}\" #{fn} > #{f.path}") system("cp -f #{f.path} #{fn}") f.unlinkend# Push our hosts's public key to the mastercfg = CentralConfig.newmyhost = cfg.get_my_host()master = cfg.get_hosts_by_role_dc_pod('slack-master', myhost.dc, myhost.pod)[0]key = IO.read('/etc/ssh/ssh_host_rsa_key.pub')myentry = "#{myhost.host},#{myhost.host}.#{cfg.get_domain_by_datacenter_pod(myhost.dc, myhost.pod)},#{cfg.get_host_ip(myhost)} #{key}"f = Tempfile.new('known_hosts')f.write(myentry)f.closesystem("rsync #{f.path} #{master.host}::imht/ssh-config/#{myhost.host}.pub")f.unlink# Install the known-hosts filesystem("cp -f #{IMHT_ROOT}/setup/ssh-config/ssh_known_hosts /etc/ssh")# Install roots's ssh key pair system("mkdir -p /root/.ssh")system("cp -f #{IMHT_ROOT}/setup/ssh-config/id_rsa /root/.ssh")system("chmod 600 /root/.ssh/id_rsa")system("cp -f #{IMHT_ROOT}/setup/ssh-config/id_rsa.pub /root/.ssh")system("chmod 644 /root/.ssh/id_rsa.pub")system("cp -f #{IMHT_ROOT}/setup/ssh-config/id_rsa.pub /root/.ssh")# Allow root acceess only from nodes within the podhosts = cfg.get_hosts_by_datacenter_pod(myhost.dc, myhost.pod)domain = cfg.get_domain_by_datacenter_pod(myhost.dc, myhost.pod)from = 'from="'hosts.each do |h| from << "#{h.host}.#{domain},"endextra = cfg.get_pod_parameter(myhost.dc, myhost.pod, 'ssh.authkeys.extra_ips')if extra from << extra.split(/ *, */).join(',') + ','endfrom[from.length-1] = '" 'f = Tempfile.new('auth_keys_from')f.write(from)f.closesystem("cat /root/.ssh/id_rsa.pub >> #{f.path}")system("cat #{f.path} >> /root/.ssh/authorized_keys2") if !File.exist?('/root/.ssh/authorized_keys2') || !system("grep -q -f #{f.path} /root/.ssh/authorized_keys2")system("chmod 644 /root/.ssh/authorized_keys2")f.unlink# Check if PasswordAuthentication is allowedautodeploy = cfg.get_my_parameter('autodeploy')autodeploy_opts = autodeploy ? autodeploy.split(/ *, */) : []pwauth = (autodeploy_opts.include?('+sshdpwauth')) ? 'yes' : 'no'# Enable root login. Disable password authenticationupdate_ini('/etc/ssh/sshd_config', 'PermitRootLogin', 'yes')update_ini('/etc/ssh/sshd_config', 'PasswordAuthentication', pwauth)update_ini('/etc/ssh/sshd_config', 'ChallengeResponseAuthentication', 'no')# Restart sshdif cfg.get_host_os(myhost) == 'ubuntu' system("/etc/init.d/ssh restart")else system("/etc/init.d/sshd restart")end
- SSH 登录问题 (生成RSA Key,无密码登录,root SSH登录,etc.)
- Centos ssh rsa 无密码登录
- ssh无密码登录
- SSH 无密码登录
- ssh无密码登录
- 无密码ssh登录
- ssh 无密码登录
- ssh无密码登录
- ssh无密码登录
- ssh无密码登录
- ssh无密码登录
- ssh 无密码登录
- ssh 无密码登录
- SSH无密码登录
- SSH无密码登录
- ssh无密码登录
- ssh 无密码登录
- SSH无密码登录
- 《c++ primer》第16章 模板与泛型编程
- 一位大牛整理的Python资源
- Win7任务管理器显示不全问题解决办法
- qt添加头文件和库文件
- solr取所有文档示例
- SSH 登录问题 (生成RSA Key,无密码登录,root SSH登录,etc.)
- struts2中action调用servletAPI方法及struts2标签显示方式
- 错误Set connectionId threw an exception
- ORACLE 数据块、ITL SELECT和UPDATE逻辑梳理
- 《红日》
- _onexit函数注册
- BAT批处理教程转载的
- Android实现开机自启动Service
- java 小