ssh 信任关系无密码登陆,清除公钥,批量脚本
来源:互联网 发布:上网监控软件下载 编辑:程序博客网 时间:2024/06/16 23:07
实验机器:
主机a:192.168.2.128
主机b:192.168.2.130
实验目标: 手动建立a到b的信任关系,实现在主机a通过 ssh 192.168.2.130不用输入密码远程登陆b主机
1、a主机生成公钥
ssh-keygen -t rsa 三次回车
[root@localhost ~]# ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa already exists.Overwrite (y/n)?
[root@localhost ~]# cd .ssh[root@localhost ~]# ls –a
2、将公钥复制到b主机
[root@localhost .ssh]# scp id_rsa.pub root@192.168.255.130:/root
在b主机上将刚才传输过来的公钥文件 追加到root/.ssh/authorized_keys文件里
[root@localhost ~]# cat ~/id_ras.pub >>/root/.ssh/authorized_keys#没有这个文件的话会自动创建
3、在b主机中设置权限:
[root@localhost ~]# chmod 700 .ssh[root@localhost ~]# chmod 600 .ssh/authorized_keys #注意权限必须为700和600,否则不能成功
在a主机验证:
[root@localhost .ssh]# ssh 192.168.255.130Last login: Fri Mar 17 17:28:34 2017 from 192.168.255.128
退出:
[root@localhost ~]# exitlogoutConnection to 192.168.255.130 closed
第2步和第3步可以用下面的命令代替
ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.255.130
清除公钥信息:
ssh-keygen -R 192.168.255.130
如果主机过多,一个个敲命令肯定不现实,脚本如下,此脚本需要安装expect命令
[root@localhost ~]# rpm -qa |grep expect[root@localhost ~]# yum install expect[root@localhost ~]# vim install_ssh.sh
#!/bin/bash#批量ssh认证建立 for p in $(cat /root/ip.txt) #注意ip.txt文件的绝对路径 do ip=$(echo "$p"|cut -f1 -d":") #取ip.txt文件中的ip地址 password=$(echo "$p"|cut -f2 -d":") #取ip.txt文件中的密码 #expect自动交互开始 expect -c " spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@$ip expect { \"*yes/no*\" {send \"yes\r\"; exp_continue} \"*password*\" {send \"$password\r\"; exp_continue} \"*Password*\" {send \"$password\r\";} } " done
将要建立关系的服务器ip和密码写在ip.txt里,格式如下
ip:密码
[root@localhost ~]# cat ip.txt 172.16.0.113:123456172.16.0.114:123456
执行过程:
[root@localhost ~]# ./install_ssh.sh spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.16.0.113The authenticity of host '172.16.0.113 (172.16.0.113)' can't be established.RSA key fingerprint is 4d:24:d4:2e:85:c2:6f:73:01:d5:23:b8:50:97:f8:9c.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '172.16.0.113' (RSA) to the list of known hosts.Now try logging into the machine, with "ssh 'root@172.16.0.113'", and check in: .ssh/authorized_keysto make sure we haven't added extra keys that you weren't expecting.spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.16.0.114The authenticity of host '172.16.0.114 (172.16.0.114)' can't be established.RSA key fingerprint is 4d:24:d4:2e:85:c2:6f:73:01:d5:23:b8:50:97:f8:9c.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '172.16.0.114' (RSA) to the list of known hosts.Now try logging into the machine, with "ssh 'root@172.16.0.114'", and check in: .ssh/authorized_keysto make sure we haven't added extra keys that you weren't expecting.
验证一下:
[root@localhost ~]# ssh 172.16.0.113Last login: Fri May 19 19:28:38 2017 from 172.16.0.111[root@localhost ~]# ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:3b:4b:c5 brd ff:ff:ff:ff:ff:ff inet 172.16.0.113/23 brd 172.16.1.255 scope global eth0 inet6 fe80::20c:29ff:fe3b:4bc5/64 scope link valid_lft forever preferred_lft forever
好了
0 0
- ssh 信任关系无密码登陆,清除公钥,批量脚本
- Linux 批量建立信任关系,实现ssh无密码登陆的脚本
- ssh建立信任关系无密码登陆
- ssh建立信任关系 ssh无密码登陆
- 批量无密码ssh登陆的shell脚本
- 批量SSH key-gen无密码登陆认证脚本
- ssh建立无密码信任关系
- Linux主机间建立信任关系,无ssh密码登陆主机的问题
- ssh 批量无密码登陆设
- Linux主机信任关系配置(无密码登陆)
- SSH建立信任关系实现免输密码登陆
- ssh免密码登陆 - 服务器建立信任关系
- ssh公钥密钥无密码登陆
- 通过SSH信任关系,批量修改LINUX密码
- 建立ssh/scp的信任关系,无密码登录
- Linux 批量拷贝数据脚本 + ssh 无密码登陆远程LINUX主机
- ssh无密码登陆
- ssh 无密码登陆
- ArcGIS锁
- 实时计算平台设计
- mysql-cluster 环境配置
- Atlas-手淘组件化框架(阿里巴巴开源框架)
- Java内部类(成员内部类、静态内部类、局部内部类、匿名内部类)小结
- ssh 信任关系无密码登陆,清除公钥,批量脚本
- git使用教程
- 模拟考试 试题 模拟考核
- 算法笔记_070-BellmanFord算法简单介绍(Java)
- 《ACM程序设计》书中题目W 第二十三题 漂亮的草坪
- CentOS 6.6 升级GCC G++ (当前最新版本为v6.1.0) (完整)
- 数码管闪烁
- 数据库学习前瞻
- RabbitMQ消息队列(四):分发到多Consumer(Publish/Subscribe)[转]