实验机器: 主机a:192.168.2.128 主机b:192.168.2.130 实验目标: 手动建立a到b的信任关系,实现在主机a通过 ssh 192.168.2.130不用输入密码远程登陆b主机
1、a主机生成公钥 ssh-keygen -t rsa 三次回车
[root@localhost ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa already exists. Overwrite (y/n)? [root@localhost ~]# cd .ssh [root@localhost ~]# ls –a2、将公钥复制到b主机
[root@localhost .ssh]# scp id_rsa.pub root@192.168.255.130:/root在b主机上将刚才传输过来的公钥文件 追加到root/.ssh/authorized_keys文件里
[root@localhost ~]# cat ~/id_ras.pub >>/root/.ssh/authorized_keys #没有这个文件的话会自动创建3、在b主机中设置权限:
[root@localhost ~]# chmod 700 .ssh [root@localhost ~]# chmod 600 .ssh/authorized_keys #注意权限必须为700和600,否则不能成功在a主机验证:
[root@localhost .ssh]# ssh 192.168.255.130 Last login: Fri Mar 17 17:28:34 2017 from 192.168.255.128退出:
[root@localhost ~]# exit logout Connection to 192.168.255.130 closed第2步和第3步可以用下面的命令代替
ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.255.130清除公钥信息:
ssh-keygen -R 192.168.255.130如果主机过多,一个个敲命令肯定不现实,脚本如下,此脚本需要安装expect命令
[root@localhost ~]# rpm -qa |grep expect [root@localhost ~]# yum install expect [root@localhost ~]# vim install_ssh.sh #!/bin/bash #批量ssh认证建立 for p in $(cat /root/ip.txt) #注意ip.txt文件的绝对路径 do ip=$(echo "$p"|cut -f1 -d":") #取ip.txt文件中的ip地址 password=$(echo "$p"|cut -f2 -d":") #取ip.txt文件中的密码 #expect自动交互开始 expect -c " spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@$ip expect { \"*yes/no*\" {send \"yes\r\"; exp_continue} \"*password*\" {send \"$password\r\"; exp_continue} \"*Password*\" {send \"$password\r\";} } " done将要建立关系的服务器ip和密码写在ip.txt里,格式如下 ip:密码
[root@localhost ~]# cat ip.txt 172.16.0.113:123456 172.16.0.114:123456执行过程:
[root@localhost ~]# ./install_ssh.sh spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.16.0.113 The authenticity of host '172.16.0.113 (172.16.0.113)' can't be established. RSA key fingerprint is 4d:24:d4:2e:85:c2:6f:73:01:d5:23:b8:50:97:f8:9c. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.16.0.113' (RSA) to the list of known hosts. Now try logging into the machine, with "ssh 'root@172.16.0.113'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.16.0.114 The authenticity of host '172.16.0.114 (172.16.0.114)' can't be established. RSA key fingerprint is 4d:24:d4:2e:85:c2:6f:73:01:d5:23:b8:50:97:f8:9c. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.16.0.114' (RSA) to the list of known hosts. Now try logging into the machine, with "ssh 'root@172.16.0.114'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.验证一下:
[root@localhost ~]# ssh 172.16.0.113 Last login: Fri May 19 19:28:38 2017 from 172.16.0.111 [root@localhost ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:3b:4b:c5 brd ff:ff:ff:ff:ff:ff inet 172.16.0.113/23 brd 172.16.1.255 scope global eth0 inet6 fe80::20c:29ff:fe3b:4bc5/64 scope link valid_lft forever preferred_lft forever好了
转载于:https://www.cnblogs.com/fanren224/p/8457290.html
