1.1 服務端端口號變化了,如何基於秘鑰連接
1.1.1 環境准備
實驗環境:
[root@test ~]# cat /etc/redhat-release CentOS release 6.9 (Final)
將一台服務器的ssh服務端口修改為63389
[root@test ~]# netstat -lntup|grep sshd tcp 0 0 0.0.0.0:63389 0.0.0.0:* LISTEN 5083/sshd tcp 0 0 :::63389 :::* LISTEN 5083/sshd
1.1.2 通過另外一台服務器創建並分發密鑰
第一個里程碑: 現創建密鑰使用 ssh-keygen
[root@backup ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): #指定密鑰對的保存路徑 Enter passphrase (empty for no passphrase): #為密鑰對創建密碼 Enter same passphrase again: #確認為密鑰對創建的密碼 Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 72:48:65:1d:25:69:e1:4c:ae:2b:6f:a5:aa:70:96:1e root@backup The key's randomart image is: +--[ RSA 2048]----+ #2048表示加密的位數為2048位 | o.==. | | o =+. | | . .+ | | . . . | | o S | | . o .. | | . E . .o | | = . oo | | o..o. | +-----------------+
第二個里程碑:分發密鑰,注意ssh的端口
[root@backup ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub "-p63389 172.16.1.250" The authenticity of host '[172.16.1.250]:63389 ([172.16.1.250]:63389)' can't be established. RSA key fingerprint is d3:41:bb:0d:43:88:da:a3:2c:e8:36:91:11:c9:e4:9c. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[172.16.1.250]:63389' (RSA) to the list of known hosts. root@172.16.1.250's password: Now try logging into the machine, with "ssh '-p63389 172.16.1.250'", and check in: .ssh/authorized_keys #分發到對端服務器后進行改名 to make sure we haven't added extra keys that you weren't expecting.
說明:
通過 man 手冊找到密鑰分發的命令格式。
-i 參數指定 公鑰文件的存放位置
[use@]表示使用的用戶,默認使用當前登陸的用戶
-p 指定端口,主要要在雙引號之間(通過cat `which ssh-copy-id` 命令腳本內容得知)
[root@backup ~]# man ssh-copy-id
Formatting page, please wait...
SSH-COPY-ID(1) SSH-COPY-ID(1)
NAME
ssh-copy-id - install your public key in a remote machine's autho-
rized_keys
SYNOPSIS
第三個里程碑: 測試密鑰登陸
[root@backup ~]# ssh 172.16.1.250 -p 63389 Last login: Wed Oct 18 15:42:05 2017 from 10.0.0.41 [root@test ~]#
1.2 如何實現自動創建秘鑰對,同時分發公鑰(編寫腳本實現)
腳本內容:
[root@m01 ~]# vim /server/scripts/piliang_fenfa.sh 1 #!/bin/bash 2 3 #make key 4 \rm -f /root/.ssh/id_dsa 5 ssh-keygen -t dsa -f /root/.ssh/id_dsa -P "" -q 6 7 #fengfagongyao 8 for ip in 8 31 41 9 do 10 echo ====fenfa key to host 172.16.1.$ip==== 11 sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no root@172.16.1.$ip" 12 echo ===============fenfa end============== 13 echo "" 14 done
腳本說明:
ssh-keygen -t dsa -f /root/.ssh/id_dsa -P "" -q
創建密鑰,-f指定存放位置,-P 密鑰加密的密碼 -q 減少信息輸出
sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no root@172.16.1.$ip"
這里需要安裝一個軟件 yum install sshpass -y 用來提供中戶密碼
ssh-copy-id 命令來分發密鑰 -i 指定密鑰本地存放的路徑
-o StrictHostKeyChecking=no 在登陸其他服務器是不選擇yes/no
for ip in 8 31 41
這里使用for循環來對ip地址進行變化。
附錄:CentOS 7密鑰分發腳本
1 #!/bin/bash 2 . /etc/rc.d/init.d/functions 3 4 yum install sshpass -y >/dev/null 5 # 創建密鑰 6 \rm ~/.ssh/id_rsa* -f 7 ssh-keygen -t rsa -f ~/.ssh/id_rsa -N "" -q 8 # 分發公鑰 9 for ip in 61 21 51 31 41 8 7 9 5 6 10 do 11 sshpass -p123456 ssh-copy-id -o "StrictHostKeyChecking no" -i /root/.ssh/id_rsa.pub 172.16.1.$ip &>/dev/null 12 if [ $? -eq 0 ];then 13 action "fenfa 172.16.1.$ip" /bin/true 14 else 15 action "fenfa 172.16.1.$ip" /bin/false 16 fi 17 echo "" 18 done
本文出自“慘綠少年”,歡迎轉載,轉載請注明出處!http://blog.znix.top