Linux用户建立秘钥认证实现SHELL脚本管理,分发,部

2019-11-09 作者:计算机教程   |   浏览(126)

# su - root

Swap: 1023 6 1017

/dev/sda1 194M 27M 158M 15% /boot

Enter passphrase (empty for no passphrase):

查看服务端IP地址:

# ssh 192.168.100.29 free -m

通过root用户建立秘钥认证实现SHELL脚本管理,分发,部署 

5.客户端验证登陆:(ssh client)

root@192.168.100.30's password:

# echo 192.168.100.28 >> iplist

# cat iplist

管理成功

ssh server: 192.168.100.29 server.example.com

总用量 16

The key's randomart image is:

-----------------

eth0 Link encap:Ethernet HWaddr 00:0C:29:7A:4F:30

TX packets:162264 errors:0 dropped:0 overruns:0 carrier:0

注:这里遇到警告提示“Address 192.168.100.29 maps to bogon, but this does not map back to the address

RX packets:184530 errors:0 dropped:0 overruns:0 frame:0

The key fingerprint is:

done

# echo "192.168.100.29 server.example.com" >> /etc/hosts

# vi manager.sh

# ls -lda .ssh

-rw------- 1 root root 668 6月 6 23:03 id_dsa


collisions:0 txqueuelen:1000

RX packets:184297 errors:0 dropped:0 overruns:0 frame:0

| . . |

一.建立秘钥认证

。。。。。 

# cd .ssh


Interrupt:19 Base address:0x2000

2.生成IP列表:(若有多台SSH服务端需要管理,这里以此类推即可)

RX bytes:163618650 (156.0 MiB) TX bytes:51304877 (48.9 MiB)

for ip in `cat iplist`

--------------------------- 

| o o * |

3.执行脚本:

无错误提示:

| .o . o|

total used free shared buffers cached

echo "---$ip---"

Mem: 1006 991 14 0 177 308

to make sure we haven't added extra keys that you weren't expecting.


drwx------ 2 root root 4096 6月 6 23:03 .ssh

# ls -la

---------------------- 


3.将公钥(锁)分发到SSH服务端:(ssh client)

解决办法为修改客户端/etc/hosts文件,将服务端的ip地址与主机名对应关系写进去就可以了。 


inet addr:192.168.100.29 Bcast:192.168.100.255 Mask:255.255.255.0

| oo.. B . |


查看服务端内存

总用量 4

---192.168.100.29---

| |

文件系统 容量 已用 可用 已用%% 挂载点

| S. o |

----------------------- 

--------------------------- 

# echo 192.168.100.29 >> iplist

-rw------- 1 root root 613 6月 6 23:29 authorized_keys

inet6 addr: fe80::20c:29ff:fe7a:4f30/64 Scope:Link

# cd /etc/rc.d

The authenticity of host '192.168.100.30 (192.168.100.30)' can't be established.


Your public key has been saved in /root/.ssh/id_dsa.pub.

--------------- 

e9:5e:4a:7f:79:64:c5:ae:f2:06:a7:26:e4:41:5c:0e root@zabbix.example.com

Enter same passphrase again:

Are you sure you want to continue connecting (yes/no)? yes

.ssh/authorized_keys 

环境:

Enter file in which to save the key (/root/.ssh/id_dsa):

2.查看生成的秘钥对:(ssh client)

成功收到 

# ssh-copy-id -i .ssh/id_dsa.pub 192.168.100.29

# ssh-keygen -t dsa

# ssh 192.168.100.29 /sbin/ifconfig eth0

--[ DSA 1024]----

-/ buffers/cache: 506 500

TX packets:162028 errors:0 dropped:0 overruns:0 carrier:0

Your identification has been saved in /root/.ssh/id_dsa.

drwx------ 2 root root 4096 6月 6 23:03 .

/dev/sda3 19G 6.7G 11G 38% /

(ssh client)

输入yes,然后密码后回车:

| o . =. |

dr-xr-x---. 26 root root 4096 6月 6 23:03 ..

永利电子游戏网站 1

重新查看

Warning: Permanently added '192.168.100.30' (RSA) to the list of known hosts.

注:公钥相当于锁,私钥相当于钥匙,我们这里相当于在客户端创建一对钥匙和锁,想要做到SSH免密码登录,就相当于我们将锁分发到服务端并装锁,然后客户端就可以利用钥匙开锁。

# ssh 192.168.100.29 /sbin/ifconfig eth0

collisions:0 txqueuelen:1000

4.服务端查看收到的分发文件:(ssh server) 

Interrupt:19 Base address:0x2000

首先client端创建秘钥对,并将公钥分发给需要登录的SSH服务端

公钥分发完毕 


# sh manager.sh "df -h"

-rw-r--r-- 1 root root 613 6月 6 23:03 id_dsa.pub

192.168.100.29

eth0 Link encap:Ethernet HWaddr 00:0C:29:7A:4F:30

Now try logging into the machine, with "ssh '192.168.100.30'", and check in: 

  • POSSIBLE BREAK-IN ATTEMPT!”。

Created directory '/root/.ssh'.

inet addr:192.168.100.29 Bcast:192.168.100.255 Mask:255.255.255.0


二.创建SHELL脚本实现批量管理:(ssh client)

------------------ 

Generating public/private dsa key pair.

1.在客户端创建秘钥对:(ssh client)

RSA key fingerprint is fc:9b:2e:38:3b:04:18:67:16:8f:dd:94:a8:bd:08:03.

ssh client: 192.168.100.30 client.example.com 


| . o . .|


1.创建脚本:




一路回车即可

ssh $ip $1

秘钥生成完毕 

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

do


tmpfs 504M 0 504M 0% /dev/shm

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1


| E . |

Address 192.168.100.30 maps to bogon, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!

# ll /root/.ssh

Address 192.168.100.29 maps to bogon, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!

inet6 addr: fe80::20c:29ff:fe7a:4f30/64 Scope:Link

RX bytes:163599380 (156.0 MiB) TX bytes:51284830 (48.9 MiB)

本文由永利电子游戏网站发布于计算机教程,转载请注明出处:Linux用户建立秘钥认证实现SHELL脚本管理,分发,部

关键词: