ssh配置認證安全
[root@m01 ~]# ssh 10.0.0.41 hostname root@10.0.0.41's password: backup [root@m01 ~]# ssh 10.0.0.41 whoami root@10.0.0.41's password: root [root@m01 ~]# ssh lewen@10.0.0.41 whoami lewen@10.0.0.41's password: lewen
[root@m01 ~]# hostname m01 [root@m01 ~]# ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): Enter passphrase (empty for no passphrase): # 給祕鑰加密碼 Enter same passphrase again: Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 29:37:1b:e1:9f:0a:ab:77:a0:fc:60:41:2d:bc:85:dd root@m01 The key's randomart image is: +--[ DSA 1024]----+ | | | . + . | | = + E | | . + . o | | o . S | | ..o = . | | .o.... o | | .o..o.. | | .+o.. | +-----------------+
發送到 backup [root@m01 ~]# ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.41 The authenticity of host '172.16.1.41 (172.16.1.41)' can't be established. RSA key fingerprint is ac:0f:aa:d2:5b:ff:cf:ac:f0:76:37:a6:be:31:b9:f9. Are you sure you want to continue connecting (yes/no)? y Please type 'yes' or 'no': yes Warning: Permanently added '172.16.1.41' (RSA) to the list of known hosts. root@172.16.1.41's password: Now try logging into the machine, with "ssh 'root@172.16.1.41'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [root@m01 ~]# ssh 10.0.0.41 hostname backup #nfs01 [root@m01 ~]# ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.31 The authenticity of host '172.16.1.31 (172.16.1.31)' can't be established. RSA key fingerprint is ac:0f:aa:d2:5b:ff:cf:ac:f0:76:37:a6:be:31:b9:f9. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.16.1.31' (RSA) to the list of known hosts. root@172.16.1.31's password: Now try logging into the machine, with "ssh 'root@172.16.1.31'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [root@m01 ~]# ssh 172.16.1.31 hostname nfs01
sshpass 軟件 yum install sshpass -y #sshpass 給ssh類提供密碼 [root@m01 ~]# sshpass -p123456 ssh 172.16.1.41 hostname backup sshpass -p123456 ssh -o StrictHostKeyChecking=no 172.16.1.41 hostname backup
非交互式建立 鑰匙鎖頭dom
[root@m01 ~]# ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa ssh
非交互式 分發公鑰ide
不用輸入密碼將公鑰發送到目的機器加密
[root@m01 ~]# sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no root@172.16.1.41" Now try logging into the machine, with "ssh '-o StrictHostKeyChecking=no root@172.16.1.41'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [root@m01 ~]# sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no root@172.16.1.31" Now try logging into the machine, with "ssh '-o StrictHostKeyChecking=no root@172.16.1.31'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [root@m01 ~]# ssh 172.16.1.41 hostname backup [root@m01 ~]# ssh 172.16.1.31 hostname nfs01
Usage: /usr/bin/ssh-copy-id [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname -f: force mode -- copy keys without trying to check if they are already installed -n: dry run -- no keys are actually copied