这篇博客分享了如何通过SSH的-o参数检查服务器间是否实现无密码访问。脚本示例使用NumberOfPasswordPrompts=0和StrictHostKeyChecking=yes来避免密码提示并检查连接。内容提及ssh_config(5)的配置选项。
转自:http://blog.chinaunix.net/xmlrpc.php?r=blog/article&uid=29578485&id=5300984
写脚本想检查服务器之间是否建立了 公钥实现了无密码访问
查找过程中找到了ssh 的一些参数,贴出来,怕下次找不到了
这些参数可用在 ssh -o 后面 ,每个参数前面都必须有 -o
脚本如下:
ssh -o NumberOfPasswordPrompts=0 -o StrictHostKeyChecking=yes 192.168.61.218 "echo OK"
这个是 ssh_config(5) 的配置,也就是 -o 后面可以跟的参数
http://www.freebsd.org/cgi/man.cgi?query=ssh_config&sektion=5#end
SSH_CONFIG(5) FreeBSD File Formats Manual SSH_CONFIG(5) NAME ssh_config -- OpenSSH SSH client configuration files SYNOPSIS ~/.ssh/config /etc/ssh/ssh_config DESCRIPTION ssh(1) obtains configuration data from the following sources in the fol- lowing order: 1. command-line options 2. user's configuration file (~/.ssh/config) 3. system-wide configuration file (/etc/ssh/ssh_config) For each parameter, the first obtained value will be used. The configu- ration files contain sections separated by ``Host'' specifications, and that section is only applied for hosts that match one of the patterns given in the specification. The matched host name is the one given on the command line. Since the first obtained value for each parameter is used, more host-spe- cific declarations should be given near the beginning of the file, and general defaults at the end. The configuration file has the following format: Empty lines and lines starting with `#' are comments. Otherwise a line is of the format ``keyword arguments''. Configuration options may be separated by whitespace or optional whitespace and exactly one `='; the latter format is useful to avoid the need to quote whitespace when speci- fying configuration options using the ssh, scp, and sftp -o option. Arguments may optionally be enclosed in double quotes (") in order to represent arguments containing spaces. The possible keywords and their meanings are as follows (note that key- words are case-insensitive and arguments are case-sensitive): Host Restricts the following declarations (up to the next Host or Match keyword) to be only for those hosts that match one of the patterns given after the keyword. If more than one pattern is provided, they should be separated by whitespace. A single `*' as a pattern can be used to provide global defaults for all hosts. The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name before matching). A pattern entry may be negated by prefixing it with an exclama- tion mark (`!'). If a negated entry is matched, then the Host entry is ignored, regardless of whether any other patterns on the line match. Negated matches are therefore useful to provide exceptions for wildcard matches. See PATTERNS for more information on patterns. Match Restricts the following declarations (up to the next Host or Match keyword) to be used only when the conditions following the Match keyword are satisfied. Match conditions are specified using one or more keyword/criteria pairs or the single token all which matches all criteria. The available keywords are: exec, host, originalhost, user, and localuser. The exec keyword executes the specified command under the user's shell. If the command returns a zero exit status then the condi- tion is considered true. Commands containing whitespace charac- ters must be quoted. The following character sequences in the command will be expanded prior to execution: `%L' will be substi- tuted by the first component of the local host name, `%l' will be substituted by the local host name (including any domain name), `%h' will be substituted by the target host name, `%n' will be substituted by the original target host name specified on the command-line, `%p' the destination port, `%r' by the remote login username, and `%u' by the username of the user running ssh(1). The other keywords' criteria must be single entries or comma-sep- arated lists and may use the wildcard and negation operators described in the PATTERNS section. The criteria for the host keyword are matched against the target hostname, after any sub- stitution by the Hostname option. The originalhost keyword matches against the hostname as it was specified on the command- line. The user keyword matches against the target username on the remote host. The localuser keyword matches against the name of the local user running ssh(1) (this keyword may be useful in system-wide ssh_config files). AddressFamily Specifies which address family to use when connecting. Valid arguments are ``any'', ``inet'' (use IPv4 only), or ``inet6'' (use IPv6 only). BatchMode If set to ``yes'', passphrase/password querying will be disabled. This option is useful in scripts and other batch jobs where no user is present to supply the password. The argument must be ``yes'' or ``no''. The default is ``no''. BindAddress Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address. Note that this option does not work if UsePrivilegedPort is set to ``yes''. CanonicalDomains When CanonicalizeHostname is enabled, this option specifies the list of domain suffixes in which to search for the specified des- tination host. CanonicalizeFallbackLocal Specifies whether to fail with an error when hostname canonical- ization fails. The default, ``yes'', will attempt to look up the unqualified hostname using the system resolver's search rules. A value of ``no'' will cause ssh(1) to fail instantly if CanonicalizeHostname is enabled and the target hostname cannot be found in any of the domains specified by CanonicalDomains. CanonicalizeHostname Controls whether explicit hostname canonicalization is performed. The default, ``no'', is not to perform any name rewriting and let the system resolver handle all hostname lookups. If set to ``yes'' then, for connections that do not use a ProxyCommand, ssh(1) will attempt to canonicalize the hostname specified on the command line using the CanonicalDomains suffixes and CanonicalizePermittedCNAMEs rules. If CanonicalizeHostname is set to ``always'', then canonicalization is applied to proxied connections too. If this option is enabled and canonicalisation results in the target hostname changing, then the configuration files are pro- cessed again using the new target name to pick up any new config- uration in matching Host stanzas. CanonicalizeMaxDots Specifies the maximum number of dot characters in a hostname before canonicalization is disabled. The default, ``1'', allows a single dot (i.e. hostname.subdomain). CanonicalizePermittedCNAMEs Specifies rules to determine whether CNAMEs should be followed when canonicalizing hostnames. The rules consist of one or more arguments of source_domain_list:target_domain_list, where source_domain_list is a pattern-list of domains that may follow CNAMEs in canonicalization, and target_domain_list is a pattern- list of domains that they may resolve to. For example, ``*.a.example.com:*.b.example.com,*.c.example.com'' will allow hostnames matching ``*.a.example.com'' to be canoni- calized to names in the ``*.b.example.com'' or ``*.c.example.com'' domains. ChallengeResponseAuthentication Specifies whether to use challenge-response authentication. The argument to this keyword must be ``yes'' or ``no''. The default is ``yes''. CheckHostIP If this flag is set to ``yes'', ssh(1) will additionally check the host IP address in the known_hosts file. This allows ssh to detect if a host key changed due to DNS spoofing. If the option is set to ``no'', the check will not be executed. The default is ``no''. Cipher Specifies the cipher to use for encrypting the session in proto- col version 1. Currently, ``blowfish'', ``3des'', and ``des'' are supported. des is only supported in the ssh(1) client for interoperability with legacy protocol 1 implementations that do not support the 3des cipher. Its use is strongly discouraged due to cryptographic weaknesses. The default is ``3des''. Ciphers Specifies the ciphers allowed for protocol version 2 in order of preference. Multiple ciphers must be comma-sep
最低0.47元/天 解锁文章
扫一扫
2678
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
