目录
一、免密登录原理
二、ssh免密登录
-
根据第一步的图所示,会先在主机A生成密钥对,命令如下:
ssh-keygen -t rsa
一路回车,最后会生成秘钥对:
Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:816uR4vxGdJ7OfIkgcUWFFCa12iiW3fUHyOgs0r8qEQ root@1
-
将公钥依次复制到主机B
ssh root@10.0.0.25 'cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys'
或者
ssh-copy-id -i /root/.ssh/id_rsa.pub root@主机B的ip(推荐此命令)
这时候登录主机B上,会发现在/root/.ssh/目录下多个文件authorized_keys和id_rsa.pub。这个时候堡垒机已经可以免密登录到其它主机了。
三、如何批量免shell脚本
以上是对单个手工配置,下是批量免密脚本,涉及2个文件,batchSendKey.sh是脚本逻辑,hostlist.txt是要同步密钥的主机列表,batchSendKey.sh示例如下:
#!/bin/bash
if [ ! -f ~/.ssh/id_rsa ];then
ssh-keygen -t rsa
else
echo "id_rsa has created ..."
fi
while read line
do
user="root"
ip=`echo $line | cut -d " " -f 1`
passwd="root用户登录密码"
expect <<EOF
set timeout 10
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub $user@$ip
expect {
"yes/no" { send "yes\n";exp_continue }
"password" { send "$passwd\n" }
}
expect "password" { send "$passwd\n" }
EOF
done < hostlist.txt
hostlist.txt示例如下:
192.168.0.1
192.168.0.2
全部文件准备好后,再执行命令sh batchSendKey.sh即可一键同步公钥,达到免密效果。