下面以:RHEL5 OS为例介绍使用方法
一、安装sshpass命令工具
1.下载sshpass-1.05-1.el5.rf.x86_64.rpm软件包:
2.安装sshpass
#]rpm –ivh sshpass-1.05-1.el5.rf.x86_64.rpm #安装完成后系统中才有sshpass命令
二、shell使用脚本说明
#脚本内容
~]#cat uway-auth.sh
#!/bin/bash
USER_NAME=$1
USER_HOME=/home/$1
PASSWD=$2
Proot=$3
filename=$4
#echo $USER_NAME
#echo $USER_HOME
#在本机的$USER_NAME下生成公钥、私钥
if [ -d $USER_HOME/.ssh ]; then
rm -rf $USER_HOME/.ssh
fi
sudo -u $USER_NAME ssh-keygen -t rsa
sudo -u $USER_NAME cat $USER_HOME/.ssh/id_rsa.pub>$USER_HOME/.ssh/authorized_keys
cp $USER_HOME/.ssh/authorized_keys /root/.ssh/
# 在除本机外的各节点生成公钥、私钥
for i in $(cat $filename)
do
#echo $i
sshpass -p $PASSWD ssh $USER_NAME@$i -o StrictHostKeyChecking=no </dev/null
#创建~/.ssh目录
if [ -d ~/.ssh ]; then
rm -rf ~/.ssh
fi
#生成公钥、私钥
ssh-keygen -t rsa
exit
EOF
#将各个节点上的公钥追加到本机的
sshpass -p $PASSWD ssh $USER_NAME@$i cat $USER_HOME/.ssh/id_rsa.pub >> $USER_HOME/.ssh/authorized_keys
chown -R $USER_NAME:$USER_NAME $USER_HOME/.ssh
#chmod 600 $USER_HOME/.ssh/authorized_keys
done
#scp authorized_keys 文件到各台机器上面。
for i in $(cat $filename)
do
sshpass -p $Proot ssh root@$i </dev/null
if [ ! -d /root/.ssh ]; then
mkdir /root/.ssh
fi
exit
EOF
sshpass -p $PASSWD scp $USER_HOME/.ssh/authorized_keys $USER_NAME@$i:$USER_HOME/.ssh/
sshpass -p $Proot scp $USER_HOME/.ssh/authorized_keys root@$i:/root/.ssh/
done
#使用说明
1.上传脚本到linux主机上,并且赋给x权限
chmod +x uway-auth.sh
2.脚本执行需要的传给的参数:
USER_NAME=$1 #用户(在主机的哪个用户下建立ssh互信)
PASSWD=$2 #密码(上面的用户的密码)
Proot=$3 #root的密码(需要在USER_NAME无密码登录其他节点的root用户)
filename=$4 #IP地址列表文件(除本机外,所有需要ssh互信的节点IP)
三、实验:使用uway-auth.sh配置ssh免密码登录
1.准备工作:
(其中某个结点准备即可)
a.安装sshpass工具
b.上传uway-auth.sh脚本到主机上
为了说明实验效果,以下是执行脚本之前的记录:
#此时,ssh到其他主机的时候都需要密码
~]# su - test
[test@hadoop1 ~]$ cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.8.46 hadoop1
192.168.8.48 hadoop2
192.168.8.49 hadoop3
192.168.8.50 hadoop4 实验中配置这4结点之间ssh免密码登录
[test@hadoop1 ~]$ ssh hadoop1 date
The authenticity of host 'hadoop1 (192.168.8.46)' can't be established.
RSA key fingerprint is 41:25:aa:22:c1:fb:c1:52:3c:42:db:8d:55:1b:35:79.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hadoop1,192.168.8.46' (RSA) to the list of known hosts.
test@hadoop1's password:
Permission denied, please try again.
test@hadoop1's password: 需要输入密码
[test@hadoop1 ~]$ ssh hadoop2 date
The authenticity of host 'hadoop2 (192.168.8.48)' can't be established.
RSA key fingerprint is 41:25:aa:22:c1:fb:c1:52:3c:42:db:8d:55:1b:35:79.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hadoop2,192.168.8.48' (RSA) to the list of known hosts.
test@hadoop2's password:
Permission denied, please try again.
test@hadoop2's password: 需要输入密码
[test@hadoop1 ~]$ ssh hadoop3 date
The authenticity of host 'hadoop3 (192.168.8.49)' can't be established.
RSA key fingerprint is 41:25:aa:22:c1:fb:c1:52:3c:42:db:8d:55:1b:35:79.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hadoop3,192.168.8.49' (RSA) to the list of known hosts.
test@hadoop3's password:
Permission denied, please try again.
test@hadoop3's password: 需要输入密码
[test@hadoop1 ~]$ ssh hadoop4 date
The authenticity of host 'hadoop4 (192.168.8.50)' can't be established.
RSA key fingerprint is 41:25:aa:22:c1:fb:c1:52:3c:42:db:8d:55:1b:35:79.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hadoop4,192.168.8.50' (RSA) to the list of known hosts.
test@hadoop4's password: 需要输入密码
[test@hadoop1 ~]$ ssh root@hadoop1 date
root@hadoop1's password: 需要输入密码
[test@hadoop1 ~]$ ssh root@hadoop2 date
root@hadoop2's password: 需要输入密码
[test@hadoop1 ~]$ ssh root@hadoop3 date
root@hadoop3's password: 需要输入密码
[test@hadoop1 ~]$ ssh root@hadoop4 date
root@hadoop4's password: 需要输入密码
c.配置IP列表
]# cat ip.txt #将IP地址写到ip.txt文件中(除本机外)
192.168.8.48
192.168.8.49
192.168.8.50
2.执行脚本
]# ./uway-auth.sh test test password ip.txt #参数说明请见第二节的第二点
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa): 回车
Created directory '/home/test/.ssh'.
Enter passphrase (empty for no passphrase): 回车
Enter same passphrase again: 回车
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is:
87:72:d1:cf:9a:9e:66:af:88:ba:97:fe:3a:77:72:64 test@hadoop1
3.查看结点上的authorized_keys文件内容是否包含了其他结点
4.测试ssh免密码登录
如上图所示,主机hadoop1使用test用户ssh其他节点的test用户,使用test用户ssh其他节点的root用户都不需要密码了,证明成功
原文链接:http://blog.itpub.net/27000195/viewspace-1428246/
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/27000195/viewspace-1428246/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/27000195/viewspace-1428246/