基于key验证的SSH服务

最新推荐文章于 2024-04-18 16:58:15 发布

吃个橙子

最新推荐文章于 2024-04-18 16:58:15 发布

阅读量142

点赞数

文章标签： centos ssh

本文链接：https://blog.csdn.net/qq_43681593/article/details/104363839

版权

基于key验证的SSH服务

#生成公钥/私钥对
[root@centos7 ~]#ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Z4q6pUob5EaDuof3zZtQvz955bikhRWIpCiFKLBswA4 root@centos7
The key's randomart image is:
+---[RSA 2048]----+
|=. ..   .        |
|Eo.. . o . .     |
|=o. . . . . .    |
|.o .         .   |
|. +   . S o .    |
|.+ . . o + o  .  |
|..= . o o ..o+   |
|.+oo B . .o+o .  |
|.ooo=.=...oo..   |
+----[SHA256]-----+
#复制公钥到对方主机
[root@centos7 ~]#ls .ssh
authorized_keys  id_rsa  id_rsa.pub  known_hosts
[root@centos7 ~]#ssh-copy-id 192.168.70.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.70.129's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.70.129'"
and check to make sure that only the key(s) you wanted were added.
[root@centos7 ~]#ssh 192.168.70.129
Last login: Wed Feb  5 06:37:33 2020 from 192.168.70.1
[root@centos8 ~]#


#以上私钥未加密！！！所以非常不安全！！！
#给私钥文件加密
[root@centos7 ~]#ssh-keygen -p
Enter file in which the key is (/root/.ssh/id_rsa): 
Enter new passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved with the new passphrase.
[root@centos7 ~]#
[root@centos7 ~]#
[root@centos7 ~]#
[root@centos7 ~]#ssh 192.168.70.129
Enter passphrase for key '/root/.ssh/id_rsa': 
Last login: Wed Feb  5 07:52:20 2020 from 192.168.70.134
[root@centos8 ~]#

#会发现这是还是需要我们手工输入口令！还是比较麻烦~
#使用代理程序帮我们输口令！
[root@centos7 ~]#ssh-agent bash            #启用代理
[root@centos7 ~]#ssh-add                   #钥匙通过命令添加给代理
Enter passphrase for /root/.ssh/id_rsa: 
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
[root@centos7 ~]#ssh 192.168.70.129
Last login: Wed Feb  5 07:58:25 2020 from 192.168.70.134
[root@centos8 ~]#

#如何修改口令！（这里当然是给私钥加密的那个口令）
[root@centos7 ~]#ssh-keygen -p
Enter file in which the key is (/root/.ssh/id_rsa): 
Enter old passphrase: 
Enter new passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved with the new passphrase.

实现批量基于ssh验证的key操作脚本！

[root@centos7 script]#cat ssh_key.sh 
#!/bin/bash
#
#********************************************************************
#Author:		zhangxiurong
#QQ: 			1257642534
#Date: 			2020-02-06
#FileName：		ssh_key.sh
#Description：		The test script
#Copyright (C): 	2020 All rights reserved
#********************************************************************
NET=192.168.70
PASS=123456
ssh-keygen -P "" -f /root/.ssh/id_rsa
for i in {100..150} ;do
	{
	sshpass -p $PASS ssh-copy-id -o  StrictHostKeyChecking=no -i /root/.ssh/id_rsa.pub $NET.$i &> /dev/null
	}& 
done
wait