基于key验证的SSH服务
#生成公钥/私钥对
[root@centos7 ~]#ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Z4q6pUob5EaDuof3zZtQvz955bikhRWIpCiFKLBswA4 root@centos7
The key's randomart image is:
+---[RSA 2048]----+
|=. .. . |
|Eo.. . o . . |
|=o. . . . . . |
|.o . . |
|. + . S o . |
|.+ . . o + o . |
|..= . o o ..o+ |
|.+oo B . .o+o . |
|.ooo=.=...oo.. |
+----[SHA256]-----+
#复制公钥到对方主机
[root@centos7 ~]#ls .ssh
authorized_keys id_rsa id_rsa.pub known_hosts
[root@centos7 ~]#ssh-copy-id 192.168.70.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.70.129's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.70.129'"
and check to make sure that only the key(s) you wanted were added.
[root@centos7 ~]#ssh 192.168.70.129
Last login: Wed Feb 5 06:37:33 2020 from 192.168.70.1
[root@centos8 ~]#
#以上私钥未加密!!!所以非常不安全!!!
#给私钥文件加密
[root@centos7 ~]#ssh-keygen -p
Enter file in which the key is (/root/.ssh/id_rsa):
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
[root@centos7 ~]#
[root@centos7 ~]#
[root@centos7 ~]#
[root@centos7 ~]#ssh 192.168.70.129
Enter passphrase for key '/root/.ssh/id_rsa':
Last login: Wed Feb 5 07:52:20 2020 from 192.168.70.134
[root@centos8 ~]#
#会发现这是还是需要我们手工输入口令!还是比较麻烦~
#使用代理程序帮我们输口令!
[root@centos7 ~]#ssh-agent bash #启用代理
[root@centos7 ~]#ssh-add #钥匙通过命令添加给代理
Enter passphrase for /root/.ssh/id_rsa:
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
[root@centos7 ~]#ssh 192.168.70.129
Last login: Wed Feb 5 07:58:25 2020 from 192.168.70.134
[root@centos8 ~]#
#如何修改口令!(这里当然是给私钥加密的那个口令)
[root@centos7 ~]#ssh-keygen -p
Enter file in which the key is (/root/.ssh/id_rsa):
Enter old passphrase:
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
实现批量基于ssh验证的key操作脚本!
[root@centos7 script]#cat ssh_key.sh
#!/bin/bash
#
#********************************************************************
#Author: zhangxiurong
#QQ: 1257642534
#Date: 2020-02-06
#FileName: ssh_key.sh
#Description: The test script
#Copyright (C): 2020 All rights reserved
#********************************************************************
NET=192.168.70
PASS=123456
ssh-keygen -P "" -f /root/.ssh/id_rsa
for i in {100..150} ;do
{
sshpass -p $PASS ssh-copy-id -o StrictHostKeyChecking=no -i /root/.ssh/id_rsa.pub $NET.$i &> /dev/null
}&
done
wait