linux免密钥登录原理
1.本机生成密钥和公钥
2.把公钥传递给远程主机
3.主机把公钥追加进免检名单
---------------------上面为第一次配置的时候-----------------------配置完毕以后只用下面的步骤-------------------------
4.本机请求远程主机
5.远程主机去免检名单里找到所属公钥
6.生成用公钥加密后的字符串传回本机
7.本机使用私钥进行解密
8.本机把解密后的信息传给远程主机
9.远程主机进行验证
10.登录成功
生成密钥对及分发密钥
#!/bin/bash
#生成rsa算法密钥
#分发给指定机器
sleep 2
head_ip='172.16.91.'
#删除本地初始密钥对
rm -rf /root/.ssh
sleep 1
echo -e "删除完成\n"
echo "开始分发"
echo "\n"
echo "++++++++++++++++++++"
ssh-keygen -t rsa -f /root/.ssh/id_rsa -P ""
arr=(104 120 121 122 123 124 )
for ip in ${arr[@]}
do
sshpass -p123456Aa ssh-copy-id -i /root/.ssh/id_rsa.pub "$head_ip$ip" -o StrictHostKeyChecking=no
done
echo -e "分发完结\n"
分发过程
[root@iZbp1cm8hsrnrp4hlrw0tgZ ~]# sh test.sh
删除完成
开始分发
\n
++++++++++++++++++++
Generating public/private rsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:BoO9f9YdQdL3mqwMO36N/9k8uajF8VzueMKKWZoqi/8 root@iZbp1cm8hsrnrp4hlrw0tgZ
The key's randomart image is:
+---[RSA 2048]----+
| ... |
| o o. .|
| . + ...|
| + ..|
| . S o.o.|
| o ....Bo.|
| . o+oB.oo|
| .. oo** =*+|
| ..o+Eo*+o+o*B|
+----[SHA256]-----+
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '172.16.91.104'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '172.16.91.120'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '172.16.91.121'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '172.16.91.122'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '172.16.91.123'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '172.16.91.124'"
and check to make sure that only the key(s) you wanted were added.
分发完结
验证结果
主机ip内容文件
[root@iZbp1cm8hsrnrp4hlrw0tgZ ~]# cat pytest.py
172.16.91.104
172.16.91.120
172.16.91.121
172.16.91.122
172.16.91.123
172.16.91.124
输出ok验证结果
[root@iZbp1cm8hsrnrp4hlrw0tgZ ~]# pssh -h pytest.py -i echo "ok"
[1] 16:18:08 [SUCCESS] 172.16.91.120
ok
[2] 16:18:08 [SUCCESS] 172.16.91.121
ok
[3] 16:18:08 [SUCCESS] 172.16.91.104
ok
[4] 16:18:08 [SUCCESS] 172.16.91.123
ok
[5] 16:18:08 [SUCCESS] 172.16.91.122
ok
[6] 16:18:08 [SUCCESS] 172.16.91.124
ok
输出ping验证结果
[root@iZbp1cm8hsrnrp4hlrw0tgZ ~]# pssh -h pytest.py -i ping qq.com -c 2
[1] 16:23:47 [SUCCESS] 172.16.91.104
PING qq.com (111.161.64.40) 56(84) bytes of data.
64 bytes from dns40.online.tj.cn (111.161.64.40): icmp_seq=1 ttl=51 time=28.4 ms
64 bytes from dns40.online.tj.cn (111.161.64.40): icmp_seq=2 ttl=51 time=28.4 ms
--- qq.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 28.458/28.467/28.476/0.009 ms
[2] 16:23:47 [SUCCESS] 172.16.91.120
PING qq.com (111.161.64.40) 56(84) bytes of data.
64 bytes from dns40.online.tj.cn (111.161.64.40): icmp_seq=1 ttl=51 time=31.5 ms
64 bytes from dns40.online.tj.cn (111.161.64.40): icmp_seq=2 ttl=51 time=31.5 ms
--- qq.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 31.532/31.546/31.560/0.014 ms
[3] 16:23:47 [SUCCESS] 172.16.91.121
PING qq.com (111.161.64.40) 56(84) bytes of data.
64 bytes from dns40.online.tj.cn (111.161.64.40): icmp_seq=1 ttl=51 time=37.6 ms
64 bytes from dns40.online.tj.cn (111.161.64.40): icmp_seq=2 ttl=51 time=37.6 ms
--- qq.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 37.615/37.627/37.640/0.194 ms
[4] 16:23:47 [SUCCESS] 172.16.91.122
PING qq.com (111.161.64.48) 56(84) bytes of data.
64 bytes from dns48.online.tj.cn (111.161.64.48): icmp_seq=1 ttl=51 time=37.1 ms
64 bytes from dns48.online.tj.cn (111.161.64.48): icmp_seq=2 ttl=51 time=37.1 ms
--- qq.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 37.190/37.194/37.199/0.192 ms
[5] 16:23:47 [SUCCESS] 172.16.91.123
PING qq.com (111.161.64.48) 56(84) bytes of data.
64 bytes from dns48.online.tj.cn (111.161.64.48): icmp_seq=1 ttl=51 time=32.4 ms
64 bytes from dns48.online.tj.cn (111.161.64.48): icmp_seq=2 ttl=51 time=32.4 ms
--- qq.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 32.409/32.414/32.419/0.005 ms
[6] 16:23:47 [SUCCESS] 172.16.91.124
PING qq.com (111.161.64.40) 56(84) bytes of data.
64 bytes from dns40.online.tj.cn (111.161.64.40): icmp_seq=1 ttl=51 time=34.4 ms
64 bytes from dns40.online.tj.cn (111.161.64.40): icmp_seq=2 ttl=51 time=34.4 ms
--- qq.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 34.464/34.469/34.474/0.005 ms
获取ip验证结果
[root@iZbp1cm8hsrnrp4hlrw0tgZ ~]# pssh -h pytest.py -i ip a | grep inet | grep 91
inet 172.16.91.121/20 brd 172.16.95.255 scope global dynamic eth0
inet 172.16.91.120/20 brd 172.16.95.255 scope global dynamic eth0
inet 172.16.91.104/20 brd 172.16.95.255 scope global dynamic eth0
inet 172.16.91.122/20 brd 172.16.95.255 scope global dynamic eth0
inet 172.16.91.123/20 brd 172.16.95.255 scope global dynamic eth0
inet 172.16.91.124/20 brd 172.16.95.255 scope global dynamic eth0
320
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
