这里先记录下下今天对salt-ssh关于密码以密钥的测试情况(后期完善)
操作系统版本: [root@master ~]# cat /etc/redhat-release CentOS release 6.7 (Final) 主机信息: master: 10.10.10.140(安装salt-ssh) node01: 10.10.10.141 node01:10.10.10.142
基于密码验证的测试过程:
a、安装epel源以及salt-ssh
[root@master ~]# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm [root@master ~]# yum -y install salt-ssh
b、配置salt-ssh配置文件
[root@master ~]# vim /etc/salt/roster node01: host: 10.10.10.141 user: root passwd: redhat12345 node02: host: 10.10.10.142 user: root passwd: redhat12345
c、使用salt-ssh进行测试
[root@master salt]# salt-ssh '*' test.ping [WARNING ] Failed to open log file, do you have permission to write to /var/log/salt/master? node01: True node02: True [root@master salt]# salt-ssh '*' cmd.run 'uptime' [WARNING ] Failed to open log file, do you have permission to write to /var/log/salt/master? node01: 05:33:37 up 23 min, 1 user, load average: 0.17, 0.05, 0.02 node02: 21:33:42 up 23 min, 1 user, load average: 0.16, 0.06, 0.02 说明:这里由于我没有安装salt-master,出现没有日志文件权限的警告信息,可以忽略
基于密钥验证的测试过程:
a、配置免密钥登录:
[root@master ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 19:65:dc:fa:72:33:35:d6:81:18:e0:91:d3:ce:ce:0f root@master.saltstack.com The key's randomart p_w_picpath is: +--[ RSA 2048]----+ | +*oo . | | .=oo.. . | | ..+. ..| | o.o + .| | S o. o . | | .E= | | ooo | | . | | | +-----------------+ [root@master ~]# scp ~/.ssh/id_rsa.pub root@10.10.10.141:/root/ root@10.10.10.141's password: id_rsa.pub 100% 407 0.4KB/s 00:00 [root@master ~]# scp ~/.ssh/id_rsa.pub root@10.10.10.142:/root/ root@10.10.10.142's password: id_rsa.pub 100% 407 0.4KB/s 00:00 [root@node01 ~]# cat id_rsa.pub >>~/.ssh/authorized_keys [root@node01 ~]# service sshd restart 停止 sshd: [确定] 正在启动 sshd: [确定] [root@node02 ~]# cat id_rsa.pub >>~/.ssh/authorized_keys [root@node02 ~]# service sshd restart 停止 sshd: [确定] 正在启动 sshd: [确定]
b、调整salt-ssh的配置文件
为了测试密钥登录,而不是在配置文件中写好密码登录,重新调整下/etc/salt/roster文件,将密码的部分注销掉 [root@master ~]# vim /etc/salt/roster # Sample salt-ssh config file node01: host: 10.10.10.141 node02: host: 10.10.10.142
c、基于密钥的配置:
[root@master ~]# ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub root@10.10.10.141 Now try logging into the machine, with "ssh 'root@10.10.10.141'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [root@master ~]# ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub root@10.10.10.142 Now try logging into the machine, with "ssh 'root@10.10.10.142'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
d、测试实验效果:
[root@master ~]# salt-ssh '*' cmd.run 'df -h' [WARNING ] Failed to open log file, do you have permission to write to /var/log/salt/master? node02: Filesystem Size Used Avail Use% Mounted on /dev/sda5 14G 8.3G 4.6G 65% / tmpfs 932M 0 932M 0% /dev/shm /dev/sda1 190M 42M 139M 23% /boot /dev/sda3 2.0G 18M 1.8G 1% /tmp node01: Filesystem Size Used Avail Use% Mounted on /dev/sda5 14G 8.3G 4.6G 65% / tmpfs 932M 72K 932M 1% /dev/shm /dev/sda1 190M 42M 139M 23% /boot /dev/sda3 2.0G 18M 1.8G 1% /tmp
到此,salt-ssh的测试初步完成,参考资料:https://docs.saltstack.cn/topics/ssh/index.html
转载于:https://blog.51cto.com/molewan/1897832
231
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
