SSH免密登录
1.简介
SSH是一种网络协议,用于计算机之间的加密登录.
本文针对的实现是OpenSSH,它是自由软件,应用非常广泛。
2.初始化公钥私钥
有rsa,dsa两种加密方式,生成的公钥私钥都存放在当前用户的ssh目录下(即~/.ssh/)
rsa
ssh-keygen -t rsa
3.~/.ssh目录解析
3.1 id_rsa
私钥
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwFBsjOKcmz8Hhz7ig+6XZjIakDgqoo4l3U0BIJQjvLRrIBrP
c3NYeqkn5MQ1oQjvzdOgx3exzIs3cCD2cBcYMg4zlHLfrT90g9TV8TA7KvI74YSp
zTqIJaADMpQ/gG9HMg+zFWGj+rd4Jhc1gx8COs7Um+9vxDAmA473++97NnV/MAvq
QQkjWr7Pb9u3r+vfV4F1RkWa8QzJAo3rquCmUVvlge2GhV5PWJr0vTbotdU0hZt5
KjzaYGjIMAmgk6StJPUu+bUhe2fqPj2LDUpf8OqjIeEuRHO1cYlajQoXxbr90GHu
iS/JzUGaLfQmx4wy7HLN+EsE5wAO75vDyy9VqwIDAQABAoIBAGpBhVhqNMEKGCy/
sAPZJcmPUWHxxoy+IWmejErlzsEKpk28wnY1euN65tHdHwx0lZqRnTnYhmJPYTgQ
3licSgAOHK2esrtUXhog1HxIe8iEwlUeKXt9JZA0Us/1XQincxzT08yygBmcmUPi
euyRi3fWo13s80HgoIBC0/1dGiTB3GW522L1ipS0U2BtP722VWpCNXjWwq4CaBru
YGazVQu6Icv2nTn5ms++odcIojdLCkPymqqJxyMNpSBQV4VwED5eUOLzeJ4r3Lzs
+ExelibTMSmTQOl9FGU+ST0C4MYisr/r7ZOMeK5QLqT/0IfZQUFMjqASYV9ghLTw
5+FU1oECgYEA8yyxY9uFVyw9KwtPefnNEP0Apb9s6W1pQz5ivnJC6SN1inijcLFP
4I5cH1zhrtO6A8ZN6ndHtPFyjeBgucjV26OafiWsPGwG1T2Se6fzF5TDWdbm7Sxv
EsAGExbWRy9er/no2PeCaXMhkykQAzH+2yHO8rmZ39b7S0eZzympliECgYEAynUF
bJXzdl2n8jZraEsjdtanGlxpVQyL0tGDXvUHtDiqfcbmgTrKM/WLlkJEuvcmwoVh
ZCFfJ3a0csy6wt1ctoJsx9348rxY5yCyYDkpgjW2T1M7cvzbEMTdg/wa3BNm6q9/
wwLEPRw6t2sMLAOL8w5e6V21G5rUR00T5KMhGksCgYBuc0NTLtcepBpYXbfImDyb
Vb8giZTnZWmlQEXLaMyZZiCyN19NBUxZm2+eUyqypLpdkom7UFhCiFRWuq5UVDNG
osW+PFBB1XM5EdFh1wPkFw6v1Jto6IC+zHc13m6PQKXKWkF3otwaF1ANrl32hZPT
ZkTAHKsWb2gOZkQnQy4i4QKBgCC3vpOou/qR8hUrhDoLgoSu9bxF2OPcri/4mdFb
qc4PJkZDQXb66DhzYwZ6WR8Z19KxuWZ0GiuHfGvc+AWLvnLkKu41ygh4NanMV+dC
9ZlMUtUI71+Ky2AvYFj3AeQ04nnkuLHsHYh+qmJ/0yy9uf0igmYWNbFrWQjYxPE7
B5t3AoGBALgt3IvOYXWwFcH3QHWK//a6YtA5ViCPaNcaCQYUSF5ZdwUIDrudTzU/
/LNy2TA58LwoWD5C0ydVnfoxV251V1WPbMEI8U0uUPZa3huLHS7RURSnNvSpCC6Y
NeV41WisQBmKk+R41yVmmLDOwseZKtYjOtSYB5g30C7a19/nhx7Q
-----END RSA PRIVATE KEY-----
3.2 id_rsa.pub
公钥: 可用于gitlab, github的ssh clone
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAUGyM4pybPweHPuKD7pdmMhqQOCqijiXdTQEglCO8tGsgGs9zc1h6qSfkxDWhCO/N06DHd7HMizdwIPZwFxgyDjOUct+tP3SD1NXxMDsq8jvhhKnNOogloAMylD+Ab0cyD7MVYaP6t3gmFzWDHwI6ztSb72/EMCYDjvf773s2dX8wC+pBCSNavs9v27ev699XgXVGRZrxDMkCjeuq4KZRW+WB7YaFXk9YmvS9Nui11TSFm3kqPNpgaMgwCaCTpK0k9S75tSF7Z+o+PYsNSl/w6qMh4S5Ec7VxiVqNChfFuv3QYe6JL8nNQZot9CbHjDLscs34SwTnAA7vm8PLL1Wr linxiaojun@linxiaojun-XPS-13-9350
3.3 authorized_keys
存储其它服务器(包括自身)的公钥,用于免密登录
ssh-copy-id user@ip 就是把id_rsa.pub拷贝到这个文件
3.4 known_hosts
存放被信任的主机
4.案例
假设本机ip为192.168.100.101, 用户为test101, 密码为123
目标主机ip为192.168.100.102, 用户为test102, 密码为123
# 分别在101, 102生成公钥私钥
# 101
ssh-keygen -t rsa
输入3次回车,即采用默认配置
ssh
# 102
ssh-keygen -t rsa
输入3次回车,即采用默认配置
# 将id_rsa.pub拷贝到101
ssh-copy-id test101@192.168.100.101
# 回到101,将id_rsa.pub拷贝到102
ssh-copy-id test102@192.168.100.102
# 接下来可以在101,102之间进行免密登录
5.一键自动化实现
5.1 expect浅析
expect是一个免费的编程工具语言,用来实现自动和交互式任务进行通信,而无需人的干预。
expect是不断发展的,随着时间的流逝,其功能越来越强大,已经成为系统管理员的的一个强大助手。
expect需要Tcl编程语言的支持,要在系统上运行expect必须首先安装Tcl
5.2 expect安装
wget http://sourceforge.net/projects/expect/files/Expect/5.45/expect5.45.tar.gz/download
tar xzvf expect5.45.tar.gz
cd expect5.45
./configure --prefix=/usr/expect --with-tcl=/usr/tcl/lib --with-tclinclude=../tcl8.4.11/generic
make
make install
5.2 实现脚本
假设目标主机ip为192.168.100.101, 用户为test, 密码为123
#!/bin/bash
set -x
dst_ip=192.168.100.101
dst_user=test
dst_passwd=123
expect -c "set timeout 30;
spawn ssh $dst_user@$dst_ip;
expect {
\"*(yes/no)?*\" { send \"yes\r\";exp_continue }
\"*password:*\" { send \"$dst_passwd\r\" }
}
expect \"]*\"
send \"ssh-keygen -t rsa\r\";
expect \"*(/home/$dst_user/.ssh/id_rsa):*\";
send \"\r\";
expect {
\"*(y/n)*\" { send \"y\r\";exp_continue }
\"*(empty for no passphrase):*\" { send \"\r\" }
}
expect \"*passphrase again:*\";
send \"\r\";
expect eof
";
参考网站
http://www.ruanyifeng.com/blog/2011/12/ssh_remote_login.html
https://blog.csdn.net/leexide/article/details/17485451