--===================测试主机A和B=========================
[oracle@A .ssh]$ ifconfig eth0 | sed -n 's#^.*addr:\(.*\) Bcast.*$#\1#gp'
192.168.16.66
[oracle@B .ssh]$ ifconfig eth0 | sed -n 's#^.*addr:\(.*\) Bcast.*$#\1#gp'
192.168.16.106
--===================生成秘钥对===================
[oracle@A .ssh]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
dc:a6:c1:b0:b8:2a:15:3c:37:9e:ba:81:35:17:7b:de oracle@A
The key's randomart image is:
+--[ DSA 1024]----+
| |
| |
| . . . |
| + o+ = . |
| o=+oo S o |
| o.oo+ . + |
|..... . E |
|. .o |
| .o. |
+-----------------+
--====================将公钥拷贝到主机B======================
[oracle@A .ssh]$ ssh-copy-id -i /home/oracle/.ssh/id_dsa.pub oracle@192.168.16.106
The authenticity of host '192.168.16.106 (192.168.16.106)' can't be established.
RSA key fingerprint is 98:07:f7:a0:c3:56:f8:f8:ec:3b:b3:c8:7c:64:c9:fb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.16.106' (RSA) to the list of known hosts.
oracle@192.168.16.106's password:
Now try logging into the machine, with "ssh 'oracle@192.168.16.106'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[oracle@A .ssh]$ ssh oracle@192.168.16.106 //可以无密码远程连接到对端
Last login: Mon Aug 19 21:12:17 2019 from 192.168.16.66
[oracle@B .ssh]$ ls
[oracle@B .ssh]$ ls -al //对端生成了authorized_keys文件
total 12
drwxr-xr-x. 2 oracle oinstall 4096 Aug 19 21:14 .
drwx------. 7 oracle oinstall 4096 Aug 19 21:05 ..
-rw-------. 1 oracle oinstall 598 Aug 19 21:14 authorized_keys
A主机可以无密码远程查询或者拷贝文件到B主机
[oracle@A .ssh]$ ssh oracle@192.168.16.106 /sbin/ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:43:90:F6
inet addr:192.168.16.106 Bcast:192.168.16.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe43:90f6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5722 errors:0 dropped:0 overruns:0 frame:0
TX packets:7401 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:505696 (493.8 KiB) TX bytes:1879759 (1.7 MiB)
------同样的,主机B也可以生成一个key,然后无密码访问主机A------
[oracle@B .ssh]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
fe:a7:32:bc:9f:e0:71:8d:c4:81:a6:4c:91:63:cf:63 oracle@B
The key's randomart image is:
+--[ DSA 1024]----+
| .. |
| +. . |
| ..+o . |
| o oE. . |
| o.S.o |
| . . o |
| .+ o . |
| .+= .. |
| o==o |
+-----------------+
[oracle@B .ssh]$ ls -al
total 20
drwxr-xr-x. 2 oracle oinstall 4096 Aug 19 21:18 .
drwx------. 7 oracle oinstall 4096 Aug 19 21:05 ..
-rw-------. 1 oracle oinstall 598 Aug 19 21:14 authorized_keys
-rw-------. 1 oracle oinstall 668 Aug 19 21:18 id_dsa
-rw-r--r--. 1 oracle oinstall 598 Aug 19 21:18 id_dsa.pub
[oracle@B .ssh]$ ssh-copy-id -i /home/oracle/.ssh/id_dsa.pub oracle@192.168.16.66
The authenticity of host '192.168.16.66 (192.168.16.66)' can't be established.
RSA key fingerprint is 98:07:f7:a0:c3:56:f8:f8:ec:3b:b3:c8:7c:64:c9:fb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.16.66' (RSA) to the list of known hosts.
oracle@192.168.16.66's password:
Now try logging into the machine, with "ssh 'oracle@192.168.16.66'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[oracle@B .ssh]$ ssh oracle@192.168.16.66
Last login: Wed Jul 17 20:50:55 2019 from 192.168.16.99
warning !!! if you are not the administrator , please out !
[oracle@A ~]$ exit
logout
Connection to 192.168.16.66 closed.
[oracle@B .ssh]$ ssh oracle@192.168.16.66 /sbin/ifconfig eth0 | grep 192.168
inet addr:192.168.16.66 Bcast:192.168.16.255 Mask:255.255.255.0
[oracle@A ~]$ cat fenfa.sh
#!/bin/bash
for i in 106
do
/usr/bin/ssh oracle@192.168.16.$i $1
done
[oracle@A ~]$ ./fenfa.sh /sbin/ifconfig eth0 | grep 192.168
inet addr:192.168.16.106 Bcast:192.168.16.255 Mask:255.255.255.0
[oracle@A ~]$ cat fenfa.sh
#!/bin/bash
if [ $# -eq 0 ]
then
echo "please input a arge" && exit 1
fi
for i in 106
do
/usr/bin/scp $1 oracle@192.168.16.$i:/tmp/
done
[oracle@A ~]$ ./fenfa.sh
please input a arge
[oracle@A ~]$ ./fenfa.sh /etc/hosts
hosts 100% 255 0.3KB/s 00:00
[oracle@B ~]$ ls -l /tmp/hosts
-rw-r--r--. 1 oracle oinstall 255 Aug 19 21:42 /tmp/hosts
[oracle@A ~]$ cat fenfa.sh
#!/bin/bash
file=$1
remotedir=$2
. /etc/init.d/functions
if [ $# -ne 2 ]
then
echo "USAGE:/bin/sh $0 arg1 arg2" &&
echo "please input a arge" && exit 1
fi
for i in 106
do
/usr/bin/scp $file oracle@192.168.16.$i:$remotedir >/dev/null 2>&1
if [ $? -eq 0 ]
then
action "$file copy to $remotedir is ok" /bin/true
else
action "$file copy to $remotedir is fail" /bin/false
fi
done
[oracle@A ~]$ ./fenfa.sh
USAGE:/bin/sh ./fenfa.sh arg1 arg2
please input a arge
[oracle@A ~]$ ./fenfa.sh /etc/hosts /home/oracle/
hosts 100% 255 0.3KB/s 00:00
/etc/hosts copy to /home/oracle/ is ok [ OK ]
[oracle@A ~]$ ./fenfa.sh /etc/hosts /root/
scp: /root//hosts: Permission denied
/etc/hosts copy to /root/ is fail [FAILED]
--=====================分发文件同时需要提权=====================
------所有主机都要给相应的sudo权限------
[root@A ~]# visudo
oracle ALL=(ALL) NOPASSWD:/bin/cp //添加一行
[root@A ~]# visudo -c
/etc/sudoers: parsed OK
[oracle@A ~]$ cat fenfa.sh
#!/bin/bash
file=$1
remotedir=$2
. /etc/init.d/functions
if [ $# -ne 2 ]
then
echo "USAGE:/bin/sh $0 arg1 arg2" &&
echo "please input a arge" && exit 1
fi
for i in 106 100 101 //100和101的主机IP不存在,做测试失败用
do
/usr/bin/scp $file oracle@192.168.16.$i:~/ >/dev/null 2>&1 &&\
ssh -t oracle@192.168.16.$i sudo /bin/cp $file $remotedir
if [ $? -eq 0 ]
then
action "$file copy to $remotedir is ok" /bin/true
else
action "$file copy to $remotedir is fail" /bin/false
fi
done
[oracle@A ~]$ ./fenfa.sh /home/oracle/lbw.txt /etc/
Connection to 192.168.16.106 closed.
/home/oracle/lbw.txt copy to /etc/ is ok [ OK ]
/home/oracle/lbw.txt copy to /etc/ is fail [FAILED]
/home/oracle/lbw.txt copy to /etc/ is fail [FAILED]