环境说明
- 操作系统Centos7.6
- ssh版本号7.4
应用场景
在日常运维不包括拥有堡垒机场景下,数量庞大的设备运维起来登陆设备是一件繁琐的事情,需要一对一查询资产表,通过ip地址、账号密码去登录设备进行巡检运维,设备量一多,造成了运维成本高,效率低,出错率高等问题。
配置说明
ssh-keygen -t rsa ### -t 指定加密/解密算法类型
- 参数说明
-t 加/解密算法
-b 秘钥长度,rsa默认秘钥长度的为 2048
-C 注释,一般是填写用户名
ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.93.130 ###将本地生成的公钥发送至192.168.93.130主机,本地保留私钥
本地主机进行ssh 192.168.93.130时可免密登陆。
(免密登陆谁,公钥就给谁,私钥可一对多公钥)
[root@centos ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:K5BdmhviEe8kqTIdISOtFhTpKZ40etbhLlbWPWE17/k root@centos
The key's randomart image is:
+---[RSA 2048]----+
| oo |
|.o o |
|=.+ . .. o |
|oO...* +o . |
|*.+oBoBoS. . . |
|o+o+=B.oo. o |
|ooo+. + .. . |
| oo . . E |
| . . |
+----[SHA256]-----+
[root@centos ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.93.130
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.93.130 (192.168.93.130)' can't be established.
ECDSA key fingerprint is SHA256:h1Bbt2WrAXtlb8f17tD8+rofNsraD8L+xL6gahxLt2E.
ECDSA key fingerprint is MD5:3b:7d:b4:3b:00:73:b0:d7:a3:13:c5:01:7b:9f:bd:fa.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.93.130's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.93.130'"
and check to make sure that only the key(s) you wanted were added.
[root@centos ~]# ssh root@192.168.93.130
Last login: Sat Jan 7 02:36:38 2023 from 192.168.93.1
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:76:57:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.93.130/24 brd 192.168.93.255 scope global noprefixroute dynamic ens33
valid_lft 1693sec preferred_lft 1693sec
inet6 fe80::b7a1:360e:d7fe:537d/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost ~]# exit
登出
Connection to 192.168.93.130 closed.
148
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
