1. 程式人生 > >Linux之sshkey密鑰認證實戰

Linux之sshkey密鑰認證實戰

file tab png man ssh cxf list bubuko denied

  在實際的生產環境中,經常會用到sshkey密鑰認證實行數據分發數據等操作,還可以批量操作內網服務器,實行免密認證進行推送分發數據。

技術分享圖片

1、環境查看

分發服務器

技術分享圖片

節點服務器

技術分享圖片

2、服務器添加系統賬號

技術分享圖片

技術分享圖片

3、生成密鑰對

[root@localhost1 ~]# su - fenfa 
[fenfa@localhost1 ~]$ whoami 
fenfa

[fenfa@localhost1 ~]$ ssh-keygen -t dsa

 Generating public/private dsa key pair.
Enter file in which to save the key (/home/fenfa/.ssh/id_dsa):
Created directory ‘/home/fenfa/.ssh‘.  #創建目錄
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/fenfa/.ssh/id_dsa.
Your public key has been saved in /home/fenfa/.ssh/id_dsa.pub.
The key fingerprint is:
2c:33:62:96:d5:5a:56:a8:19:63:29:de:63:35:83:f1 fenfa@localhost1
The key‘s randomart image is:
+--[ DSA 1024]----+
| .+ .. |
| . *o=. |
| . +.*Eo |
| .o*= |
| =.=.S |
| o . + |
| |
| |
| |
+-----------------+
[fenfa@localhost1 ~]$ cd /home/fenfa/.ssh/
[fenfa@localhost1 .ssh]$ ls -ld .ssh
ls: cannot access .ssh: No such file or directory
[fenfa@localhost1 .ssh]$ ls -ld /home/fenfa/.ssh/
drwx------ 2 fenfa fenfa 4096 Feb 21 00:25 /home/fenfa/.ssh/
[fenfa@localhost1 .ssh]$ ll
total 8
-rw------- 1 fenfa fenfa 668 Feb 21 00:25 id_dsa
-rw-r--r-- 1 fenfa fenfa 606 Feb 21 00:25 id_dsa.pub

 
[fenfa@localhost1 .ssh]$ cat /home/fenfa/.ssh/id_dsa
-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQDLu2NAZzbTkIb5qAXlFEEud/Ka3dS37dSzIgpkWeX5M65niDgJ
NoXybn5t14YC5Ur7ef1MXQWsTJlzz1Y6+2MXNUnqnttIsbFGqPFCxfITDCryE9xZ
L16LF7LLFcYyAiXDNJApQXRfnt8p4+5NYEx7WUtRnFhcAyolGCKGV9FlpQIVAPd4
UIqd7o3o3z+R8JbB0kB7uQmzAoGAb7DhH9aXMrDCERjr3u3kb6/P5yKl1h4Bx/Il
k6Ye
/hmly5jPk2ylwifPb0iVHVfKvREVGEQ84SUkYzGhAkws1hcrEp9auunzYDNP Sw8rTRwnGHe+jeSJpMFyE/XiAdLm9dlvNubgcprAhrY7j2dgM6lMzI4Wzx64yPm5 qqEF3AwCgYAswJiFXDeTFDumtSeAYwukCbuYFmuOZFep17Vo+5GO/EYmhv0WLkry mfkWIgzeq9RfiDj2jVGxMPwRdfIqqeThzrs8nJKNgIwhI8yN/EcjwdHA9iwkMWng +eXweI3JLGwAwOi8K0E5daJe6QyXZO67nlZt6RPsnnOZzsgdqIrtkwIVAK4QeeT/ lrNTWfo0hWEh7DPEGHsx
-----END DSA PRIVATE KEY-----

4、分發密鑰

分發的命令格式
ssh-copy-id -i 密鑰名稱 用戶@遠端主機 IP 地址--------------用於 ssh 是默認端口
ssh-copy-id -i 密鑰名稱 “-p port 用戶@遠端主機 IP 地址”--用於 ssh 非默認端口

[fenfa@localhost1 .ssh]$ ssh-copy-id -i id_dsa.pub fenfa@192.168.181.129  #分發的命令
The authenticity of host 192.168.181.129 (192.168.181.129) cant be established.
RSA key fingerprint is 9e:81:e9:02:86:a0:24:37:2b:d0:4e:ae:d4:41:6f:0d.
Are you sure you want to continue connecting (yes/no)? y
Please type yes or no: yes
Warning: Permanently added 192.168.181.129 (RSA) to the list of known hosts.
fenfa@192.168.181.129s password: 
Permission denied, please try again.
fenfa@192.168.181.129s password: 
Permission denied, please try again.
fenfa@192.168.181.129s password: 
Now try logging into the machine, with "ssh ‘[email protected]", and check in:

  .ssh/authorized_keys

to make sure we havent added extra keys that you werent expecting.

[fenfa@localhost1 .ssh]$ ssh-copy-id -i id_dsa.pub fenfa@192.168.181.129
Now try logging into the machine, with "ssh ‘[email protected]", and check in:

  .ssh/authorized_keys

to make sure we havent added extra keys that you werent expecting.

查看是否分發成功

[fenfa@localhost2 ~]$ tree /home/fenfa/.ssh/
/home/fenfa/.ssh/
└── authorized_keys  分發成功

0 directories, 1 file

5、分發數據

技術分享圖片

技術分享圖片

不需要輸入密碼

當每天都需要分發數據時,可以把命令寫入腳本中,再加入定時任務,就可以自動分發數據。

Linux之sshkey密鑰認證實戰