Ssh_key免秘钥登录

一，环境准备

1.1 操作系统

[root@manager ~]# cat /etc/redhat-release
CentOS release 6.7 (Final)
[root@manager ~]#　

1.2内核版本

[root@manager ~]# uname -r
2.6.32-573.el6.x86_64
[root@manager ~]#　　

1.3 主机网络参数

主机名	网卡eth0	用途
manager	192.168.1.90	管理机
web1	192.168.1.88	Test1
web2	192.168.1.89	Test2

二， 部署ssh秘钥交互批量分发

2.1 下载epel源并更新yum库

[root@manager ~]# wget -O /etc/yum.repos.d/epel.repohttp://mirrors.aliyun.com/repo/epel-6.repo
[root@manager ~]# yum -y clean all
[root@manager ~]# yum makecache

2.2 安装sshpass工具

[root@manager ~]#yum -y install sshpass

三， 第二步创建密钥对文件

3.1 免交互创建秘钥对

[root@manager ~]# ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ""
Generating public/private dsa key pair.
/root/.ssh/id_dsa already exists.
Overwrite (y/n)? y
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
6d:53:4b:e8:73:76:be:68:d1:95:71:38:b2:f3:fc:0e root@manager
The key's randomart image is:
+--[ DSA 1024]----+
|               . |
|           .. o..|
|          . oo .+|
|         o oo. ..|
|        S * +=.. |
|         . =.o+  |
|             .E. |
|            .. o.|
|           .. ...|
+-----------------+
[root@manager ~]#
命令说明：
ssh-keygen:生成密钥对命令
-t：指定密钥对的密码加密类型（rsa，dsa两种）
-f：指定密钥对文件的生成路径包含文件名
-P（大写）：指定密钥对的密码

3.2 第三步：免交互方式分发秘钥

[root@manager ~]# sshpass -p "ssh登录密码" ssh-copy-id -i ~/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no root@192.168.1.89"
Now try logging into the machine, with "ssh '-o StrictHostKeyChecking=no root@192.168.1.89'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[root@manager ~]#
命令说明：
sshpass：专为ssh连接服务的免交户工具
-p ：指定登录的密码
ssh-copy-id：自动分发公钥的工具
-i：指定公钥路径
-o StrictHostKeyChecking=no :不进行对方主机信息的写入（第一次ssh连接会在know_hosts文件里记录）

3.3 第四步：测试ssh秘钥认证情况

[root@manager ~]# ssh root@192.168.1.89
Last login: Tue Jul 25 00:05:15 2017 from manager
[root@web2 ~]#

3.4 编写ssh秘钥对免交互批量分发脚本

#!/bin/bash
# author:Mr.chen
# 2017-3-14
# description:SSH密钥批量分发

User=root
passWord=123.asd

function YumBuild(){

echo "正在安装epel源yum仓库，请稍后..."
cd /etc/yum.repos.d/ &&\
[ -d bak ] || mkdir bak
[ `find ./*.* -type f | wc -l` -gt 0 ] && find ./*.* -type f |  xargs -i mv {} bak/
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo &>/dev/null
yum -y clean all &>/dev/null
yum makecache &>/dev/null

}

echo "正在进行网络连接测试,请稍后..."
ping www.baidu.com -c2 >/dev/null ||(echo "无法连同外网，本脚本运行环境必须和外网相连！" && exit)
[ $# -eq 0 ] && echo "没有参数！格式为：sh $0 参数1...n" && exit
rpm -q sshpass &>/dev/null || yum -y install sshpass &>/dev/null
if [ $? -gt 0 ];then
    YumBuild
    yum -y install sshpass &>/dev/null || (echo "sshpass build error！" && exit)
fi
[ -d ~/.ssh ] || mkdir ~/.ssh;chmod 700 ~/.ssh
echo "正在创建密钥对...."
rm -rf ~/.ssh/id_dsa ~/.ssh/id_dsa.pub
ssh-keygen -t dsa -f ~/.ssh/id_dsa -P "" &>/dev/null
for ip in $*
do
    ping $ip -c1 &>/dev/null
    if [ $? -gt 0 ];then
        echo "$ip无法ping通请检查网络"
        continue
    fi
    sshpass -p "$passWord" ssh-copy-id -i ~/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no ${User}@$ip" &>/dev/null
    echo "$ip 密钥分发成功"
done

3.5 第五步：脚本分发测试

[root@manager scripts]# sh ssh_key.sh 192.168.1.88 192.168.1.89
正在进行网络连接测试,请稍后...
正在创建密钥对....
192.168.1.88 密钥分发成功
192.168.1.89 密钥分发成功
[root@manager scripts]#
[root@manager scripts]# ssh root@192.168.1.89
Last login: Tue Jul 25 01:07:13 2017 from 192.168.1.225
[root@web2 ~]#