linux免密钥登录原理
1.本机生成密钥和公钥
2.把公钥传递给远程主机
3.主机把公钥追加进免检名单
---------------------上面为第一次配置的时候-----------------------配置完毕以后只用下面的步骤-------------------------
4.本机请求远程主机
5.远程主机去免检名单里找到所属公钥
6.生成用公钥加密后的字符串传回本机
7.本机使用私钥进行解密
8.本机把解密后的信息传给远程主机
9.远程主机进行验证
10.登录成功
生成密钥对及分发密钥
#!/bin/bash
#算法密钥
#分发给指定机器
#ip_header
head_ip='192.168.255.'
#ip_footer
arr=(101 102 103 104 105)
#用户家密钥目录
base_dir=~/.ssh/
#公钥
pub=id_rsa.pub
#私钥
key=id_rsa
#用户密码
passwd=centos
#需要root权限安装软件
install_cmd(){
yum install -y pssh sshpass
}
create_key()
{
sleep 2
#删除本地初始密钥对
rm -rf ${base_dir}
sleep 1
echo -e "删除完成
"
echo "开始分发"
echo "
"
echo "++++++++++++++++++++"
ssh-keygen -t rsa -f ${base_dir}${key} -P ""
for ip in ${arr[@]}
do
sshpass -p${passwd} ssh-copy-id -i ${base_dir}${pub} "$head_ip$ip" -o StrictHostKeyChecking=no
done
echo -e "分发完结
"
}
check_ip(){
for ip in ${arr[@]}
do
pssh -H ${head_ip}${ip} -i $1
done
}
main(){
install_cmd;
create_key;
echo "输出ok:";
check_ip 'echo "ok"'
echo "输出ping结果:";
check_ip 'ping qq.com -c 2'
echo "获取主机名:";
check_ip 'hostname'
echo "获取主机名:";
check_ip "source /etc/profile;ip a | grep inet | grep ${head_ip}"
}
main
分发过程
[root@iZbp1cm8hsrnrp4hlrw0tgZ ~]# sh test.sh
删除完成
开始分发
++++++++++++++++++++
Generating public/private rsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:BoO9f9YdQdL3mqwMO36N/9k8uajF8VzueMKKWZoqi/8 root@iZbp1cm8hsrnrp4hlrw0tgZ
The key's randomart image is:
+---[RSA 2048]----+
| ... |
| o o. .|
| . + ...|
| + ..|
| . S o.o.|
| o ....Bo.|
| . o+oB.oo|
| .. oo** =*+|
| ..o+Eo*+o+o*B|
+----[SHA256]-----+
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '172.16.91.104'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '172.16.91.120'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '172.16.91.121'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '172.16.91.122'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '172.16.91.123'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '172.16.91.124'"
and check to make sure that only the key(s) you wanted were added.
分发完结
验证结果
主机ip内容文件
[root@iZbp1cm8hsrnrp4hlrw0tgZ ~]# cat pytest.py
172.16.91.104
172.16.91.120
172.16.91.121
172.16.91.122
172.16.91.123
172.16.91.124
输出ok验证结果
[root@iZbp1cm8hsrnrp4hlrw0tgZ ~]# pssh -h pytest.py -i echo "ok"
[1] 16:18:08 [SUCCESS] 172.16.91.120
ok
[2] 16:18:08 [SUCCESS] 172.16.91.121
ok
[3] 16:18:08 [SUCCESS] 172.16.91.104
ok
[4] 16:18:08 [SUCCESS] 172.16.91.123
ok
[5] 16:18:08 [SUCCESS] 172.16.91.122
ok
[6] 16:18:08 [SUCCESS] 172.16.91.124
ok
安装pssh工具
yum install -y pssh
输出ping验证结果
[root@iZbp1cm8hsrnrp4hlrw0tgZ ~]# pssh -h pytest.py -i ping qq.com -c 2
[1] 16:23:47 [SUCCESS] 172.16.91.104
PING qq.com (111.161.64.40) 56(84) bytes of data.
64 bytes from dns40.online.tj.cn (111.161.64.40): icmp_seq=1 ttl=51 time=28.4 ms
64 bytes from dns40.online.tj.cn (111.161.64.40): icmp_seq=2 ttl=51 time=28.4 ms
--- qq.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 28.458/28.467/28.476/0.009 ms
[2] 16:23:47 [SUCCESS] 172.16.91.120
PING qq.com (111.161.64.40) 56(84) bytes of data.
64 bytes from dns40.online.tj.cn (111.161.64.40): icmp_seq=1 ttl=51 time=31.5 ms
64 bytes from dns40.online.tj.cn (111.161.64.40): icmp_seq=2 ttl=51 time=31.5 ms
--- qq.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 31.532/31.546/31.560/0.014 ms
[3] 16:23:47 [SUCCESS] 172.16.91.121
PING qq.com (111.161.64.40) 56(84) bytes of data.
64 bytes from dns40.online.tj.cn (111.161.64.40): icmp_seq=1 ttl=51 time=37.6 ms
64 bytes from dns40.online.tj.cn (111.161.64.40): icmp_seq=2 ttl=51 time=37.6 ms
--- qq.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 37.615/37.627/37.640/0.194 ms
[4] 16:23:47 [SUCCESS] 172.16.91.122
PING qq.com (111.161.64.48) 56(84) bytes of data.
64 bytes from dns48.online.tj.cn (111.161.64.48): icmp_seq=1 ttl=51 time=37.1 ms
64 bytes from dns48.online.tj.cn (111.161.64.48): icmp_seq=2 ttl=51 time=37.1 ms
--- qq.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 37.190/37.194/37.199/0.192 ms
[5] 16:23:47 [SUCCESS] 172.16.91.123
PING qq.com (111.161.64.48) 56(84) bytes of data.
64 bytes from dns48.online.tj.cn (111.161.64.48): icmp_seq=1 ttl=51 time=32.4 ms
64 bytes from dns48.online.tj.cn (111.161.64.48): icmp_seq=2 ttl=51 time=32.4 ms
--- qq.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 32.409/32.414/32.419/0.005 ms
[6] 16:23:47 [SUCCESS] 172.16.91.124
PING qq.com (111.161.64.40) 56(84) bytes of data.
64 bytes from dns40.online.tj.cn (111.161.64.40): icmp_seq=1 ttl=51 time=34.4 ms
64 bytes from dns40.online.tj.cn (111.161.64.40): icmp_seq=2 ttl=51 time=34.4 ms
--- qq.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 34.464/34.469/34.474/0.005 ms
获取ip验证结果
[root@iZbp1cm8hsrnrp4hlrw0tgZ ~]# pssh -h pytest.py -i ip a | grep inet | grep 91
inet 172.16.91.121/20 brd 172.16.95.255 scope global dynamic eth0
inet 172.16.91.120/20 brd 172.16.95.255 scope global dynamic eth0
inet 172.16.91.104/20 brd 172.16.95.255 scope global dynamic eth0
inet 172.16.91.122/20 brd 172.16.95.255 scope global dynamic eth0
inet 172.16.91.123/20 brd 172.16.95.255 scope global dynamic eth0
inet 172.16.91.124/20 brd 172.16.95.255 scope global dynamic eth0
Linux互信免密通信基础版
#!/bin/bash
#算法密钥
#分发给指定机器
#ip_header
head_ip='192.168.255.'
#ip_footer
arr=(113 114 115)
#用户家密钥目录
base_dir=~/.ssh/
#公钥
pub=id_rsa.pub
#私钥
key=id_rsa
#用户名称
user=root
#用户密码
passwd=root
#需要root权限安装软件
install_cmd(){
yum install -y pssh sshpass
}
create_key()
{
sleep 2
#删除本地初始密钥对
rm -rf ${base_dir}
sleep 1
echo -e "删除完成
"
echo "开始分发"
echo "
"
echo "++++++++++++++++++++"
#本地主机生成密钥
ssh-keygen -t rsa -f ${base_dir}${key} -P ""
for ip in ${arr[@]}
do
echo "输出ip**********"
echo "ssh root@${head_ip}${ip} "
tmp='ssh-keygen -t rsa -f ${base_dir}${key} -P ""'
#本地主机公钥复制到其他主机认证文件
sshpass -p${passwd} ssh-copy-id $user@${head_ip}${ip} -o StrictHostKeyChecking=no
#远程主机连接,删除已生成的密钥,并重新生成密钥
sshpass -p${passwd} ssh $user@${head_ip}${ip} "rm -rf ${base_dir}${key};rm -rf ${base_dir}{pub}"
#远程主机连接,生成密钥
sshpass -p${passwd} ssh $user@${head_ip}${ip} "ssh-keygen -t rsa -f ${base_dir}${key} -P ''"
#远程主机连接,将公钥复制到其他主机认证文件
for tmp_ip in ${arr[@]}
do
#安装远程连接工具
sshpass -p${passwd} ssh $user@${head_ip}${ip} "yum install -y sshpass;"
#远程主机,将公钥同步到其他机器
sshpass -p${passwd} ssh $user@${head_ip}${ip} "sshpass -p${passwd} ssh-copy-id $user@${head_ip}${tmp_ip} -o StrictHostKeyChecking=no"
#远程主机,将公钥同步localhost主机名下
sshpass -p${passwd} ssh $user@${head_ip}${ip} "sshpass -p${passwd} ssh-copy-id $user@localhost -o StrictHostKeyChecking=no"
done
done
echo -e "分发完结
"
}
check_ip(){
for ip in ${arr[@]}
do
pssh -H ${head_ip}${ip} -i $1
done
}
bat()
{
echo "输出ok:";
check_ip 'echo "ok"'
echo "输出ping结果:";
check_ip 'ping qq.com -c 2'
echo "获取主机名:";
check_ip 'ls ~/.ssh'
echo "获取主机名:";
check_ip "source /etc/profile;ip a | grep inet | grep ${head_ip}"
}
main(){
install_cmd;
create_key;
bat
}
main