ssh密鑰創建分發(埠號非22)&腳本實現自動創建分發密鑰

1.1 服務端埠號變化了，如何基於秘鑰連接

1.1.1 環境準備

實驗環境：

[root@test ~]# cat /etc/redhat-release

CentOS release 6.9 (Final)

將一臺伺服器的ssh服務埠修改為63389

[root@test ~]# netstat -lntup|grep sshd

tcp        0      0 0.0.0.0:63389  0.0.0.0:*         LISTEN      5083/sshd          

tcp        0      0 :::63389         :::*              LISTEN      5083/sshd   

1.1.2 通過另外一臺伺服器創建並分發密鑰

第一個裡程碑： 現創建密鑰使用 ssh-keygen

[root@backup ~]# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):   #指定密鑰對的保存路徑

Enter passphrase (empty for no passphrase):        #為密鑰對創建密碼

Enter same passphrase again:                          #確認為密鑰對創建的密碼

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

72:48:65:1d:25:69:e1:4c:ae:2b:6f:a5:aa:70:96:1e root@backup

The key's randomart image is:

+--[ RSA 2048]----+     #2048表示加密的位數為2048位

|        o.==.      |

|       o =+.       |

|      .  .+        |

|     . . .         |

|      o S           |

|     . o ..        |

|  . E . .o         |

|   = . oo           |

|    o..o.           |

+-----------------+

第二個裡程碑：分發密鑰，註意ssh的埠

[root@backup ~]# ssh-copy-id  -i ~/.ssh/id_rsa.pub "-p63389 172.16.1.250"

The authenticity of host '[172.16.1.250]:63389 ([172.16.1.250]:63389)' can't be established.

RSA key fingerprint is d3:41:bb:0d:43:88:da:a3:2c:e8:36:91:11:c9:e4:9c.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '[172.16.1.250]:63389' (RSA) to the list of known hosts.

[email protected]'s password:

Now try logging into the machine, with "ssh '-p63389 172.16.1.250'", and check in:

  .ssh/authorized_keys   #分發到對端伺服器後進行改名

to make sure we haven't added extra keys that you weren't expecting.

說明：

   通過 man 手冊找到密鑰分發的命令格式。

   -i 參數指定 公鑰文件的存放位置

[use@]表示使用的用戶，預設使用當前登陸的用戶

-p 指定埠，主要要在雙引號之間（通過cat `which ssh-copy-id` 命令腳本內容得知）

[root@backup ~]# man ssh-copy-id

Formatting page, please wait...

SSH-COPY-ID(1)                                                  SSH-COPY-ID(1)

NAME

       ssh-copy-id  -  install  your  public  key in a remote machine's autho-

       rized_keys

SYNOPSIS

第三個裡程碑： 測試密鑰登陸

[root@backup ~]# ssh 172.16.1.250 -p 63389

Last login: Wed Oct 18 15:42:05 2017 from 10.0.0.41

[root@test ~]#

1.2 如何實現自動創建秘鑰對，同時分發公鑰（編寫腳本實現）

腳本內容：

[root@m01 ~]# vim /server/scripts/piliang_fenfa.sh
  1 #!/bin/bash
  2
  3 #make key
  4 \rm -f /root/.ssh/id_dsa
  5 ssh-keygen -t dsa -f /root/.ssh/id_dsa -P "" -q
  6
  7 #fengfagongyao
  8 for ip in 8 31 41
  9 do
 10 echo ====fenfa key to host 172.16.1.$ip====
 11 sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no [email protected].$ip"
 12 echo ===============fenfa end==============
 13 echo ""
 14 done

腳本說明：

   ssh-keygen -t dsa -f /root/.ssh/id_dsa -P "" -q

   創建密鑰，-f指定存放位置，-P 密鑰加密的密碼  -q 減少信息輸出

sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no [email protected].$ip"

   這裡需要安裝一個軟體 yum install sshpass -y 用來提供中戶密碼

ssh-copy-id 命令來分發密鑰 -i 指定密鑰本地存放的路徑

-o StrictHostKeyChecking=no 在登陸其他伺服器是不選擇yes/no

for ip in 8 31 41

   這裡使用for迴圈來對ip地址進行變化。