#ping
ping 172.16.1.41
# nmap探测22端口,sshd服务开启或可以访问
[root@mn01[ ~]#nmap -p 22 172.16.1.31 172.16.1.7 172.16.1.41
Starting Nmap 6.40 ( http://nmap.org ) at 2024-04-29 15:11 CST
Nmap scan report for 172.16.1.31
Host is up (0.00039s latency).
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:0C:29:C7:69:C1 (VMware)
Nmap scan report for 172.16.1.7
...
Nmap scan report for 172.16.1.41
...
Nmap done: 3 IP addresses (3 hosts up) scanned in 0.47 seconds
1.3.2 创建密钥对
创建的时候需要按交互提示输入信息
ssh-keygen -t rsa
#注意创建的啥时候也可以不加-t, 默认通过rsa方法对数据进行加密.
[root@mn01[ ~]#ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ry8yEWh6ZJQ8SUDK7KoQbZW86Y3gScBPO1hJMSfuAGo root@mn01
The key's randomart image is:
+---[RSA 2048]----+
|..oOo+ |
|*.o.@. |
|+E *+o |
|ooB.*o. |
|.o=Xo .S |
|.=.+oo. . |
|o o.o .. . |
|o o .. |
|. o.o. |
+----[SHA256]-----+
[root@mn01[ ~]#ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.0.41 (10.0.0.41)' can't be established.
ECDSA key fingerprint is SHA256:OVpquCehSKXH4UACbiezs1feEbgyswAvmfM0c1jFOww.
ECDSA key fingerprint is MD5:00:f4:c5:99:88:a5:d9:f3:5d:fa:65:d4:57:bd:39:a3.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
#安装工具
yum install -y sshpass
# 先测试对方机器是否需要输入yes / no,并输入yes
[root@mn01[ ~]#ssh 10.0.0.7 hostname -I
The authenticity of host '10.0.0.7 (10.0.0.7)' can't be
....
Are you sure you want to continue connecting (yes/no) yes
# 然后使用sshpass测试, -p后面可以指定密码
[root@mn01[ ~]#sshpass -p "redhat123" ssh 10.0.0.7 hostname -I
10.0.0.7 172.16.1.7
# 成功解决交互式输入密码的问题
解决交互书yes / no的问题,需要使用到ssh-copy-id的选项
-oStrictHostKeyChecking=no
[root@mn01[ ~]#sshpass -p "redhat123" ssh-copy-id -i ~/.ssh/id_rsa.pub -oStrictHostKeyChecking=no 10.0.0.41
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
...
Number of key(s) added: 1
...
and check to make sure that only the key(s) you wanted were added.
# 分发成功
1.4.3 自动化创建与分发脚本
创建和分发密钥脚本/server/scripts/creatkey.sh
#!/bin/bash
#desc: 一键创建和分发密钥对
#1.vars
pass="redhat123"
ips="10.0.0.7 10.0.0.31 10.0.0.41"
# 导入模块
. /etc/init.d/functions
# 判断是否联网可以使用yum
# 加入判断sshpass命令是否存在,如果不存在则安装
# 2.创建密钥对
if [ -f ~/.ssh/id_rsa ];then
echo "已经创建过密钥对"
else
echo "正在创建密钥对..."
ssh-keygen -t rsa -f ~/.ssh/id_rsa -P '' &>/dev/null
if [ $? -eq 0 ];then
action "密钥创建成功" /bin/true
else
action "密钥创建失败" /bin/false
fi
fi
# 3.使用循环发送公钥
for ip in $ips
do
sshpass -p ${pass} ssh-copy-id -i ~/.ssh/id_rsa.pub -oStrictHostKeyChecking=no $ip &>/dev/null
if [ $? -eq 0 ];then
action "密钥分发成功" /bin/true
else
action "密钥分发失败" /bin/false
fi
done
分发脚本测试
[root@mn01[ /server/scripts]#./createkey.sh
正在创建密钥对...
密钥创建成功 [ OK ]
密钥分发成功 [ OK ]
密钥分发成功 [ OK ]
密钥分发成功 [ OK ]
[root@mn01[ /server/scripts]#./createkey.sh
已经创建过密钥对
密钥分发成功 [ OK ]
密钥分发成功 [ OK ]
密钥分发成功 [ OK ]
检查脚本测试/server/scripts/check.sh
#!/bin/bash
# desc: 批量在所有机器上执行命令
for ip in 10.0.0.7 10.0.0.31 10.0.0.41
do
ssh $ip hostname
done
