Linux之sshkey密钥认证实战

在实际的生产环境中，经常会用到sshkey密钥认证实行数据分发数据等操作，还可以批量操作内网服务器，实行免密认证进行推送分发数据。

1、环境查看

分发服务器

节点服务器

2、服务器添加系统账号

3、生成密钥对

[root@localhost1 ~]# su - linuxidc [fenfa@localhost1 ~]$ whoami linuxidc

[fenfa@localhost1 ~] ssh-keygen -t dsa　Generating public/private dsa key pair.Enter file in which to save the key (/home/linuxidc/.ssh/id_dsa): Created directory '/home/linuxidc/.ssh'.　　#创建目录Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/linuxidc/.ssh/id_dsa.Your public key has been saved in /home/linuxidc/.ssh/id_dsa.pub.The key fingerprint is:2c:33:62:96:d5:5a:56:a8:19:63:29:de:63:35:83:f1 linuxidc@localhost1The key's randomart image is:+--[ DSA 1024]----+|      .+ ..      ||    . *o=.      ||  . +.*Eo      ||    .o*=        ||    =.=.S        ||  o . +        ||                ||                ||                |+-----------------+[linuxidc@localhost1 ~] cd /home/linuxidc/.ssh/[linuxidc@localhost1 .ssh] ls -ld .sshls: cannot access .ssh: No such file or directory[linuxidc@localhost1 .ssh] ls -ld /home/linuxidc/.ssh/drwx------ 2 linuxidc fenfa 4096 Feb 21 00:25 /home/linuxidc/.ssh/[linuxidc@localhost1 .ssh]

[linuxidc@localhost1 .ssh]$ cat /home/linuxidc/.ssh/id_dsa -----BEGIN DSA PRIVATE KEY----- MIIBuwIBAAKBgQDLu2NAZzbTkIb5qAXlFEEud/Ka3dS37dSzIgpkWeX5M65niDgJ NoXybn5t14YC5Ur7ef1MXQWsTJlzz1Y6+2MXNUnqnttIsbFGqPFCxfITDCryE9xZ L16LF7LLFcYyAiXDNJApQXRfnt8p4+5NYEx7WUtRnFhcAyolGCKGV9FlpQIVAPd4 UIqd7o3o3z+R8JbB0kB7uQmzAoGAb7DhH9aXMrDCERjr3u3kb6/P5yKl1h4Bx/Il k6Ye/hmly5jPk2ylwifPb0iVHVfKvREVGEQ84SUkYzGhAkws1hcrEp9auunzYDNP Sw8rTRwnGHe+jeSJpMFyE/XiAdLm9dlvNubgcprAhrY7j2dgM6lMzI4Wzx64yPm5 qqEF3AwCgYAswJiFXDeTFDumtSeAYwukCbuYFmuOZFep17Vo+5GO/EYmhv0WLkry mfkWIgzeq9RfiDj2jVGxMPwRdfIqqeThzrs8nJKNgIwhI8yN/EcjwdHA9iwkMWng +eXweI3JLGwAwOi8K0E5daJe6QyXZO67nlZt6RPsnnOZzsgdqIrtkwIVAK4QeeT/ lrNTWfo0hWEh7DPEGHsx -----END DSA PRIVATE KEY-----

4、分发密钥

分发的命令格式 ssh-copy-id -i 密钥名称 用户@远端主机 IP 地址--------------用于 ssh 是默认端口 ssh-copy-id -i 密钥名称 “-p port 用户@远端主机 IP 地址”--用于 ssh 非默认端口

[linuxidc@localhost1 .ssh]$ ssh-copy-id -i id_dsa.pub linuxidc@192.168.181.129　　#分发的命令 The authenticity of host '192.168.181.129 (192.168.181.129)' can't be established. RSA key fingerprint is 9e:81:e9:02:86:a0:24:37:2b:d0:4e:ae:d4:41:6f:0d. Are you sure you want to continue connecting (yes/no)? y Please type 'yes' or 'no': yes Warning: Permanently added '192.168.181.129' (RSA) to the list of known hosts. linuxidc@192.168.181.129's password: Permission denied, please try again. linuxidc@192.168.181.129's password: Permission denied, please try again. linuxidc@192.168.181.129's password: Now try logging into the machine, with "ssh 'linuxidc@192.168.181.129'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[linuxidc@localhost1 .ssh]$ ssh-copy-id -i id_dsa.pub linuxidc@192.168.181.129 Now try logging into the machine, with "ssh 'linuxidc@192.168.181.129'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

查看是否分发成功

[linuxidc@localhost2 ~]$ tree /home/linuxidc/.ssh/ /home/linuxidc/.ssh/ └── authorized_keys　　分发成功

0 directories, 1 file

5、分发数据

不需要输入密码

当每天都需要分发数据时，可以把命令写入脚本中，再加入定时任务，就可以自动分发数据。