SSH服务
2019-05-28 本文已影响11人
酷酷的伟
一、SSH与telnet区别
10.0.0.61/172.16.1.61 ---客户端
10.0.0.41/172.16.1.41 ---服务端
1.安装、检查及重启服务telnet工具
安装:yum install -y telnet-server
检查:rpm -qa telnet-server
重启:systemctl reload telnet-server
客户端相关命令
ssh
ssh客户端 远程连接 远程执行命令
-P
指定端口号
ssh -p22 oldboy@10.0.0.41 whoami
没加密telnet软件
scp
远程传输数据
rpc remote cp未加密
-p(大写)
指定端口号
-r
复制目录的时候
scp -P22 -r /etc 172.16.1.41:/tmp
sftp
lrzsz rz 和sz
上传或下载
-P
xsell ---ssh
xftp ----sftp
创建秘钥认证
安装软件
yum install -y sshpass pssh
创建秘钥对
[root@m01 ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): ##输入存放秘钥的文件
Enter passphrase (empty for no passphrase): ##输入密码,空为无密码
Enter same passphrase again: ##再次输入一次
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:VW1UamyTZ0YDIHQxi00U7DrtJAX/BN0k5cbuhNRRA58 root@m01
The key's randomart image is:
+---[DSA 1024]----+
| .ooO**BB=|
| .*+ooO==|
| .=o.oBE+|
| . +.++= |
| S + o. o |
| + o .o |
| = . |
| . |
| |
+----[SHA256]-----+
检查 秘钥
[root@m01 ~]# ll ~/.ssh/
total 12
-rw------- 1 root root 668 May 27 12:13 id_dsa
-rw-r--r-- 1 root root 598 May 27 12:13 id_dsa.pub
-rw-r--r-- 1 root root 695 May 27 11:22 known_hosts
发送公钥 到backup端
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_dsa.pub 172.16.1.41
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_dsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.1.41's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '172.16.1.41'"
and check to make sure that only the key(s) you wanted were added.
进行测试
[root@m01 ~]# ssh 172.16.1.41 hostname
backup
批量管理
创建hosts文件
[root@m01 ~]# cat hosts.txt
root@172.16.1.41:22
root@172.16.1.7:22
多台虚拟机执行相同命令
[root@m01 ~]# pssh -Ph hosts.txt hostname
image
批量传输文件
[root@m01 ~]# prsync -A -azh hosts.txt /etc/hostname /tmp/
image
前提是虚拟机的密码必须相同
批量并行执行命令
创建解析·文件
[root@m01 ~]# vim hosts.txt
root@172.16.1.41:22
root@172.16.1.7:22
批量执行命令
[root@m01 ~]# pssh -Ph hosts.txt hostname
172.16.1.41: backup
[1] 12:42:51 [SUCCESS] root@172.16.1.41:22
172.16.1.7: web01
[2] 12:42:51 [SUCCESS] root@172.16.1.7:22
批量传输文件
[root@m01 ~]# prsync -A -azh hosts.txt /etc/hostname /tmp/
Warning: do not enter your password if anyone else has superuser
privileges or access to your account.
Password:
[1] 12:52:11 [SUCCESS] root@172.16.1.41:22
[2] 12:52:11 [SUCCESS] root@172.16.1.7:22
-A参数适用于多台服务器密码相同的情况
批量执行命令
[root@m01 ~]# pssh -A -Ph hosts.txt cat /tmp/hostname
Warning: do not enter your password if anyone else has superuser
privileges or access to your account.
Password:
172.16.1.41: m01
[1] 12:52:32 [SUCCESS] root@172.16.1.41:22
172.16.1.7: m01
[2] 12:52:32 [SUCCESS] root@172.16.1.7:22
SSH批量分发秘钥
一键分发密钥
StrictHostKeyChecking=no
sshpass -p 123456 ssh-copy-id -p22 -i ~/.ssh/id_dsa.pub 10.0.0.41 -o StrictHostKeyChecking=no
可以利用脚本(for循环)
vim /server/scripts/fenfa.sh
#!/bin/bash
for ip in 31 41 7
do
sshpass -p 123456ssh-copy-id -i ~/.ssh/id_dsa.pub 172.16.1.$ip
done
创建指定秘钥所需参数
-t 指定秘钥的类型(dsa和rsa rsa是较古老的一种方式)
-f 指定私钥的位置,默认是(家目录下)/root/.ssh/id_dsa
-P 命令行中指定密码
免交互生成密钥对
例:ssh-keygen -t dsa -f /root/.ssh/id_dsa -P ''
'' 表示指定密码为空
[root@m01 ~]# ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ''
Generating public/private dsa key pair.
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:kIna+Ce3UvZoIPzuIiOvKOaQwysKPlAeCTCC6zo+DRk root@m01
The key's randomart image is:
+---[DSA 1024]----+
|* |
|+. . o |
| o .. + |
|.E++ . |
|.+=.. S |
|o=+.. o |
|B.ooo+oo |
|&=o.o+o.. |
|%@++oo. |
+----[SHA256]-----+
出现了以上内容说明密钥对生成成功
