1.1 服務端端口號變化了，如何基于秘鑰連接

1.1.1 環(huán)境準備

實驗環(huán)境：

[root@test ~]# cat /etc/redhat-release

CentOS release 6.9 (Final)

將一臺服務器的ssh服務端口修改為63389

[root@test ~]# netstat -lntup|grep sshd

tcp? ? ? ? 0? ? ? 0 0.0.0.0:63389? 0.0.0.0:*? ? ? ? LISTEN? ? ? 5083/sshd? ? ? ? ?

tcp? ? ? ? 0? ? ? 0 :::63389? ? ? ? :::*? ? ? ? ? ? ? LISTEN? ? ? 5083/sshd?

1.1.2 通過另外一臺服務器創(chuàng)建并分發(fā)密鑰

第一個里程碑： 現(xiàn)創(chuàng)建密鑰使用 ssh-keygen

[root@backup ~]# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):? #指定密鑰對的保存路徑

Enter passphrase (empty for no passphrase):? ? ? ? #為密鑰對創(chuàng)建密碼

Enter same passphrase again:? ? ? ? ? ? ? ? ? ? ? ? ? #確認為密鑰對創(chuàng)建的密碼

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

72:48:65:1d:25:69:e1:4c:ae:2b:6f:a5:aa:70:96:1e root@backup

The key's randomart image is:

+--[ RSA 2048]----+? ? #2048表示加密的位數(shù)為2048位

|? ? ? ? o.==.? ? ? |

|? ? ? o =+.? ? ? |

|? ? ? .? .+? ? ? ? |

|? ? . . .? ? ? ? |

|? ? ? o S? ? ? ? ? |

|? ? . o ..? ? ? ? |

|? . E . .o? ? ? ? |

|? = . oo? ? ? ? ? |

|? ? o..o.? ? ? ? ? |

+-----------------+

第二個里程碑：分發(fā)密鑰，注意ssh的端口

[root@backup ~]# ssh-copy-id? -i ~/.ssh/id_rsa.pub "-p63389 172.16.1.250"

The authenticity of host '[172.16.1.250]:63389 ([172.16.1.250]:63389)' can't be established.

RSA key fingerprint is d3:41:bb:0d:43:88:da:a3:2c:e8:36:91:11:c9:e4:9c.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '[172.16.1.250]:63389' (RSA) to the list of known hosts.

root@172.16.1.250's password:

Now try logging into the machine, with "ssh '-p63389 172.16.1.250'", and check in:

? .ssh/authorized_keys? #分發(fā)到對端服務器后進行改名

to make sure we haven't added extra keys that you weren't expecting.

說明：

?? 通過 man 手冊找到密鑰分發(fā)的命令格式。

?? -i 參數(shù)指定 公鑰文件的存放位置

[use@]表示使用的用戶，默認使用當前登陸的用戶

-p 指定端口，主要要在雙引號之間（通過cat `which ssh-copy-id` 命令腳本內(nèi)容得知）

[root@backup ~]# man ssh-copy-id

Formatting page, please wait...

SSH-COPY-ID(1)????????????????????????????????????????????????? SSH-COPY-ID(1)

NAME

?????? ssh-copy-id? -? install? your? public? key in a remote machine's autho-

?????? rized_keys

SYNOPSIS

第三個里程碑： 測試密鑰登陸

[root@backup ~]# ssh 172.16.1.250 -p 63389

Last login: Wed Oct 18 15:42:05 2017 from 10.0.0.41

[root@test ~]#

1.2 如何實現(xiàn)自動創(chuàng)建秘鑰對，同時分發(fā)公鑰（編寫腳本實現(xiàn)）

腳本內(nèi)容：

[root@m01 ~]# vim /server/scripts/piliang_fenfa.sh

? 1 #!/bin/bash

? 2

? 3 #make key

? 4 \rm -f /root/.ssh/id_dsa

? 5 ssh-keygen -t dsa -f /root/.ssh/id_dsa -P "" -q

? 6

? 7 #fengfagongyao

? 8 for ip in 8 31 41

? 9 do

10 echo ====fenfa key to host 172.16.1.$ip====

11 sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no root@172.16.1.$ip"

12 echo ===============fenfa end==============

13 echo ""

14 done

腳本說明：

? ssh-keygen -t dsa -f /root/.ssh/id_dsa -P "" -q

?? 創(chuàng)建密鑰，-f指定存放位置，-P 密鑰加密的密碼? -q 減少信息輸出

sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no root@172.16.1.$ip"

?? 這里需要安裝一個軟件 yum install sshpass -y 用來提供中戶密碼

ssh-copy-id 命令來分發(fā)密鑰 -i 指定密鑰本地存放的路徑

-o StrictHostKeyChecking=no 在登陸其他服務器是不選擇yes/no

for ip in 8 31 41

?? 這里使用for循環(huán)來對ip地址進行變化。

附錄：CentOS 7密鑰分發(fā)腳本

1 #!/bin/bash

2 . /etc/rc.d/init.d/functions

3

4 yum install sshpass -y? >/dev/null

5 # 創(chuàng)建密鑰

6 \rm ~/.ssh/id_rsa* -f

7 ssh-keygen -t rsa -f ~/.ssh/id_rsa -N "" -q

8 # 分發(fā)公鑰

9 for ip in 61 21 51 31 41 8 7 9 5 6

10 do

11 sshpass -p123456 ssh-copy-id -o "StrictHostKeyChecking no"? -i /root/.ssh/id_rsa.pub 172.16.1.$ip &>/dev/null

12 if [ $? -eq 0 ];then

13 action? "fenfa 172.16.1.$ip"? /bin/true

14 else

15 action? "fenfa 172.16.1.$ip"? /bin/false

16 fi

17 echo ""

18 done