SSH實(shí)現(xiàn)基于秘鑰連接的部署步驟
1管理端創(chuàng)建秘鑰對(duì)信息
ssh-keygen -t dsa
2管理端進(jìn)行分發(fā)公鑰
ssh-copy-id -i /root/.ssh/id_dsa.pub user@ip
3進(jìn)行連接測(cè)試
ssh ip
不用交互輸入密碼信息,進(jìn)行遠(yuǎn)程連接分發(fā)公鑰:
yum install -y sshpass
sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.41 -p 52113 "-o StrictHostKeyChecking=no"
批量分發(fā)公鑰示例腳本:
#!/bin/bash
for ip in {1..100}
do
echo "==================== host 172.16.1.$ip pub-key start fenfa ==================== "
sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.$ip "-o StrictHostKeyChecking=no" &>/dev/null
echo -e "host 172.16.1.$ip fenfa success."
echo "==================== host 172.16.1.$ip fenfa end ==================== "
echo ""
done
SSH服務(wù)配置文件部分參數(shù)解釋
/etc/ssh/sshd_config
PermitEmptyPasswords no --- 是否允許遠(yuǎn)程用戶使用空密碼登錄,默認(rèn)不允許
PermitRootLogin yes --- 是否禁止root用戶遠(yuǎn)程連接主機(jī) 建議改為no
GSSAPIAuthentication no --- 是否開啟GSSAPI認(rèn)證功能 不用的時(shí)候關(guān)閉
UseDNS no --- 是否開啟反向DNS解析功能 建議進(jìn)行關(guān)閉
