Shulou(Shulou.com)06/03 Report--

This article mainly introduces how to achieve SSH password-free login and secret key management, distribution, deployment of SHELL scripts under Linux, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to know about it.

Environment:

Ssh server: 192.168.100.29 server.example.com

Ssh client: 192.168.100.30 client.example.com

Manage, distribute and deploy SHELL scripts through root users establishing secret key authentication

First, the client creates a secret key pair and distributes the public key to the SSH server that needs to log in

Note: the public key is equivalent to the lock, and the private key is equivalent to the key. Here, we are equivalent to creating a pair of keys and locks on the client side. To log in without SSH password is equivalent to distributing the locks to the server and installing the locks, and then the client can use the keys to open the locks.

one。 Establish secret key authentication

1. Create a secret key pair on the client: (ssh client)

The code is as follows:

# su-root

# ssh-keygen-t dsa

You can enter all the way.

The code is as follows:

Generating public/private dsa key pair.

Enter file in which to save the key (/ root/.ssh/id_dsa):

Created directory'/ root/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in / root/.ssh/id_dsa.

Your public key has been saved in / root/.ssh/id_dsa.pub.

The key fingerprint is:

E9:5e:4a:7f:79:64:c5:ae:f2:06:a7:26:e4:41:5c:0e root@zabbix.example.com

The key's randomart image is:

+-[DSA 1024]-+

| | |

| E. | |

|. +. | |

| .o. O |

| | S. o |

|. O. +. |

| | oo.. | B. | |

| | o + o * + |

| o. + =. | |

+-+

two。 View the generated key pair: (ssh client)

The code is as follows:

# ls-lda .ssh

-

Drwx- 2 root root 4096 June 6 23:03 .ssh

-

# cd .ssh

# ls-la

-

Total dosage 16

Drwx- 2 root root 4096 June 6 23:03.

Dr-xr-x---. 26 root root 4096 June 6 23:03..

-rw- 1 root root 668 June 6 23:03 id_dsa

-rw-r--r-- 1 root root 613 June 6 23:03 id_dsa.pub

-

Secret key generation completed

3. Distribute the public key (lock) to the SSH server: (ssh client)

The code is as follows:

# ssh-copy-id-I. ssh / id_dsa.pub 192.168.100.29

Note: if not a root user and a custom SSH port, the format is as follows:

The code is as follows:

# ssh-copy-id-I. ssh / id_rsa.pub "- p 22 user@server"

Enter yes, then enter the password and press enter:

The code is as follows:

The authenticity of host '192.168.100.30 (192.168.100.30)' can't be established.

RSA key fingerprint is fc:9b:2e:38:3b:04:18:67:16:8f:dd:94:a8:bd:08:03.

Are you sure you want to continue connecting (yes/no)? Yes

Warning: Permanently added '192.168.100.30' (RSA) to the list of known hosts.

Address 192.168.100.30 maps to bogon, but this does not map back to the address-POSSIBLE BREAK-IN ATTEMPT!

Root@192.168.100.30's password:

Now try logging into the machine, with "ssh '192.168.100.30'", and check in:

.ssh / authorized_keys

To make sure we haven't added extra keys that you weren't expecting.

Public key distribution completed

4. The server views the distribution files received: (ssh server)

The code is as follows:

# ll / root/.ssh

-

Total dosage 4

-rw- 1 root root 613 6 June 23:29 authorized_keys

-

Successfully received

5. Client verification login: (ssh client)

Check the server IP address:

The code is as follows:

# ssh 192.168.100.29 / sbin/ifconfig eth0

Address 192.168.100.29 maps to bogon, but this does not map back to the address-POSSIBLE BREAK-IN ATTEMPT!

Eth0 Link encap:Ethernet HWaddr 00:0C:29:7A:4F:30

Inet addr:192.168.100.29 Bcast:192.168.100.255 Mask:255.255.255.0

Inet6 addr: fe80::20c:29ff:fe7a:4f30/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:184297 errors:0 dropped:0 overruns:0 frame:0

TX packets:162028 errors:0 dropped:0 overruns:0 carrier:0

Collisions:0 txqueuelen:1000

RX bytes:163599380 (156.0 MiB) TX bytes:51284830 (48.9 MiB)

Interrupt:19 Base address:0x2000

Note: there is a warning message "Address 192.168.100.29 maps to bogon, but this does not map back to the address-POSSIBLE BREAK-IN ATTEMPT!".

The solution is to modify the client / etc/hosts file and write in the corresponding relationship between the server's ip address and the host name.

The code is as follows:

(ssh client)

# echo "192.168.100.29 server.example.com" > > / etc/hosts

Re-view

The code is as follows:

# ssh 192.168.100.29 / sbin/ifconfig eth0

No error prompt:

The code is as follows:

-

Eth0 Link encap:Ethernet HWaddr 00:0C:29:7A:4F:30

Inet addr:192.168.100.29 Bcast:192.168.100.255 Mask:255.255.255.0

Inet6 addr: fe80::20c:29ff:fe7a:4f30/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:184530 errors:0 dropped:0 overruns:0 frame:0

TX packets:162264 errors:0 dropped:0 overruns:0 carrier:0

Collisions:0 txqueuelen:1000

RX bytes:163618650 (156.0 MiB) TX bytes:51304877 (48.9 MiB)

Interrupt:19 Base address:0x2000

-

View server memory

The code is as follows:

# ssh 192.168.100.29 free-m

-

Total used free shared buffers cached

Mem: 1006 991 14 0 177 308

-/ + buffers/cache: 506500

Swap: 1023 6 1017

-

two。 Create SHELL scripts for batch management: (ssh client)

1. Create a script:

The code is as follows:

# cd / etc/rc.d

# vi manager.sh

-

For ip in `cat iplist`

Do

Echo "- $ip---"

Ssh $ip $1

Done

-

two。 Generate IP list: (if there are multiple SSH servers to manage, and so on)

The code is as follows:

# echo 192.168.100.29 > > iplist

# echo 192.168.100.28 > > iplist

.

# cat iplist

-

192.168.100.29

-

3. Execute the script:

The code is as follows:

# sh manager.sh "df-h"

-

-192.168.100.29Murray-

File system capacity used available mount point% used

/ dev/sda3 19G 6.7G 11G 38% /

Tmpfs 504M 0504M 0% / dev/shm

/ dev/sda1 194M 27M 158m 15% / boot

-

Successful management

three。 Create SHELL script to achieve batch distribution: (ssh client)

1. Create a script:

The code is as follows:

# cd / etc/rc.d

# vi distribute.sh

-

For ip in `cat iplist`

Do

Echo "- $ip---"

Scp-r-p $1$ ip:$2

Done

-

Script IP list has been created

Execute the script:

Distribute files under local / root to SSH server hosts

The code is as follows:

# sh distribute.sh / root / tmp

-

-192.168.100.29Murray-

.ICEauthority 100% 620 0.6KB/s 00:00

Install.log.syslog 100% 10KB 10.2KB/s 00:00

Preferred-web-browser.desktop 100% 2378 2.3KB/s 00:00

Preferred-mail-reader.desktop 100% 257 0.3KB/s 00:00

.converted-launchers 100% 0.0KB/s 00:00

.bash _ history 100% 3200 3.1KB/s 00:00

.bash _ logout 100% 18 0.0KB/s 00:00

Applet_dirlist 100% 0.0KB/s 00:00

Saved_state 100% 65KB 64.5KB/s 00:00

8f329b0c645a51e018b765fa0000001a-0 100% 463 0.5KB/s 00:00

.

-

Distribution successful

four。 Batch deployment:

The deployment here combines the bulk management and distribution of SHELL scripts.

For example, you need to deploy N SSH servers to install APACHE in bulk.

1. Write the APACHE installation script.

two。 Distribute the installation script to the SSH server.

3. You can execute the script remotely using SHELL management.

I won't do too much demonstration here. I'll organize my LAMP document and write an APACHE script to demonstrate it here.

Note: because risk operations are involved. Therefore, online use of root users for batch management operations is not recommended.

It is recommended to set up an ordinary account and then use sudo to increase the rights.

Through the establishment of secret key authentication by ordinary users and the promotion of rights by sudo for management, distribution and deployment

The code is as follows:

(ssh server)

# useradd user02

# echo "123456" | passwd-- stdin user02

(ssh client)

# useradd user01

# echo "123456" | passwd-- stdin user01

# su-user01

# ssh-keygen-t dsa

Note: the creation of three carriage returns is completed by default

The code is as follows:

# ssh-copy-id-I. ssh / id_dsa.pub user02@192.168.100.29

Enter password 123456 and distribute it.

Verify:

The code is as follows:

# ssh user02@192.168.100.29 / sbin/ifconfig eth0

If the IP of 192.168.100.29 is returned, the secret key verification is successful.

Distribute:

Note: client-side user01 users can now be password-free to distribute to the folder where the server user02 belongs, but if you want to distribute to the folder where root belongs, you need sudo rights.

1. Server sudo raises rights:

The code is as follows:

# su-root

# echo "user02 ALL= (ALL) NOPASSWD:/usr/bin/rsync,/bin/tar,/usr/bin/scp,/bin/cp" > > / etc/sudoers

Log in to your user02 account

The code is as follows:

# su-user02

View account information:

The code is as follows:

# sodo-l

-

.

User user02 may run the following commands on this host:

(ALL) NOPASSWD: / usr/bin/rsync, (ALL) / bin/tar, (ALL) / usr/bin/scp, (ALL) / bin/cp

-

two。 The client first distributes to the server user02 user home directory:

The code is as follows:

# scp-P22-r-p / home/user01/ user02@192.168.100.29:/home/user02

-

.bash _ logout 100% 18 0.0KB/s 00:00

.bashrc 100% 124 0.1KB/s 00:00

Known_hosts 100% 396 0.4KB/s 00:00

Id_dsa 100% 672 0.7KB/s 00:00

Id_dsa.pub 100% 615 0.6KB/s 00:00

.bash _ profile 100% 176 0.2KB/s 00:00

-

two。 After connecting to the server, execute the sudo cp command to perform a local copy:

The code is as follows:

# ssh-t user02@192.168.100.29 sudo cp / home/user02 / etc

Connection to 192.168.100.29 closed.

Copy successful

Note:

The code is as follows:

# cp / test1 / test2/

Copy the / test1 directory to the / test2/ directory

The code is as follows:

# cp / test1/ / test2/

Is to copy all the files in the / test1 directory to the / test2/ directory

-it's done.-

Thank you for reading this article carefully. I hope the article "how to achieve SSH password-free login and how to manage, distribute and deploy SHELL scripts under Linux" is helpful to everyone. At the same time, I also hope that you will support and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.