/ 前言 /
通过密钥的方式来使服务器之间免密登录无疑是很重要的, 设想一下你要在N台服务器上面搭建MySQL主从又或者是ES集群, 此时你需要先在其中一台机器上面搭建之后将文件拷贝打其它服务器上面, 而最简单的方式就是直接通过脚本来一次性拷贝完成, 如果每拷贝一台机器你都需要输入一次服务器密码那绝对不叫自动化, 最多就是帮你省去了curl + c和curl + v罢了
/ 1 / SSH
1 . 1 生成密钥
想要实现免密登录我们就需要通道SSH中的一个命令来生成密钥
ssh-keygen -t rsa -P '' -f /home/es/.ssh/id_rsa
- -t : 指定要生成的密钥类型,有rsa1(SSH1),dsa(SSH2),ecdsa(SSH2),rsa(SSH2)等类型,较为常用的是rsa类型
- -P : 指定私钥, 可以选择空, 如果不带
-P指令的话系统会要求你确认私钥ssh-keygen -t rsa -f /home/es/.ssh/id_rsa # 这里可以输入emtpy Enter passphrase (empty for no passphrase): - -f : 指定生成密钥的文件名称, 如果不带
-f指令的话系统会要求你输入文件名称ssh-keygen -t rsa Enter file in which to save the key (/home/es/.ssh/id_rsa): - -b : 指定密钥长度 ,单位是bit
- -q :静默模式
- -i :读取未加密的ssh-v2兼容的私钥/公钥文件,然后在标准输出设备上显示openssh兼容的私钥/公钥
密钥生成展示
[es@node-1 root]$ ssh-keygen -t rsa -P '' -f /root/.ssh/id_rsa.pub
Generating public/private rsa key pair.
/home/es/.ssh/id_rsa.pub already exists.
Overwrite (y/n)? y
Your identification has been saved in /home/es/.ssh/id_rsa.pub.
Your public key has been saved in /home/es/.ssh/id_rsa.pub.pub.
The key fingerprint is:
SHA256:tE9hU+EAFptvllQDwyIzurD2yZIKQnrunfWk4Ci1KPw es@node-1
The key's randomart image is:
+---[RSA 2048]----+
| +++.=. |
| +..o.* . |
| . ++.= . |
| . . . = + |
| . o . S * |
|o + . = |
|=+.=... . . |
|*+++++ + |
|o+=E+ . . |
+----[SHA256]-----+
[es@node-1 root]$
1 . 2 同步密钥
密钥生成之后我们需要将密钥同步到其它服务器中,
ssh-copy-id -i /root/.ssh/id_rsa.pub root@${IP_LIST[i]}
ssh-copy-id -i /home/es/.ssh/id_rsa.pub root@192.168.232.137
- -i : 指定公钥文件
同步密钥展示
[root@node-1 .ssh]# ssh-copy-id -i /home/es/.ssh/id_rsa.pub root@192.168.0.100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/es/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.0.100'"
and check to make sure that only the key(s) you wanted were added.
1 . 3 免密登录
[root@node-1 .ssh]# ssh root@192.168.232.137
Last login: Mon May 18 02:38:49 2020 from 192.168.232.136
[root@node-2 ~]#
/ 2 / 脚本
注意 :
- 修改IP_LIST, 值为其余服务器的IP地址
- 当前脚本处理的是root账户的免密, 如需改为其它账户只需要如下操作
# 修改创建密钥的账户
spawn ssh-keygen -t rsa -P '' -f /root/.ssh/id_rsa
spawn ssh-keygen -t rsa -P '' -f /home/账户名/.ssh/id_rsa
# 修改同步密钥的账户
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@${IP_LIST[i]}
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub 账户名@${IP_LIST[i]}
#
免密配置Shell脚本
# !/bin/bash
# es集群IP地址
IP_LIST=(
192.168.0.100
192.168.0.101
192.168.0.102
)
# 创建秘钥
function create_keygen(){
echo "开始创建密钥"
su - root <<EOF
expect -c"
spawn ssh-keygen -t rsa -P '' -f /root/.ssh/id_rsa
set timeout 30
expect {
\"*Overwrite*\" {send \"y\r\";exp_continue}
}
"
EOF
if [ $? -eq 0 ];then
echo "创建秘钥成功"
else
echo "创建秘钥失败"
fi
}
# 同步密钥
function sycn_keygen(){
echo "开始同步密钥到其他服务器"
for ((i=0;i<${#HOST_IP[*]};i++))
do
su root<<EOF
expect -c"
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@${IP_LIST[i]}
expect {
\"*yes/no*\" {send \"yes\r\";exp_continue}
\"*password:*\" {send \"$password\r\";exp_continue}
}"
EOF
done
if [ $? -eq 0 ];then
echo "设置免秘钥成功"
else
echo "设置免秘钥失败"
fi
}
ssh_keygen_fun
copy_ssh_keygen
转载:https://blog.csdn.net/F1004145107/article/details/106195727
查看评论