I. ssh-keygen批量分发
II. 环境介绍
| IP | 主机名 | 说明 |
|---|---|---|
| 172.16.10.10 | ansheng | 分发服务器 |
| 172.16.10.100 | zabbix-node01 | node1 |
| 172.16.10.101 | zabbix-node02 | node2 |
系统环境:
[root@ansheng ~]# cat /etc/redhat-release
CentOS release 6.7 (Final)
[root@ansheng ~]# uname -a
Linux ansheng 2.6.32-573.22.1.el6.x86_64 #1 SMP Wed Mar 23 03:35:39 UTC 2016 x86_64 x86_64 x86_64 GNU/LinuxIII. 分发服务器生成Key
非交互式生成
[root@ansheng ~]# ssh-keygen -t rsa -f ~/.ssh/id_rsa -P ''
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
1b:81:ad:d8:95:41:02:70:a0:b2:6f:aa:2c:17:4e:44 root@ansheng
The key's randomart image is:
+--[ RSA 2048]----+
| ooo...o |
| .E. + o |
|o. . = |
|... o o . |
|.. . o S |
| .o o |
| oo. . |
|ooo |
|=o |
+-----------------+IV. 把公钥发给客户端
发送第一个节点
[root@ansheng ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.10.100
The authenticity of host '172.16.10.100 (172.16.10.100)' can't be established.
RSA key fingerprint is 55:f1:c0:57:1e:a2:96:1b:bb:0d:85:03:d0:e7:56:42.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.10.100' (RSA) to the list of known hosts.
Address 172.16.10.100 maps to bogon, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@172.16.10.100's password:
Now try logging into the machine, with "ssh 'root@172.16.10.100'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.发送第二个节点
[root@ansheng ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.10.101
The authenticity of host '172.16.10.101 (172.16.10.101)' can't be established.
RSA key fingerprint is 55:f1:c0:57:1e:a2:96:1b:bb:0d:85:03:d0:e7:56:42.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.10.101' (RSA) to the list of known hosts.
Address 172.16.10.101 maps to bogon, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@172.16.10.101's password:
Now try logging into the machine, with "ssh 'root@172.16.10.101'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.如果ssh服务器端口非22可以使用以下方式发送:
ssh-copy-id -i ~/.ssh/id_rsa.pub "-p 235 root@172.16.10.101"V. 登陆客户端执行命令
[root@ansheng ~]# ssh root@172.16.10.100 /sbin/ifconfig eth0
Address 172.16.10.100 maps to bogon, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
eth0 Link encap:Ethernet HWaddr 00:0C:29:3D:95:D8
inet addr:172.16.10.100 Bcast:172.16.10.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe3d:95d8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12489 errors:0 dropped:0 overruns:0 frame:0
TX packets:4936 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:16654811 (15.8 MiB) TX bytes:339180 (331.2 KiB)如果端口非22可以使用一下指令:
ssh -p235 root@172.16.10.100 /sbin/ifconfig eth0VI. 遇到的问题
在登陆客户端或执行指令的时候遇到以下哎问题:
[root@ansheng ~]# ssh root@172.16.10.101
Address 172.16.10.101 maps to bogon, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Last login: Tue Apr 26 08:46:55 2016 from 172.16.10.1
[root@zabbix-node02 ~]# 解决方法:
修改node2节点上面的sshd配置文件,
[root@zabbix-node02 ~]# sed -i 's#GSSAPIAuthentication yes#GSSAPIAuthentication no#g' /etc/ssh/sshd_config
[root@zabbix-node02 ~]# /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]登陆测试:
[root@ansheng ~]# ssh root@172.16.10.101
Last login: Tue Apr 26 08:46:57 2016 from 172.16.10.10这次就没有提示了。