原文
在進行軟體專案的實施部署過程中,經常需要在多個主機節點間登入操作,如果多個主機節點間已經配置了免密登入的話,將會對軟體多主機節點實施部署工作效率有很大提高,例如已經免登入配置的伺服器可以使用ansible-playbook自動化運維工具進行批量節點操作。那麼怎麼實現多個主機節點間批量配置免密登入呢?
基於金鑰配置主機192.168.1.1與主機192.168.1.2間的ssh免密登入步驟如下:
1、在192.168.1.1上生成一對金鑰(公鑰/私鑰)
基於空口令使用ssh-keygen工具生成公鑰和私鑰生成乙個新的ssh金鑰,以實現無密碼登入:
ssh-keygen -t rsa -p '' -f ~/.ssh/id_rsa
2、在192.168.1.1將公鑰傳送給主機192.168.1.2,使用ssh-copy-id或scp命令:
在主機192.168.1.1上用ssh-copy-id命令:
ssh-copy-id [email protected]
或者在主機192.168.1.2上使用scp命令:
scp [email protected]:~/.ssh/id_rsa.pub id_rsa.pub.192.168.1.1cat id_rsa.pub.
192.168.1.1 >>~/.ssh/authorized_keys
注:(1)經過ssh-copy-id後接收公鑰的192.168.1.2主機會把公鑰追加到對應使用者(這裡為root)的$home/.ssh/authorized_keys檔案中;(2)使用scp命令記得需要將id_rsa.pub內容追加到$home/.ssh/authorized_keys檔案中。
實現步驟如下:
(1)讀取配置檔案
(2)本地金鑰對不存在則建立金鑰
(3)登陸到各個主機上,使用ssh-keygen工具生成公鑰和私鑰
(4)拷貝將每個主機上的id_rsa.pub拷貝到本地,並彙總至authorized_keys
(5)將本地authorized_keys分發到每個主機上
(1)準備配置檔案account.txt
192.168.1.1 root 123321192.168.1.2 root 123321
192.168.1.3 root 123321
192.168.1.4 root 123321
(2)免登入配置指令碼 (需要安裝 expect)
#!/bin/bash############################################
# function : 配置賬號免登入(完整版本)
# author : tang
# date :
2020-04-21
## usage:
sh auto_ssh_login.sh ./account.txt
#############################################
filename=$1
if [ ! -n "
$filename
" ]; then
echo
"[error]: no host ip address account file supplied!!!
"echo
"usage : $0 [host_ip_account.txt]
"exit 1fi
# 讀取配置檔案
hostsaddr=()
usernames=()
passwords=()
while read line; do
if [ ! -n "
$line
" ]; then
break 1fi
ip=$(echo $line | cut -d "
" -f1) # 提取檔案中的ip位址
user_name=$(echo $line | cut -d "
" -f2) # 提取檔案中的使用者名稱
pass_word=$(echo $line | cut -d "
" -f3) # 提取檔案中的密碼
#echo
"ip:$ip user:$user_name password:$pass_word
"if [ ! -n "
$ip" ]; then
echo
"[error]: file content format error,reason get [ip address] empty
"exit 1fi
if [ ! -n "
$user_name
" ]; then
echo
"[error]: file content format error,reason get [user name] empty
"exit 1fi
if [ ! -n "
$pass_word
" ]; then
echo
"[error]: file content format error,reason get [password] empty
"exit 1fi
if [ "
$ip" == "
$user_name
" ]; then
echo
"[error]: file content format error,reason invalid file format
"exit 1fi
hostsaddr[$]=$ip
usernames[$]=$user_name
passwords[$]=$pass_word
done
<$filename
# 本地金鑰對不存在則建立金鑰
[ ! -f ~/.ssh/id_rsa.pub ] && ssh-keygen -t rsa -p '' &>/dev/null
# 首先登陸到各個主機上,使用ssh-keygen工具生成公鑰和私鑰
echo
"#### [1] call ssh-keygen to generate key...
"for ((i = 0; i < $; i++)); do
ip=$
user_name=$
pass_word=$
echo
"ip:$ip user:$user_name password:$pass_word
"expect
ssh $user_name@$ip "
rm -rf ~/.ssh; ssh-keygen -t rsa -n '' -f ~/.ssh/id_rsa -q
"expect
"password
" }
expect eof
eofdone
# 其次,拷貝將每個主機上的id_rsa.pub拷貝到本地,並彙總至authorized_keys
echo
"#### [2] copy remote public key to local...
"tmp_authorized_keys="
./.id_rsa.pub.$ip.tmp
"for ((i = 0; i < $; i++)); do
ip=$
user_name=$
pass_word=$
echo
"ip:$ip user:$user_name password:$pass_word
"tmp_file="
./.id_rsa.pub.$ip.tmp
"expect
scp $user_name@$ip:~/.ssh/id_rsa.pub $tmp_file
expect
"password
" }
expect eof
eof
cat $tmp_file >>~/.ssh/authorized_keys
rm -f $tmp_file
done
# 最後,將本地authorized_keys分發到每個主機上
echo
"#### [3] send local key to each host...
"for ((i = 0; i < $; i++)); do
ip=$
user_name=$
pass_word=$
echo
"ip:$ip user:$user_name password:$pass_word
"cmd="
scp /root/.ssh/authorized_keys root@$ip:/root/.ssh/authorized_keys
"if [ "
$user_name
" != "
root
" ]; then
cmd="
scp /home/$user_name/.ssh/authorized_keys $user_name@$ip:/home/$user_name/.ssh/authorized_keys"fi
expect
expect
"password
" }
expect eof
eofdone
echo
"[info]: config auto ssh success!
"
hadoop集群節點 ssh免密登入配置
vmware中有兩台centos客戶機 hadoop1和hadoop2,在客戶機hadoop1中通過如下命令登入hadoop2,將提示需要輸入hadoop2客戶機密碼。ssh hadoop2如果要做到hadoop1無需輸入密碼就能ssh登入到hadoop2,需要將hadoop1的公鑰註冊到hadoo...
Git 多賬戶配置SSH免密登入
問 為什麼要配置ssh?答 因為每次同步遠端 都需要輸入密碼,使人低效又煩躁。另外,github 不配置 ssh 會有大檔案限制,如果超過一定大小,會出現錯誤error54,就像這樣 git error rpc failed curl 56 libressl ssl read ssl error s...
centos7主機間免密登入 複製檔案
下面例項為三個節點間 1.分別在三個節點設定網域名稱對映 vi etc hosts 在檔案末尾追加 192.168.10.121 node1 192.168.10.122 node2 192.168.10.123 node3 2.建立ssh金鑰 分別在三個節點都執行 ssh keygen 回車4次。...