一、远程连接服务原理
1)基于密码方式访问服务器
2)基于密钥方式访问多台服务器
客户端端向服务器发送建## 标题立ssh服务请求
并创建密钥对,将公钥推送到服务器
服务器用公钥质询客户端
客户端用私钥解密再发送到服务器
二、远程连接实现方式
1)命令行方式实现
a.创建秘钥对
[root@web2 ~]# ssh-keygen -t rsa
[root@web2 ~]# ll /root/.ssh/
total 8
-rw------- 1 root root 1675 Jan 17 10:25 id_rsa
-rw-r--r-- 1 root root 391 Jan 17 10:25 id_rsa.pub
b.向服务器传送公钥信息
[root@web2 ~]# ssh-copy-id -i /root/.ssh/id_rsa 10.0.0.9
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.0.9 (10.0.0.9)' can't be established.
ECDSA key fingerprint is SHA256:Ad2udxtqrRU6RVpIlG35wl9p3fLLaJ4Lsvb5n9lzN3c.
ECDSA key fingerprint is MD5:05:1f:c9:80:b2:4c:0e:3f:05:f4:08:5d:6f:8b:8b:61.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '10.0.0.9'"
and check to make sure that only the key(s) you wanted were added.
c.远程连接测试
[root@web2 ~]# ssh 10.0.0.9
Last login: Fri Jan 17 10:24:39 2020 from 10.0.0.1
[root@web3 ~]# ll /root/.ssh/
total 4
-rw------- 1 root root 391 Jan 17 10:27 authorized_keys
2)用脚本方式管理多台服务器
准备需要连接的服务器地址
[root@manager scripts]# ls
2.distribute_public_key.sh ip.txt
[root@manager scripts]# cat ip.txt
10.0.0.31
10.0.0.41
10.0.0.7
10.0.0.8
脚本内容:
[root@manager scripts]# cat 2.distribute_public_key.sh
#!/bin/bash
for ip in $(cat /scripts/ip.txt)
do
sshpass -p123456 ssh-copy-id -i /root/.ssh/id_rsa.pub 10.0.0.7 -o StrictHostKeyChecking=no &>/dev/null
if [ $? -eq 0 ]
then
echo "to $ip distribute_key "
echo "public key distribute ok"
echo ""
else
echo "to $ip distribute_key"
echo "public key distribute no"
echo ""
fi
done
测试连接结果
[root@manager scripts]# sh 2.distribute_public_key.sh
to 10.0.0.31 distribute_key
public key distribute ok
to 10.0.0.41 distribute_key
public key distribute ok
to 10.0.0.7 distribute_key
public key distribute ok
to 10.0.0.8 distribute_key
public key distribute ok
脚本2:基于不同的ip地址,端口,密码
[root@manager scripts]# ls
3.distribute_public_key.sh ip_list.txt
#!/bin/bash
for host in $(cat /server/scripts/ip_list.txt)
do
host_ip=$(echo $host|awk -F ":" '{print $1}')
host_pass=$(echo $host|awk -F ":" '{print $2}')
host_port=$(echo $host|awk -F ":" '{print $3}')
sshpass -p$host_pass ssh-copy-id -i /root/.ssh/id_rsa.pub $host_ip -o StrictHostKeyChecking=no -p$host_port &>/dev/null
if [ $? -eq 0 ]
then
echo "to $host_ip distribute_key "
echo "public key distribute ok"
echo ""
else
echo "to $host_ip distribute_key"
echo "public key distribute no"
echo ""
fi
done
为了便于操作 密码端口设置一样
[root@manager scripts]# cat ip_list.txt
172.16.1.7:123456:22
172.16.1.8:123456:22
172.16.1.31:123456:22
172.16.1.41:123456:22
查看连接结果
[root@manager scripts]# sh 3.distribute_public_key.sh
to 172.16.1.7 distribute_key
public key distribute ok
to 172.16.1.8 distribute_key
public key distribute ok
to 172.16.1.31 distribute_key
public key distribute ok
to 172.16.1.41 distribute_key
public key distribute ok
[root@manager scripts]# ssh 10.0.0.7
Last login: Fri Jan 17 09:25:30 2020 from 10.0.0.61