前提
本文用于针对云平台下的 VM 中的 vclound 用户利用 ssh 密钥登录进行的测试测试目标
vclound 用户需要利用 ssh key 进行登录 ssh key 验证时需要输入 passphrase 进行校验 在脚本中需要对多台电脑进行 vclound 用户登录测试时候, 进行 key 校验过程中, 只需要输入一次 passphrase 即可同时以 vclound 用户登录多台电脑测试机器
ip addressrole192.168.209.100controll server192.168.209.101ssh 测试对象192.168.209.102ssh 测试对象192.168.209.103ssh 测试对象192.168.209.104ssh 测试对象创建用户
useradd vclound为 vclound 用户创建 passphrase
[vclound@gz-controller-209100 ~]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/vclound/.ssh/id_rsa): Created directory '/home/vclound/.ssh'. Enter passphrase (empty for no passphrase): <- 输入 passphrase Enter same passphrase again: <- 重复输入 passphrase Your identification has been saved in /home/vclound/.ssh/id_rsa. Your public key has been saved in /home/vclound/.ssh/id_rsa.pub. The key fingerprint is: f4:d6:d0:03:c6:7c:b8:e8:54:80:57:d8:8f:1d:ce:68 vclound@gz-controller-209100.vclound.com The key's randomart image is: +--[ RSA 2048]----+ | ..B+. | | . o.*oo | | ..o.Xo. | | .o.Eo=. | | oS.o . | | .. | | | | | | | +-----------------+为 ssh 测试对象创建 vclound 用户
[root@gz-controller-209100 ~]# ssh 192.168.209.101 useradd vclound [root@gz-controller-209100 ~]# ssh 192.168.209.102 useradd vclound [root@gz-controller-209100 ~]# ssh 192.168.209.103 useradd vclound [root@gz-controller-209100 ~]# ssh 192.168.209.104 useradd vclound传输 ssh key 到 ssh 测试对象
[root@gz-controller-209100 ~]# ssh 192.168.209.101 mkdir /home/vclound/.ssh/ [root@gz-controller-209100 ~]# ssh 192.168.209.102 mkdir /home/vclound/.ssh/ [root@gz-controller-209100 ~]# ssh 192.168.209.103 mkdir /home/vclound/.ssh/ [root@gz-controller-209100 ~]# ssh 192.168.209.104 mkdir /home/vclound/.ssh/ [root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub 192.168.209.101:/home/vclound/.ssh/authorized_keys id_rsa.pub 100% 422 0.4KB/s 00:00 [root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub 192.168.209.102:/home/vclound/.ssh/authorized_keys id_rsa.pub 100% 422 0.4KB/s 00:00 [root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub 192.168.209.103:/home/vclound/.ssh/authorized_keys id_rsa.pub 100% 422 0.4KB/s 00:00 [root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub 192.168.209.104:/home/vclound/.ssh/authorized_keys id_rsa.pub 100% 422 0.4KB/s 00:00创建脚本测试
[vclound@gz-controller-209100 ~]$ cat /home/vclound/ssh_test.sh #!/bin/bash # just test ssh login and show up ip address # terry tsang for id in 1 2 3 4 do ssh 192.168.209.10$id /sbin/ifconfig bond0 | awk -F[:\ ] '/netmask/ {print $10}' done参见下面执行方法
注: 在执行 ssh-agent bash 后, 将会产生 bash 子进程, 并且利用 ssh-add 导入 id_rsa 后, 将需要输入 passphrase , 并把密钥信息保存到当前 bash 中, 在执行脚本后, 建议执行 exit 退出该 shell
[vclound@gz-controller-209100 ~]$ ssh-agent bash [vclound@gz-controller-209100 ~]$ ssh-add /home/vclound/.ssh/id_rsa Enter passphrase for /home/vclound/.ssh/id_rsa: <- 输入 passphrase Identity added: /home/vclound/.ssh/id_rsa (/home/vclound/.ssh/id_rsa) [vclound@gz-controller-209100 ~]$ ./ssh_test.sh 192.168.209.101 192.168.209.102 192.168.209.103 192.168.209.104修改 passphrase 方法
[vclound@gz-controller-209100 ~]$ ssh-keygen -p Enter file in which the key is (/home/vclound/.ssh/id_rsa): <- 输入私钥存放位置 Enter old passphrase: <- 输入旧的 passphrase Key has comment '/home/vclound/.ssh/id_rsa' Enter new passphrase (empty for no passphrase): <- 输入新的 passphrase Enter same passphrase again: <- 重复输入新的 passphrase Your identification has been saved with the new passphrase.测试新 passphrase
[vclound@gz-controller-209100 ~]$ ssh-agent bash [vclound@gz-controller-209100 ~]$ ssh-add /home/vclound/.ssh/id_rsa Enter passphrase for /home/vclound/.ssh/id_rsa: <- 输入新的 passphrase Identity added: /home/vclound/.ssh/id_rsa (/home/vclound/.ssh/id_rsa) [vclound@gz-controller-209100 ~]$ ./ssh_test.sh 192.168.209.101 192.168.209.102 192.168.209.103 192.168.209.104 [vclound@gz-controller-209100 ~]$ exit <- 退出 ssh-agent shell exit [vclound@gz-controller-209100 ~]$