Linux入门——SSH免密登录

SSH免密登录

1.简介

SSH是一种网络协议，用于计算机之间的加密登录.

本文针对的实现是OpenSSH，它是自由软件，应用非常广泛。

2.初始化公钥私钥

有rsa，dsa两种加密方式,生成的公钥私钥都存放在当前用户的ssh目录下（即～/.ssh/）

rsa

ssh-keygen -t rsa

3.～/.ssh目录解析

3.1 id_rsa

私钥

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwFBsjOKcmz8Hhz7ig+6XZjIakDgqoo4l3U0BIJQjvLRrIBrP
c3NYeqkn5MQ1oQjvzdOgx3exzIs3cCD2cBcYMg4zlHLfrT90g9TV8TA7KvI74YSp
zTqIJaADMpQ/gG9HMg+zFWGj+rd4Jhc1gx8COs7Um+9vxDAmA473++97NnV/MAvq
QQkjWr7Pb9u3r+vfV4F1RkWa8QzJAo3rquCmUVvlge2GhV5PWJr0vTbotdU0hZt5
KjzaYGjIMAmgk6StJPUu+bUhe2fqPj2LDUpf8OqjIeEuRHO1cYlajQoXxbr90GHu
iS/JzUGaLfQmx4wy7HLN+EsE5wAO75vDyy9VqwIDAQABAoIBAGpBhVhqNMEKGCy/
sAPZJcmPUWHxxoy+IWmejErlzsEKpk28wnY1euN65tHdHwx0lZqRnTnYhmJPYTgQ
3licSgAOHK2esrtUXhog1HxIe8iEwlUeKXt9JZA0Us/1XQincxzT08yygBmcmUPi
euyRi3fWo13s80HgoIBC0/1dGiTB3GW522L1ipS0U2BtP722VWpCNXjWwq4CaBru
YGazVQu6Icv2nTn5ms++odcIojdLCkPymqqJxyMNpSBQV4VwED5eUOLzeJ4r3Lzs
+ExelibTMSmTQOl9FGU+ST0C4MYisr/r7ZOMeK5QLqT/0IfZQUFMjqASYV9ghLTw
5+FU1oECgYEA8yyxY9uFVyw9KwtPefnNEP0Apb9s6W1pQz5ivnJC6SN1inijcLFP
4I5cH1zhrtO6A8ZN6ndHtPFyjeBgucjV26OafiWsPGwG1T2Se6fzF5TDWdbm7Sxv
EsAGExbWRy9er/no2PeCaXMhkykQAzH+2yHO8rmZ39b7S0eZzympliECgYEAynUF
bJXzdl2n8jZraEsjdtanGlxpVQyL0tGDXvUHtDiqfcbmgTrKM/WLlkJEuvcmwoVh
ZCFfJ3a0csy6wt1ctoJsx9348rxY5yCyYDkpgjW2T1M7cvzbEMTdg/wa3BNm6q9/
wwLEPRw6t2sMLAOL8w5e6V21G5rUR00T5KMhGksCgYBuc0NTLtcepBpYXbfImDyb
Vb8giZTnZWmlQEXLaMyZZiCyN19NBUxZm2+eUyqypLpdkom7UFhCiFRWuq5UVDNG
osW+PFBB1XM5EdFh1wPkFw6v1Jto6IC+zHc13m6PQKXKWkF3otwaF1ANrl32hZPT
ZkTAHKsWb2gOZkQnQy4i4QKBgCC3vpOou/qR8hUrhDoLgoSu9bxF2OPcri/4mdFb
qc4PJkZDQXb66DhzYwZ6WR8Z19KxuWZ0GiuHfGvc+AWLvnLkKu41ygh4NanMV+dC
9ZlMUtUI71+Ky2AvYFj3AeQ04nnkuLHsHYh+qmJ/0yy9uf0igmYWNbFrWQjYxPE7
B5t3AoGBALgt3IvOYXWwFcH3QHWK//a6YtA5ViCPaNcaCQYUSF5ZdwUIDrudTzU/
/LNy2TA58LwoWD5C0ydVnfoxV251V1WPbMEI8U0uUPZa3huLHS7RURSnNvSpCC6Y
NeV41WisQBmKk+R41yVmmLDOwseZKtYjOtSYB5g30C7a19/nhx7Q
-----END RSA PRIVATE KEY-----

3.2 id_rsa.pub

公钥: 可用于gitlab, github的ssh clone

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAUGyM4pybPweHPuKD7pdmMhqQOCqijiXdTQEglCO8tGsgGs9zc1h6qSfkxDWhCO/N06DHd7HMizdwIPZwFxgyDjOUct+tP3SD1NXxMDsq8jvhhKnNOogloAMylD+Ab0cyD7MVYaP6t3gmFzWDHwI6ztSb72/EMCYDjvf773s2dX8wC+pBCSNavs9v27ev699XgXVGRZrxDMkCjeuq4KZRW+WB7YaFXk9YmvS9Nui11TSFm3kqPNpgaMgwCaCTpK0k9S75tSF7Z+o+PYsNSl/w6qMh4S5Ec7VxiVqNChfFuv3QYe6JL8nNQZot9CbHjDLscs34SwTnAA7vm8PLL1Wr linxiaojun@linxiaojun-XPS-13-9350

3.3 authorized_keys

存储其它服务器（包括自身）的公钥，用于免密登录

ssh-copy-id user@ip 就是把id_rsa.pub拷贝到这个文件

3.4 known_hosts

存放被信任的主机

4.案例

假设本机ip为192.168.100.101, 用户为test101, 密码为123

目标主机ip为192.168.100.102, 用户为test102, 密码为123

# 分别在101, 102生成公钥私钥

# 101
ssh-keygen -t rsa
输入3次回车，即采用默认配置

ssh
# 102
ssh-keygen -t rsa
输入3次回车，即采用默认配置
# 将id_rsa.pub拷贝到101
ssh-copy-id test101@192.168.100.101

# 回到101，将id_rsa.pub拷贝到102
ssh-copy-id test102@192.168.100.102

# 接下来可以在101,102之间进行免密登录

5.一键自动化实现

5.1 expect浅析

expect是一个免费的编程工具语言，用来实现自动和交互式任务进行通信，而无需人的干预。

expect是不断发展的，随着时间的流逝，其功能越来越强大，已经成为系统管理员的的一个强大助手。

expect需要Tcl编程语言的支持，要在系统上运行expect必须首先安装Tcl

5.2 expect安装

wget http://sourceforge.net/projects/expect/files/Expect/5.45/expect5.45.tar.gz/download
tar xzvf expect5.45.tar.gz

cd expect5.45
./configure --prefix=/usr/expect --with-tcl=/usr/tcl/lib --with-tclinclude=../tcl8.4.11/generic
make
make install

5.2 实现脚本

假设目标主机ip为192.168.100.101, 用户为test, 密码为123

#!/bin/bash
set -x

dst_ip=192.168.100.101
dst_user=test
dst_passwd=123

expect -c "set timeout 30;
        spawn ssh $dst_user@$dst_ip;
        expect {
            "*(yes/no)?*" { send "yes
";exp_continue }
            "*password:*" { send "$dst_passwd
" }
        }
        expect "]*"
                        send "ssh-keygen -t rsa
";
                        expect "*(/home/$dst_user/.ssh/id_rsa):*";
                        send "
";
        expect {
            "*(y/n)*" { send "y
";exp_continue }
            "*(empty for no passphrase):*" { send "
" }
        }
        expect "*passphrase again:*";
        send "
";
        expect eof
        ";

参考网站

http://www.ruanyifeng.com/blog/2011/12/ssh_remote_login.html

https://blog.csdn.net/leexide/article/details/17485451