前提
本文用于针对云平台下的 VM 中的 vclound 用户利用 ssh 密钥登录进行的测试
测试目标
vclound 用户需要利用 ssh key 进行登录ssh key 验证时需要输入 passphrase 进行校验在脚本中需要对多台电脑进行 vclound 用户登录测试时候, 进行 key 校验过程中, 只需要输入一次 passphrase 即可同时以 vclound 用户登录多台电脑
测试机器
ip address | role |
---|---|
192.168.209.100 | controll server |
192.168.209.101 | ssh 测试对象 |
192.168.209.102 | ssh 测试对象 |
192.168.209.103 | ssh 测试对象 |
192.168.209.104 | ssh 测试对象 |
创建用户
useradd vclound
为 vclound 用户创建 passphrase
[vclound@gz-controller-209100 ~]$ ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/home/vclound/.ssh/id_rsa):Created directory '/home/vclound/.ssh'.Enter passphrase (empty for no passphrase): <- 输入 passphraseEnter same passphrase again: <- 重复输入 passphraseYour identification has been saved in /home/vclound/.ssh/id_rsa.Your public key has been saved in /home/vclound/.ssh/id_rsa.pub.The key fingerprint is:f4:d6:d0:03:c6:7c:b8:e8:54:80:57:d8:8f:1d:ce:68 vclound@gz-controller-209100.vclound.comThe key's randomart image is:+--[ RSA 2048]----+| ..B+. || . o.*oo || ..o.Xo. || .o.Eo=. || oS.o . || .. || || || |+-----------------+
为 ssh 测试对象创建 vclound 用户
[root@gz-controller-209100 ~]# ssh 192.168.209.101 useradd vclound[root@gz-controller-209100 ~]# ssh 192.168.209.102 useradd vclound[root@gz-controller-209100 ~]# ssh 192.168.209.103 useradd vclound[root@gz-controller-209100 ~]# ssh 192.168.209.104 useradd vclound
传输 ssh key 到 ssh 测试对象
[root@gz-controller-209100 ~]# ssh 192.168.209.101 mkdir /home/vclound/.ssh/[root@gz-controller-209100 ~]# ssh 192.168.209.102 mkdir /home/vclound/.ssh/[root@gz-controller-209100 ~]# ssh 192.168.209.103 mkdir /home/vclound/.ssh/[root@gz-controller-209100 ~]# ssh 192.168.209.104 mkdir /home/vclound/.ssh/[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub 192.168.209.101:/home/vclound/.ssh/authorized_keysid_rsa.pub 100% 422 0.4KB/s 00:00[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub 192.168.209.102:/home/vclound/.ssh/authorized_keysid_rsa.pub 100% 422 0.4KB/s 00:00[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub 192.168.209.103:/home/vclound/.ssh/authorized_keysid_rsa.pub 100% 422 0.4KB/s 00:00[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub 192.168.209.104:/home/vclound/.ssh/authorized_keysid_rsa.pub 100% 422 0.4KB/s 00:00
创建脚本测试
[vclound@gz-controller-209100 ~]$ cat /home/vclound/ssh_test.sh#!/bin/bash# just test ssh login and show up ip address# terry tsangfor id in 1 2 3 4do ssh 192.168.209.10$id /sbin/ifconfig bond0 | awk -F[:\ ] '/netmask/ {print $10}'done
参见下面执行方法
注: 在执行 ssh-agent bash 后, 将会产生 bash 子进程, 并且利用 ssh-add 导入 id_rsa 后, 将需要输入 passphrase , 并把密钥信息保存到当前 bash 中, 在执行脚本后, 建议执行 exit 退出该 shell
[vclound@gz-controller-209100 ~]$ ssh-agent bash[vclound@gz-controller-209100 ~]$ ssh-add /home/vclound/.ssh/id_rsaEnter passphrase for /home/vclound/.ssh/id_rsa: <- 输入 passphraseIdentity added: /home/vclound/.ssh/id_rsa (/home/vclound/.ssh/id_rsa)[vclound@gz-controller-209100 ~]$ ./ssh_test.sh192.168.209.101192.168.209.102192.168.209.103192.168.209.104
修改 passphrase 方法
[vclound@gz-controller-209100 ~]$ ssh-keygen -pEnter file in which the key is (/home/vclound/.ssh/id_rsa): <- 输入私钥存放位置Enter old passphrase: <- 输入旧的 passphrase Key has comment '/home/vclound/.ssh/id_rsa'Enter new passphrase (empty for no passphrase): <- 输入新的 passphraseEnter same passphrase again: <- 重复输入新的 passphraseYour identification has been saved with the new passphrase.
测试新 passphrase
[vclound@gz-controller-209100 ~]$ ssh-agent bash[vclound@gz-controller-209100 ~]$ ssh-add /home/vclound/.ssh/id_rsaEnter passphrase for /home/vclound/.ssh/id_rsa: <- 输入新的 passphrase Identity added: /home/vclound/.ssh/id_rsa (/home/vclound/.ssh/id_rsa)[vclound@gz-controller-209100 ~]$ ./ssh_test.sh192.168.209.101192.168.209.102192.168.209.103192.168.209.104[vclound@gz-controller-209100 ~]$ exit <- 退出 ssh-agent shellexit[vclound@gz-controller-209100 ~]$
联系客服