#基于SSH的堡垒机,远程管理各个服务器:
#实验条件:3台基于centos系统的服务器,堡垒机为centos7,2台centos6、centos8;
#修改/etc/ssh/ssh_config配置文件内:
# StrictHostKeyChecking ask 改成 StrictHostKeyChecking no //关闭登录询问提示;
#在堡垒机上使用ssh-keygen生成公私钥:
[root@CentOS7 ~]#ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Bjlsj1SmtIWw155Q1Trki31FfNV08dMC2AqKKdUC96c root@CentOS7
The key's randomart image is:
+---[RSA 2048]----+
| ..oo..=..+.. oB|
| .o=oX. o o.o *|
| ..+&.o+ o ..oo|
| . o+.X .= ...|
| . E So o . |
| .. o . |
| . |
| |
| |
+----[SHA256]-----+
#查看是否生成: [root@CentOS7 ~]#ll .ssh/ total 8 -rw-------. 1 root root 1675 Nov 6 20:47 id_rsa -rw-r--r--. 1 root root 394 Nov 6 20:47 id_rsa.pub
#使用ssh提供的ssh-copy-id工具拷贝到centos8上; [root@CentOS7 ~]#ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.37.106 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '192.168.37.106 (192.168.37.106)' can't be established. ECDSA key fingerprint is SHA256:ECZCx5fZY9+sPSWbOZb2So7KkLCcnfXIAei7Rl9k84w. ECDSA key fingerprint is MD5:fd:95:82:5a:db:f7:e2:96:82:17:20:4e:b8:23:22:c3. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.37.106's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.37.106'" and check to make sure that only the key(s) you wanted were added.
#登录centos8: [root@CentOS7 ~]#ssh 192.168.37.106 Activate the web console with: systemctl enable --now cockpit.socket
Last login: Wed Nov 6 20:43:03 2019 from 192.168.37.1 [root@CentOS8 ~]#
#centos6同上;
#为增强centos7堡垒机的安全,给私钥设置密码: [root@CentOS7 ~]#ssh-keygen -p Enter file in which the key is (/root/.ssh/id_rsa): Enter new passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved with the new passphrase.
#使用ssh工具代理私钥密码,授权一次密码就不再输密码,除非堡垒机centos7终端退出: [root@CentOS7 ~]#ssh-agent bash [root@CentOS7 ~]#ssh-add Enter passphrase for /root/.ssh/id_rsa: Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
本文来自投稿,不代表本人立场,如若转载,请注明出处:http://www.sosokankan.com/article/1479396.html