前提
本文用于针对云平台下的 VM 中的 vclound 用户利用 ssh 密钥登录进行的测试测试目标
vclound 用户需要利用 ssh key 进行登录
ssh key 验证时需要输入 passphrase 进行校验
在脚本中需要对多台电脑进行 vclound 用户登录测试时候, 进行 key 校验过程中, 只需要输入一次 passphrase 即可同时以 vclound 用户登录多台电脑测试机器
| ip address | role |
|---|---|
| 192.168.209.100 | controll server |
| 192.168.209.101 | ssh 测试对象 |
| 192.168.209.102 | ssh 测试对象 |
| 192.168.209.103 | ssh 测试对象 |
| 192.168.209.104 | ssh 测试对象 |
创建用户
useradd vclound为 vclound 用户创建 passphrase
[vclound@gz-controller-209100 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vclound/.ssh/id_rsa):
Created directory '/home/vclound/.ssh'.
Enter passphrase (empty for no passphrase): <- 输入 passphrase
Enter same passphrase again: <- 重复输入 passphrase
Your identification has been saved in /home/vclound/.ssh/id_rsa.
Your public key has been saved in /home/vclound/.ssh/id_rsa.pub.
The key fingerprint is:
f4:d6:d0:03:c6:7c:b8:e8:54:80:57:d8:8f:1d:ce:68 vclound@gz-controller-209100.vclound.com
The key's randomart image is:
+--[ RSA 2048]----+
| ..B+. |
| . o.*oo |
| ..o.Xo. |
| .o.Eo=. |
| oS.o . |
| .. |
| |
| |
| |
+-----------------+为 ssh 测试对象创建 vclound 用户
[root@gz-controller-209100 ~]# ssh 192.168.209.101 useradd vclound
[root@gz-controller-209100 ~]# ssh 192.168.209.102 useradd vclound
[root@gz-controller-209100 ~]# ssh 192.168.209.103 useradd vclound
[root@gz-controller-209100 ~]# ssh 192.168.209.104 useradd vclound传输 ssh key 到 ssh 测试对象
[root@gz-controller-209100 ~]# ssh 192.168.209.101 mkdir /home/vclound/.ssh/
[root@gz-controller-209100 ~]# ssh 192.168.209.102 mkdir /home/vclound/.ssh/
[root@gz-controller-209100 ~]# ssh 192.168.209.103 mkdir /home/vclound/.ssh/
[root@gz-controller-209100 ~]# ssh 192.168.209.104 mkdir /home/vclound/.ssh/
[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub 192.168.209.101:/home/vclound/.ssh/authorized_keys
id_rsa.pub 100% 422 0.4KB/s 00:00
[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub 192.168.209.102:/home/vclound/.ssh/authorized_keys
id_rsa.pub 100% 422 0.4KB/s 00:00
[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub 192.168.209.103:/home/vclound/.ssh/authorized_keys
id_rsa.pub 100% 422 0.4KB/s 00:00
[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub 192.168.209.104:/home/vclound/.ssh/authorized_keys
id_rsa.pub 100% 422 0.4KB/s 00:00创建脚本测试
[vclound@gz-controller-209100 ~]$ cat /home/vclound/ssh_test.sh
#!/bin/bash
# just test ssh login and show up ip address
# terry tsang
for id in 1 2 3 4
do
ssh 192.168.209.10$id /sbin/ifconfig bond0 | awk -F[:\ ] '/netmask/ {print $10}'
done参见下面执行方法
注: 在执行 ssh-agent bash 后, 将会产生 bash 子进程, 并且利用 ssh-add 导入 id_rsa 后, 将需要输入 passphrase , 并把密钥信息保存到当前 bash 中, 在执行脚本后, 建议执行 exit 退出该 shell
[vclound@gz-controller-209100 ~]$ ssh-agent bash
[vclound@gz-controller-209100 ~]$ ssh-add /home/vclound/.ssh/id_rsa
Enter passphrase for /home/vclound/.ssh/id_rsa: <- 输入 passphrase
Identity added: /home/vclound/.ssh/id_rsa (/home/vclound/.ssh/id_rsa)
[vclound@gz-controller-209100 ~]$ ./ssh_test.sh
192.168.209.101
192.168.209.102
192.168.209.103
192.168.209.104修改 passphrase 方法
[vclound@gz-controller-209100 ~]$ ssh-keygen -p
Enter file in which the key is (/home/vclound/.ssh/id_rsa): <- 输入私钥存放位置
Enter old passphrase: <- 输入旧的 passphrase
Key has comment '/home/vclound/.ssh/id_rsa'
Enter new passphrase (empty for no passphrase): <- 输入新的 passphrase
Enter same passphrase again: <- 重复输入新的 passphrase
Your identification has been saved with the new passphrase.测试新 passphrase
[vclound@gz-controller-209100 ~]$ ssh-agent bash
[vclound@gz-controller-209100 ~]$ ssh-add /home/vclound/.ssh/id_rsa
Enter passphrase for /home/vclound/.ssh/id_rsa: <- 输入新的 passphrase
Identity added: /home/vclound/.ssh/id_rsa (/home/vclound/.ssh/id_rsa)
[vclound@gz-controller-209100 ~]$ ./ssh_test.sh
192.168.209.101
192.168.209.102
192.168.209.103
192.168.209.104
[vclound@gz-controller-209100 ~]$ exit <- 退出 ssh-agent shell
exit
[vclound@gz-controller-209100 ~]$
