ssh passphrase 测试-阿里云开发者社区

开发者社区> 开发与运维> 正文

ssh passphrase 测试

简介: 前提 本文用于针对云平台下的 VM 中的 vclound 用户利用 ssh 密钥登录进行的测试 测试目标 vclound 用户需要利用 ssh key 进行登录 ssh key 验证时需要输入 passphrase 进行校验 在脚本中需要对多台电脑进行 vclound 用户登录测试时候, 进行 key 校验过程中, 只需要输入一次 passphrase 即可

前提

本文用于针对云平台下的 VM 中的 vclound 用户利用 ssh 密钥登录进行的测试

测试目标

vclound 用户需要利用 ssh key 进行登录
ssh key 验证时需要输入 passphrase 进行校验
在脚本中需要对多台电脑进行 vclound 用户登录测试时候,   进行 key 校验过程中, 只需要输入一次 passphrase 即可同时以 vclound 用户登录多台电脑

测试机器

ip address role
192.168.209.100 controll server
192.168.209.101 ssh 测试对象
192.168.209.102 ssh 测试对象
192.168.209.103 ssh 测试对象
192.168.209.104 ssh 测试对象

创建用户

useradd vclound

为 vclound 用户创建 passphrase

[vclound@gz-controller-209100 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vclound/.ssh/id_rsa):
Created directory '/home/vclound/.ssh'.
Enter passphrase (empty for no passphrase):   <- 输入 passphrase
Enter same passphrase again:                  <- 重复输入 passphrase
Your identification has been saved in /home/vclound/.ssh/id_rsa.
Your public key has been saved in /home/vclound/.ssh/id_rsa.pub.
The key fingerprint is:
f4:d6:d0:03:c6:7c:b8:e8:54:80:57:d8:8f:1d:ce:68 vclound@gz-controller-209100.vclound.com
The key's randomart image is:
+--[ RSA 2048]----+
|       ..B+.     |
|      . o.*oo    |
|       ..o.Xo.   |
|       .o.Eo=.   |
|       oS.o .    |
|        ..       |
|                 |
|                 |
|                 |
+-----------------+

为 ssh 测试对象创建 vclound 用户

[root@gz-controller-209100 ~]# ssh 192.168.209.101 useradd vclound
[root@gz-controller-209100 ~]# ssh 192.168.209.102 useradd vclound
[root@gz-controller-209100 ~]# ssh 192.168.209.103 useradd vclound
[root@gz-controller-209100 ~]# ssh 192.168.209.104 useradd vclound

传输 ssh key 到 ssh 测试对象

[root@gz-controller-209100 ~]# ssh 192.168.209.101 mkdir /home/vclound/.ssh/
[root@gz-controller-209100 ~]# ssh 192.168.209.102 mkdir /home/vclound/.ssh/
[root@gz-controller-209100 ~]# ssh 192.168.209.103 mkdir /home/vclound/.ssh/
[root@gz-controller-209100 ~]# ssh 192.168.209.104 mkdir /home/vclound/.ssh/
[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub  192.168.209.101:/home/vclound/.ssh/authorized_keys
id_rsa.pub                                                                                  100%  422     0.4KB/s   00:00
[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub  192.168.209.102:/home/vclound/.ssh/authorized_keys
id_rsa.pub                                                                                  100%  422     0.4KB/s   00:00
[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub  192.168.209.103:/home/vclound/.ssh/authorized_keys
id_rsa.pub                                                                                  100%  422     0.4KB/s   00:00
[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub  192.168.209.104:/home/vclound/.ssh/authorized_keys
id_rsa.pub                                                                                  100%  422     0.4KB/s   00:00

创建脚本测试

[vclound@gz-controller-209100 ~]$ cat /home/vclound/ssh_test.sh
#!/bin/bash
# just test ssh login and show up ip address
# terry tsang

for id in 1 2 3 4
do
  ssh 192.168.209.10$id /sbin/ifconfig bond0 |  awk -F[:\ ] '/netmask/ {print $10}'
done

参见下面执行方法

注: 在执行 ssh-agent bash 后, 将会产生 bash 子进程, 并且利用 ssh-add 导入 id_rsa 后, 将需要输入 passphrase , 并把密钥信息保存到当前 bash 中, 在执行脚本后, 建议执行 exit 退出该 shell

[vclound@gz-controller-209100 ~]$ ssh-agent bash
[vclound@gz-controller-209100 ~]$ ssh-add /home/vclound/.ssh/id_rsa
Enter passphrase for /home/vclound/.ssh/id_rsa:   <- 输入 passphrase
Identity added: /home/vclound/.ssh/id_rsa (/home/vclound/.ssh/id_rsa)
[vclound@gz-controller-209100 ~]$ ./ssh_test.sh
192.168.209.101
192.168.209.102
192.168.209.103
192.168.209.104

修改 passphrase 方法

[vclound@gz-controller-209100 ~]$ ssh-keygen -p
Enter file in which the key is (/home/vclound/.ssh/id_rsa):    <- 输入私钥存放位置
Enter old passphrase:                                          <- 输入旧的 passphrase 
Key has comment '/home/vclound/.ssh/id_rsa'
Enter new passphrase (empty for no passphrase):                <- 输入新的 passphrase
Enter same passphrase again:                                   <- 重复输入新的 passphrase
Your identification has been saved with the new passphrase.

测试新 passphrase

[vclound@gz-controller-209100 ~]$ ssh-agent bash
[vclound@gz-controller-209100 ~]$  ssh-add /home/vclound/.ssh/id_rsa
Enter passphrase for /home/vclound/.ssh/id_rsa:                           <- 输入新的 passphrase 
Identity added: /home/vclound/.ssh/id_rsa (/home/vclound/.ssh/id_rsa)
[vclound@gz-controller-209100 ~]$ ./ssh_test.sh
192.168.209.101
192.168.209.102
192.168.209.103
192.168.209.104
[vclound@gz-controller-209100 ~]$ exit                                     <- 退出 ssh-agent shell
exit
[vclound@gz-controller-209100 ~]$

版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

分享:
开发与运维
使用钉钉扫一扫加入圈子
+ 订阅

集结各类场景实战经验,助你开发运维畅行无忧

其他文章