Linux ssh服务之免密码登录统一备份

SSH KEY免密码登录统一备份方案

[环境]
CentOS release 5.8 (Final)
2.6.18-308.el5
中心分发服务器A：Center-A：10.0.0.56
接收节点服务器B：Client-B：10.0.0.57
接收节点服务器C：Client-C：10.0.0.58
######添加新用户： 添加系统账号（避免禁止root ssh远程连接，造成的问题）

[Client-B]
#向Center-A发送公钥
[lican@Client-B .ssh]$ ssh-copy-id -i id_dsa.pub lican@10.0.0.56
10
lican@10.0.0.56's password:
Now try logging into the machine, with "ssh 'lican@10.0.0.56'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
[lican@Client-B .ssh]$ ll
total 12
-rw------- 1 lican lican 668 May 23 05:20 id_dsa
-rw-r--r-- 1 lican lican 604 May 23 05:20 id_dsa.pub
-rw-r--r-- 1 lican lican 391 May 22 07:55 known_hosts
#向节点Clinet-C拷贝私钥
[lican@Client-B .ssh]$ scp -P22 -p id_dsa lican@10.0.0.58:/home/lican/.ssh
The authenticity of host '10.0.0.58 (10.0.0.58)' can't be established.
RSA key fingerprint is 84:18:b2:a5:42:6e:7f:83:29:94:19:0e:3d:0a:88:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.58' (RSA) to the list of known hosts.
lican@10.0.0.58's password:
id_dsa 100% 668 0.7KB/s 00:00
#测试免密钥登陆Center-A
[lican@Client-B .ssh]$ ssh -p22 lican@10.0.0.56
[lican@Center-A ~]$ exit
logout

Connection to 10.0.0.56 closed.
[lican@Client-B .ssh]$

[Client-C]
#查看确认私钥，权限600
[lican@Client-C .ssh]$ ll
total 8
-rw------- 1 lican lican 668 May 23 2013 id_dsa
-rw-r--r-- 1 lican lican 391 May 21 23:57 known_hosts
#测试免密钥登陆Center-A
[lican@Client-C .ssh]$ ssh -p22 lican@10.0.0.56
Last login: Thu May 23 05:24:51 2013 from 10.0.0.58
[lican@Center-A ~]$ exit
logout
Connection to 10.0.0.56 closed.
[lican@Client-C .ssh]$

[Client-B]
[lican@Client-B .ssh]$ cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
#127.0.0.1 CoreStu localhost.localdomain localhost
#::1 localhost6.localdomain6 localhost6
10.0.0.57 Client-B
10.0.0.56 Center-A
10.0.0.58 Client-C
#Client-B 向Center-A 免密码登陆备份/etc/hosts文件（可以写到脚本内，但是因为是备份的，要是备份相同的数据，并且保障用户和端口都一致的话，可以使用）
[lican@Client-B .ssh]$ ssh -p22 lican@10.0.0.56 mkdir -p /tmp/$(/sbin/ifconfig eth0|sed -n '2p'|awk -F '[ :]+' '{print $4}')
[lican@Client-B .ssh]$ scp -P22 /etc/hosts lican@10.0.0.56:/tmp/$(/sbin/ifconfig eth0|sed -n '2p'|awk -F '[ :]+' '{print $4}')/host.$(date +%F%T)
hosts

[Center-A]
[lican@Center-A ~]$ tree /tmp/
/tmp/
`-- 10.0.0.57
`-- host.2013-05-2305:37:35

1 directory, 1 file
[lican@Center-A ~]$ cat /tmp/10.0.0.57/host.2013-05-2305\:37\:35
# Do not remove the following line, or various programs
# that require network functionality will fail.
#127.0.0.1 CoreStu localhost.localdomain localhost
#::1 localhost6.localdomain6 localhost6
10.0.0.57 Client-B
10.0.0.56 Center-A
10.0.0.58 Client-C