Linux ssh服务之免密码登录统一备份方案

SSH KEY免密码登录统一备份方案

[环境]
CentOS release 5.8 (Final)
2.6.18-308.el5
中心分发服务器A:Center-A:10.0.0.56
接收节点服务器B:Client-B:10.0.0.57
接收节点服务器C:Client-C:10.0.0.58
######添加新用户: 添加系统账号(避免禁止root ssh远程连接,造成的问题)

[Client-B]
#向Center-A发送公钥
[lican@Client-B .ssh]$ ssh-copy-id -i id_dsa.pub lican@10.0.0.56
10
lican@10.0.0.56's password: 
Now try logging into the machine, with "ssh 'lican@10.0.0.56'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
[lican@Client-B .ssh]$ ll
total 12
-rw------- 1 lican lican 668 May 23 05:20 id_dsa
-rw-r--r-- 1 lican lican 604 May 23 05:20 id_dsa.pub
-rw-r--r-- 1 lican lican 391 May 22 07:55 known_hosts

#向节点Clinet-C拷贝私钥
[lican@Client-B .ssh]$ scp -P22 -p id_dsa lican@10.0.0.58:/home/lican/.ssh
The authenticity of host '10.0.0.58 (10.0.0.58)' can't be established.
RSA key fingerprint is 84:18:b2:a5:42:6e:7f:83:29:94:19:0e:3d:0a:88:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.58' (RSA) to the list of known hosts.
lican@10.0.0.58's password: 
id_dsa                                                                   100%  668     0.7KB/s   00:00
   
#测试免密钥登陆Center-A
[lican@Client-B .ssh]$ ssh -p22 lican@10.0.0.56
[lican@Center-A ~]$ exit
logout

Connection to 10.0.0.56 closed.
[lican@Client-B .ssh]$ 

[Client-C]
#查看确认私钥,权限600
[lican@Client-C .ssh]$ ll
total 8
-rw------- 1 lican lican 668 May 23  2013 id_dsa
-rw-r--r-- 1 lican lican 391 May 21 23:57 known_hosts

#测试免密钥登陆Center-A
[lican@Client-C .ssh]$ ssh -p22 lican@10.0.0.56
Last login: Thu May 23 05:24:51 2013 from 10.0.0.58
[lican@Center-A ~]$ exit
logout
Connection to 10.0.0.56 closed.
[lican@Client-C .ssh]$ 

[Client-B]
[lican@Client-B .ssh]$ cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
#127.0.0.1              CoreStu localhost.localdomain localhost
#::1            localhost6.localdomain6 localhost6
10.0.0.57       Client-B
10.0.0.56       Center-A
10.0.0.58       Client-C

#Client-B 向Center-A 免密码登陆备份/etc/hosts文件(可以写到脚本内,但是因为是备份的,要是备份相同的数据,并且保障用户和端口都一致的话,可以使用)
[lican@Client-B .ssh]$ ssh -p22 lican@10.0.0.56 mkdir -p /tmp/$(/sbin/ifconfig eth0|sed -n '2p'|awk -F '[ :]+' '{print $4}') 
[lican@Client-B .ssh]$ scp -P22 /etc/hosts lican@10.0.0.56:/tmp/$(/sbin/ifconfig eth0|sed -n '2p'|awk -F '[ :]+' '{print $4}')/host.$(date +%F%T)
hosts 

[Center-A]
[lican@Center-A ~]$ tree /tmp/
/tmp/
`-- 10.0.0.57
    `-- host.2013-05-2305:37:35

1 directory, 1 file

[lican@Center-A ~]$ cat /tmp/10.0.0.57/host.2013-05-2305\:37\:35 
# Do not remove the following line, or various programs
# that require network functionality will fail.
#127.0.0.1              CoreStu localhost.localdomain localhost
#::1            localhost6.localdomain6 localhost6
10.0.0.57       Client-B
10.0.0.56       Center-A
10.0.0.58       Client-C

 

posted @ 2013-08-14 22:24  木子吾雨  阅读(273)  评论(0)    收藏  举报