SSH服务由服务端软件OpenSSH(openssl)和客户端(常见的有SSH(linux),SecureCRT,xshell,Putty)组成,SSH服务默认使用22端口提供服务,它有两个不兼容的SSH协议版本,分别是1.x和2.x.
SSH 1.x协议存在被黑客针对联机的Key pair插入恶意程序代码的风险,而SSH 2.x针对这个问题,多加了一个确认联机正确性的Diffie-Hellman机制,每次数据传输中,都会以该机制检查输出来源是否正确.
SSH的服务认证类型主要分为:
SSH连接其他服务器
ssh -p22 root@10.0.0.19 #被连接的主机
SSH通过远程连接执行命令
ssh -p22 root@10.0.0.10 /sbin/ifconfig eht0
ssh 链接主机记录信息位置
~/.ssh/known_hosts
ssh客户端文件拷贝至远端服务器
可以通过 -l 参数限制传输速度.
scp -P22 -rp /tmp/oldboy oldboy@10.0.0.9:/tmp/oldboy #方向由左至右
sftp功能?(不要用)
sftp无法显示登陆用户的目录,可以随时跳到别的目录
sftp -oPort=55555 oldboy@10.0.0.142
get(download) put(upload)
#确认系统版本信息
cat /etc/redhat-release
uname -r
uname -m
#添加批量分发账号
useradd fenfa (所有计算器创建分发账号)
echo 123456|passwd --stdin fenfa
#分发账号需要sudo授权rsync
echo "fenfa ALL=(ALL) NOPASSWD: /usr/bin/rsync" >>/etc/sudosers
visudo -c
#生成密钥对
ssh-keygen -t dsa
#查看密钥对
ls -l .ssh/
#分发密钥
ssh-copy-id -i .ssh/id_dsa.pub "-p fenfa@192.168.117.136"
#测试
ssh -p55555 fenfa@192.168.117.136 /sbin/ifconfig
增量,加密传输文件:
rsync -avz hosts -e 'ssh -p55555' fenfa@172.16.1.41:~
简单文件批量分发脚本(有待修改)
#!/bin/sh
. /etc/init.d/functions
if [ $# -ne 2 ]
then
echo "USAGE:/bin/sh $0 localfile remotedir"
exit 1
fi
for n in 1 2 3
do
scp -P55555 -r ~/$1 fenfa@192.168.117.$n:~ &>dev/null &&\
ssh -p55555 -t fenfa@192.168.117.$n sudo rsync ~/$1 $2 &>/dev/null
if [ $? -eq 0 ]
then
action "fenfa $1 192.$n is ok" /bin/true
else
action "fenfa $1 192.$n is false" /bin/false
fi
done
简单的批量查看脚本
#!/bin/sh
if [ $# -ne 1 ]
then
echo "USAGE:$0 COMMAND"
exit 1
fi
for n in 1 2 3
do
echo ============192.168.117.$n========
ssh -p55555 fenfa@192.168.117.$n $1
done
useradd key888
echo 123456|passwd --stdin key888
id key888
echo "key888 ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
visudo -c
su - key888
ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa >/dev/null 2>&1
yum install expect -y #只安装在管理机
ssh-copy-id -i.ssh/id_dsa.pub "-p 52113 key888@172.16.1.31"
fenfa_auto.sh
ssh_expect.exp
~/intall.sh
vi ssh_expect.exp
#!/usr/bin/expect
if { $argc != 2 }{
send_user "usage: expect ssh_expect.exp file host\n"
exit
}
#define var
set file [lindex $argv 0]
set host [lindex $argv 1]
set password "123456"
#spawn scp /etc/hosts root@10.0.0.142:/etc/hosts
#spawn scp -P55555 $file kendally@$host:$dir\n
spawn ssh-copy-id -i $file "-p 55555 key888@host"
expect {
"yes/no" {send "yes/r";exp_continue}
"*password"{send "$password\r"}
}
expect eof
exit -onexit {
send_user "kendall say good bye to you!\n"
}
#script usage
#expect kendall-6.exp file host
#expaple
#expect ssh_expect.exp file host
#expect ssh_expect.exp ~/.ssh/id_dsa.pub 172.16.1.31
vi fenfa_auto.sh
#!/bin/sh
. /etc/init.d/functions
shh-keygen -t dsa -P '' -f ~/.ssh/id_dsa >/dev/null 2>&1
if [ $? -eq 0 ];then
action "ccreat dsa $ip" /bin/true
else
action "create dsa $ip" /bin/false
exit 1
fi
for ip in 8 31 41
do
expect ssh_expect.exp ~/.ssh/id_dsa.pub 172.16.1.$ip >dev/null 2>&1
if [ $? -eq 0 ];then
action "$ip" /bin/true
else
action "$ip" /bin/false
fi
done
#dis fenfa scripts
for m in 8 31 41
do
scp -P55555 -rp ~/scripts key888@172.16.1.$m:~
done
#install service
for n in 8 31 41
do
ssh -t -p55555 key888@172.16.1.$n sudo /bin/bash ~/scripts/install.sh
done
vim intall.sh
yum install httpd -y