ssh passphrase 测试

前提

本文用于针对云平台下的 VM 中的 vclound 用户利用 ssh 密钥登录进行的测试
1
1

测试目标

vclound 用户需要利用 ssh key 进行登录
ssh key 验证时需要输入 passphrase 进行校验
在脚本中需要对多台电脑进行 vclound 用户登录测试时候,   进行 key 校验过程中, 只需要输入一次 passphrase 即可同时以 vclound 用户登录多台电脑
1
2
3
1
2
3

测试机器

ip address	role
192.168.209.100	controll server
192.168.209.101	ssh 测试对象
192.168.209.102	ssh 测试对象
192.168.209.103	ssh 测试对象
192.168.209.104	ssh 测试对象

创建用户

useradd vclound
1
1

为 vclound 用户创建 passphrase

[vclound@gz-controller-209100 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vclound/.ssh/id_rsa):
Created directory '/home/vclound/.ssh'.
Enter passphrase (empty for no passphrase):   <- 输入 passphrase
Enter same passphrase again:                  <- 重复输入 passphrase
Your identification has been saved in /home/vclound/.ssh/id_rsa.
Your public key has been saved in /home/vclound/.ssh/id_rsa.pub.
The key fingerprint is:
f4:d6:d0:03:c6:7c:b8:e8:54:80:57:d8:8f:1d:ce:68 vclound@gz-controller-209100.vclound.com
The key's randomart image is:
+--[ RSA 2048]----+
|       ..B+.     |
|      . o.*oo    |
|       ..o.Xo.   |
|       .o.Eo=.   |
|       oS.o .    |
|        ..       |
|                 |
|                 |
|                 |
+-----------------+
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

为 ssh 测试对象创建 vclound 用户

[root@gz-controller-209100 ~]# ssh 192.168.209.101 useradd vclound
[root@gz-controller-209100 ~]# ssh 192.168.209.102 useradd vclound
[root@gz-controller-209100 ~]# ssh 192.168.209.103 useradd vclound
[root@gz-controller-209100 ~]# ssh 192.168.209.104 useradd vclound
1
2
3
4
1
2
3
4

传输 ssh key 到 ssh 测试对象

[root@gz-controller-209100 ~]# ssh 192.168.209.101 mkdir /home/vclound/.ssh/
[root@gz-controller-209100 ~]# ssh 192.168.209.102 mkdir /home/vclound/.ssh/
[root@gz-controller-209100 ~]# ssh 192.168.209.103 mkdir /home/vclound/.ssh/
[root@gz-controller-209100 ~]# ssh 192.168.209.104 mkdir /home/vclound/.ssh/
[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub  192.168.209.101:/home/vclound/.ssh/authorized_keys
id_rsa.pub                                                                                  100%  422     0.4KB/s   00:00
[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub  192.168.209.102:/home/vclound/.ssh/authorized_keys
id_rsa.pub                                                                                  100%  422     0.4KB/s   00:00
[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub  192.168.209.103:/home/vclound/.ssh/authorized_keys
id_rsa.pub                                                                                  100%  422     0.4KB/s   00:00
[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub  192.168.209.104:/home/vclound/.ssh/authorized_keys
id_rsa.pub                                                                                  100%  422     0.4KB/s   00:00
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3
4
5
6
7
8
9
10
11
12

创建脚本测试

[vclound@gz-controller-209100 ~]$ cat /home/vclound/ssh_test.sh
#!/bin/bash
# just test ssh login and show up ip address
# terry tsang

for id in 1 2 3 4
do
  ssh 192.168.209.10$id /sbin/ifconfig bond0 |  awk -F[:\ ] '/netmask/ {print $10}'
done
1
2
3
4
5
6
7
8
9
1
2
3
4
5
6
7
8
9

参见下面执行方法

注: 在执行 ssh-agent bash 后, 将会产生 bash 子进程, 并且利用 ssh-add 导入 id_rsa 后, 将需要输入 passphrase , 并把密钥信息保存到当前 bash 中, 在执行脚本后, 建议执行 exit 退出该 shell

[vclound@gz-controller-209100 ~]$ ssh-agent bash
[vclound@gz-controller-209100 ~]$ ssh-add /home/vclound/.ssh/id_rsa
Enter passphrase for /home/vclound/.ssh/id_rsa:   <- 输入 passphrase
Identity added: /home/vclound/.ssh/id_rsa (/home/vclound/.ssh/id_rsa)
[vclound@gz-controller-209100 ~]$ ./ssh_test.sh
192.168.209.101
192.168.209.102
192.168.209.103
192.168.209.104
1
2
3
4
5
6
7
8
9
1
2
3
4
5
6
7
8
9

修改 passphrase 方法

[vclound@gz-controller-209100 ~]$ ssh-keygen -p
Enter file in which the key is (/home/vclound/.ssh/id_rsa):    <- 输入私钥存放位置
Enter old passphrase:                                          <- 输入旧的 passphrase 
Key has comment '/home/vclound/.ssh/id_rsa'
Enter new passphrase (empty for no passphrase):                <- 输入新的 passphrase
Enter same passphrase again:                                   <- 重复输入新的 passphrase
Your identification has been saved with the new passphrase.
1
2
3
4
5
6
7
1
2
3
4
5
6
7

测试新 passphrase

[vclound@gz-controller-209100 ~]$ ssh-agent bash
[vclound@gz-controller-209100 ~]$  ssh-add /home/vclound/.ssh/id_rsa
Enter passphrase for /home/vclound/.ssh/id_rsa:                           <- 输入新的 passphrase 
Identity added: /home/vclound/.ssh/id_rsa (/home/vclound/.ssh/id_rsa)
[vclound@gz-controller-209100 ~]$ ./ssh_test.sh
192.168.209.101
192.168.209.102
192.168.209.103
192.168.209.104
[vclound@gz-controller-209100 ~]$ exit                                     <- 退出 ssh-agent shell
exit
[vclound@gz-controller-209100 ~]$
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3
4
5
6
7
8
9
10
11
12