Saita Shigar da kalmar wucewa ta SSH don Sabis Masu Nesa da yawa Amfani da Rubutu

Tabbatar da tushen Key na SSH (wanda aka fi sani da ingantaccen maɓallin jama'a) yana ba da izini don ƙarancin kalmar sirri kuma yana da mafi aminci kuma mafi kyawun mafita fiye da tabbatar da kalmar sirri. Wata babbar fa'ida ta rashin amfani da kalmar sirri ta SSH, balle tsaro shi ne cewa yana bayar da damar sarrafa kansa ta nau'ikan nau'ikan ayyukan giciye-uwar garken.

A cikin wannan labarin, za mu nuna yadda za a ƙirƙiri maɓallin SSH guda biyu da kwafe maɓallin jama'a zuwa ga rundunonin Linux masu nisa a lokaci ɗaya, tare da rubutun harsashi.

Irƙiri Sabon Mabuɗin SSH a cikin Linux

Da farko, samar da maɓallan maɓallin SSH (maɓallin keɓaɓɓu/ainihi wanda abokin ciniki na SSH ke amfani da shi don tabbatar da kansa yayin shiga cikin sabar SSH mai nisa da maɓallin jama'a da aka adana azaman maɓallin izini a kan tsarin nesa mai tafiyar da sabar SSH) ta amfani da ssh- umarnin keygen kamar haka:

# ssh-keygen

Createirƙiri Rubutun Harshe don Mahimman Bayanan Nesa

Na gaba, ƙirƙirar rubutun harsashi wanda zai taimaka wajen kwafin maɓallin jama'a zuwa mahaɗan Linux masu nisa.

# vim ~/.bin/ssh-copy.sh

Kwafa da liƙa lambar mai zuwa a cikin fayil ɗin (maye gurbin masu canji masu zuwa daidai USER_NAME - sunan mai amfani don haɗawa da, HOST_FILE - fayil wanda ya ƙunshi jerin sunayen sunaye ko adiresoshin IP , da ERROR_FILE - fayil don adana duk kuskuren umarnin ssh).

#!/bin/bash
USER_NAME="root"
HOST_FILE="/root/hosts"
ERROR_FILE="/tmp/ssh-copy_error.txt"
PUBLIC_KEY_FILE="$1"

if [ ! -f  $PUBLIC_KEY_FILE ]; then
        echo "File '$PUBLIC_KEY_FILE' not found!"
        exit 1
fi

if [ ! -f $HOST_FILE ]; then
        echo "File '$HOST_FILE' not found!"
        exit 2
fi

for IP in `cat $HOST_FILE`; do
        ssh-copy-id -i $PUBLIC_KEY_FILE [email $IP 2>$ERROR_FILE
        RESULT=$?
        if [ $RESULT -eq 0 ]; then
                echo ""
                echo "Public key successfully copied to $IP"
                echo ""
        else
                echo "$(cat  $ERROR_FILE)"
                echo 
                exit 3
        fi
        echo ""
done

Adana fayil ɗin kuma rufe shi.

Sannan sanya rubutun aiwatarwa tare da umarnin chmod kamar yadda aka nuna.

# chmod +x ssh-copy.sh

Yanzu gudanar da ssh-copy.sh rubutun kuma saka fayil din maballin jama'a a matsayin hujja ta farko kamar yadda aka nuna a cikin hoton:

# ./ssh-copy.sh /root/.ssh/prod-rsa.pub

Na gaba, yi amfani da ssh-agent don sarrafa maɓallanku, wanda ke riƙe maɓallin keɓaɓɓen maɓallin keɓaɓɓu a cikin ƙwaƙwalwar ajiya kuma yana amfani da shi don tabbatar da hanyoyin. Bayan fara ssh-wakili , ƙara mabuɗin keɓaɓɓe gare shi kamar haka:

# eval "$(ssh-agent -s)"
# ssh-add  ~/.ssh/prod_rsa

Shiga cikin Nesa Linux Server ba tare da Kalmar wucewa ba

Yanzu zaku iya shiga kowane ɗayan rundunoninku masu nisa ba tare da samar da kalmar sirri don ingantaccen mai amfani na SSH ba. Wannan hanyar, zaku iya sarrafa ayyukan uwar garken ta atomatik.

# ssh [email 

Abin da muke da shi kenan! Idan kuna da wata gudummawa (s) don bayarwa musamman don inganta rubutun harsashi, sanar da mu ta hanyar hanyar bada martani a ƙasa.