安装部署

yum install openssh-*
#yum安装

禁止 root 登陆

sed -i "s/#PermitRootLogin yes/PermitRootLogin no/" /etc/ssh/sshd_config
#重启生效~

ssh 连接慢优化

sed -i "s/#UseDNS yes/UseDNS no/g" `grep '#UseDNS yes' -rl /etc/ssh/sshd_config`
sed -i "s/#AuthorizedKeysFile/AuthorizedKeysFile/" `grep '#AuthorizedKeysFile' -rl /etc/ssh/sshd_config`
sed -i "s/GSSAPIAuthentication yes/GSSAPIAuthentication no/g" `grep 'GSSAPIAuthentication yes' -rl /etc/ssh/sshd_config`
}

ssh 白名单

Allowusers root@192.168.18.18 
Allowusers newuers@192.168.1.0/24
#只允许192.168.18.18 ip地址并且以root身份登录
#只允许192.168.1.0网段以newusers用户身份登录

ssh 免密码登录

生成密钥

ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 直接回车

查看生成的秘钥

ll /root/.ssh/
-rw------- 1 root root 1675 Dec 9 13:26 id_rsa
-rw-r--r-- 1 root root 399 Dec 9 13:26 id_rsa.pub
访问者持私钥
hosta:/root/.ssh/id_rsa
被访问者存放公钥
hostb:/root/.ssh/authorized_keys

推送秘钥实例

方法 1

ssh-copy-id  -i 120.24.48.XX
#直接推送公钥到目标主机

方法 2

hostA:scp /root/.ssh/id_rsa.pub root@120.24.48.XX:/root/.ssh/
#拷贝公钥到目标主机

hostB:mv  /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
#更名
hostB:chmod 600 /root/.ssh/authorized_keys
#指定文件权限

测试

hostA: ssh  120.24.xx.xx
#直接ssh免登录
ssh 120.24.xx.xx -lroot  -i /home/save/id_rsa
#指定key去登录

批量推送公钥给目标主机

#!/bin/bash
yum install -y expect

安装 expect

# set_ssh_keys.sh
password="123123"     ## 主机的密码，每个主机的密码要求一样
auto_ssh_copy_id() {
    expect -c "set timeout -1;
    spawn ssh-copy-id -i $2;
    expect {
  *(yes/no)* {send -- yes\r;exp_continue;}
        *assword:* {send -- $1\r;exp_continue;}
        eof        {exit 0;}
    }";
}
for i in $(</root/hosts)  ##主机ip文件，一行一个
do
     auto_ssh_copy_id $password $i
done