ssh passphraseテスト

前提条件

  VM   vclound   ssh  

テストターゲット

vclound   ssh key  
ssh key   passphrase  
  vclound  ,     key  ,   passphrase   vclound  

しけんきかい
ip address
role
192.168.209.100
controll server
192.168.209.101
sshテストオブジェクト
192.168.209.102
sshテストオブジェクト
192.168.209.103
sshテストオブジェクト
192.168.209.104
sshテストオブジェクト
ユーザーの作成

useradd vclound

vcloundユーザーのpassphraseの作成

[vclound@gz-controller-209100 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vclound/.ssh/id_rsa):
Created directory '/home/vclound/.ssh'.
Enter passphrase (empty for no passphrase):   <-   passphrase
Enter same passphrase again:                  <-   passphrase
Your identification has been saved in /home/vclound/.ssh/id_rsa.
Your public key has been saved in /home/vclound/.ssh/id_rsa.pub.
The key fingerprint is:
f4:d6:d0:03:c6:7c:b8:e8:54:80:57:d8:8f:1d:ce:68 vclound@gz-controller-209100.vclound.com
The key's randomart image is:
+--[ RSA 2048]----+
|       ..B+.     |
|      . o.*oo    |
|       ..o.Xo.   |
|       .o.Eo=.   |
|       oS.o .    |
|        ..       |
|                 |
|                 |
|                 |
+-----------------+

sshテストオブジェクトのvcloundユーザーの作成

[root@gz-controller-209100 ~]# ssh 192.168.209.101 useradd vclound
[root@gz-controller-209100 ~]# ssh 192.168.209.102 useradd vclound
[root@gz-controller-209100 ~]# ssh 192.168.209.103 useradd vclound
[root@gz-controller-209100 ~]# ssh 192.168.209.104 useradd vclound

ssh keyをsshテストオブジェクトに転送

[root@gz-controller-209100 ~]# ssh 192.168.209.101 mkdir /home/vclound/.ssh/
[root@gz-controller-209100 ~]# ssh 192.168.209.102 mkdir /home/vclound/.ssh/
[root@gz-controller-209100 ~]# ssh 192.168.209.103 mkdir /home/vclound/.ssh/
[root@gz-controller-209100 ~]# ssh 192.168.209.104 mkdir /home/vclound/.ssh/
[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub 192.168.209.101:/home/vclound/.ssh/authorized_keys
id_rsa.pub                                                                                  100%  422     0.4KB/s   00:00
[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub 192.168.209.102:/home/vclound/.ssh/authorized_keys
id_rsa.pub                                                                                  100%  422     0.4KB/s   00:00
[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub 192.168.209.103:/home/vclound/.ssh/authorized_keys
id_rsa.pub                                                                                  100%  422     0.4KB/s   00:00
[root@gz-controller-209100 ~]# scp /home/vclound/.ssh/id_rsa.pub 192.168.209.104:/home/vclound/.ssh/authorized_keys
id_rsa.pub                                                                                  100%  422     0.4KB/s   00:00

スクリプトテストの作成

[vclound@gz-controller-209100 ~]$ cat /home/vclound/ssh_test.sh
#!/bin/bash
# just test ssh login and show up ip address
# terry tsang

for id in 1 2 3 4
do
  ssh 192.168.209.10$id /sbin/ifconfig bond0 |  awk -F[:\ ] '/netmask/ {print $10}'
done

以下の実行方法を参照
注意:ssh-agent bashを実行すると、bashサブプロセスが生成され、ssh-addを使用してid_がインポートされます.rsa後、passphraseを入力し、鍵情報を現在のbashに保存し、スクリプトを実行した後、exitを実行してshellを終了することを推奨します.

[vclound@gz-controller-209100 ~]$ ssh-agent bash
[vclound@gz-controller-209100 ~]$ ssh-add /home/vclound/.ssh/id_rsa
Enter passphrase for /home/vclound/.ssh/id_rsa:   <-   passphrase
Identity added: /home/vclound/.ssh/id_rsa (/home/vclound/.ssh/id_rsa)
[vclound@gz-controller-209100 ~]$ ./ssh_test.sh
192.168.209.101
192.168.209.102
192.168.209.103
192.168.209.104

passphraseメソッドの変更

[vclound@gz-controller-209100 ~]$ ssh-keygen -p
Enter file in which the key is (/home/vclound/.ssh/id_rsa):    <-  
Enter old passphrase:                                          <-   passphrase 
Key has comment '/home/vclound/.ssh/id_rsa'
Enter new passphrase (empty for no passphrase):                <-   passphrase
Enter same passphrase again:                                   <-   passphrase
Your identification has been saved with the new passphrase.

新しいpassphraseのテスト

[vclound@gz-controller-209100 ~]$ ssh-agent bash
[vclound@gz-controller-209100 ~]$  ssh-add /home/vclound/.ssh/id_rsa
Enter passphrase for /home/vclound/.ssh/id_rsa:                           <-   passphrase 
Identity added: /home/vclound/.ssh/id_rsa (/home/vclound/.ssh/id_rsa)
[vclound@gz-controller-209100 ~]$ ./ssh_test.sh
192.168.209.101
192.168.209.102
192.168.209.103
192.168.209.104
[vclound@gz-controller-209100 ~]$ exit                                     <-   ssh-agent shell
exit
[vclound@gz-controller-209100 ~]$