测试基于salt-ssh的密码及密钥
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了测试基于salt-ssh的密码及密钥相关的知识,希望对你有一定的参考价值。
这里先记录下下今天对salt-ssh关于密码以密钥的测试情况(后期完善)
操作系统版本: [[email protected] ~]# cat /etc/redhat-release CentOS release 6.7 (Final) 主机信息: master: 10.10.10.140(安装salt-ssh) node01: 10.10.10.141 node01:10.10.10.142
基于密码验证的测试过程:
a、安装epel源以及salt-ssh
[[email protected] ~]# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm [[email protected] ~]# yum -y install salt-ssh
b、配置salt-ssh配置文件
[[email protected] ~]# vim /etc/salt/roster node01: host: 10.10.10.141 user: root passwd: redhat12345 node02: host: 10.10.10.142 user: root passwd: redhat12345
c、使用salt-ssh进行测试
[[email protected] salt]# salt-ssh ‘*‘ test.ping [WARNING ] Failed to open log file, do you have permission to write to /var/log/salt/master? node01: True node02: True [[email protected] salt]# salt-ssh ‘*‘ cmd.run ‘uptime‘ [WARNING ] Failed to open log file, do you have permission to write to /var/log/salt/master? node01: 05:33:37 up 23 min, 1 user, load average: 0.17, 0.05, 0.02 node02: 21:33:42 up 23 min, 1 user, load average: 0.16, 0.06, 0.02 说明:这里由于我没有安装salt-master,出现没有日志文件权限的警告信息,可以忽略
基于密钥验证的测试过程:
a、配置免密钥登录:
[[email protected] ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 19:65:dc:fa:72:33:35:d6:81:18:e0:91:d3:ce:ce:0f [email protected] The key‘s randomart image is: +--[ RSA 2048]----+ | +*oo . | | .=oo.. . | | ..+. ..| | o.o + .| | S o. o . | | .E= | | ooo | | . | | | +-----------------+ [[email protected] ~]# scp ~/.ssh/id_rsa.pub [email protected]:/root/ [email protected]‘s password: id_rsa.pub 100% 407 0.4KB/s 00:00 [[email protected] ~]# scp ~/.ssh/id_rsa.pub [email protected]:/root/ [email protected]‘s password: id_rsa.pub 100% 407 0.4KB/s 00:00 [[email protected] ~]# cat id_rsa.pub >>~/.ssh/authorized_keys [[email protected] ~]# service sshd restart 停止 sshd: [确定] 正在启动 sshd: [确定] [[email protected] ~]# cat id_rsa.pub >>~/.ssh/authorized_keys [[email protected] ~]# service sshd restart 停止 sshd: [确定] 正在启动 sshd: [确定]
b、调整salt-ssh的配置文件
为了测试密钥登录,而不是在配置文件中写好密码登录,重新调整下/etc/salt/roster文件,将密码的部分注销掉 [[email protected] ~]# vim /etc/salt/roster # Sample salt-ssh config file node01: host: 10.10.10.141 node02: host: 10.10.10.142
c、基于密钥的配置:
[[email protected] ~]# ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub [email protected] Now try logging into the machine, with "ssh ‘[email protected]‘", and check in: .ssh/authorized_keys to make sure we haven‘t added extra keys that you weren‘t expecting. [[email protected] ~]# ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub [email protected] Now try logging into the machine, with "ssh ‘[email protected]‘", and check in: .ssh/authorized_keys to make sure we haven‘t added extra keys that you weren‘t expecting.
d、测试实验效果:
[[email protected] ~]# salt-ssh ‘*‘ cmd.run ‘df -h‘ [WARNING ] Failed to open log file, do you have permission to write to /var/log/salt/master? node02: Filesystem Size Used Avail Use% Mounted on /dev/sda5 14G 8.3G 4.6G 65% / tmpfs 932M 0 932M 0% /dev/shm /dev/sda1 190M 42M 139M 23% /boot /dev/sda3 2.0G 18M 1.8G 1% /tmp node01: Filesystem Size Used Avail Use% Mounted on /dev/sda5 14G 8.3G 4.6G 65% / tmpfs 932M 72K 932M 1% /dev/shm /dev/sda1 190M 42M 139M 23% /boot /dev/sda3 2.0G 18M 1.8G 1% /tmp
到此,salt-ssh的测试初步完成,参考资料:https://docs.saltstack.cn/topics/ssh/index.html
本文出自 “冰冻vs西瓜” 博客,请务必保留此出处http://molewan.blog.51cto.com/287340/1897832
以上是关于测试基于salt-ssh的密码及密钥的主要内容,如果未能解决你的问题,请参考以下文章
SaltStack的salt-ssh使用及LAMP状态设计部署