SSH password-free login
Three hosts:
master
slave01
slave02
Implement password-free ssh login from master to slave01 and slave02;
Two encryption methods for creating keys (rsa dsa), here use dsa to generate ssh public and private keys:
Common port distribution public key
special port distribution public key
The permissions of the .ssh directory are set to 700 (see the detailed settings in the /usr/bin/ssh-copy-id script)
The permissions of the authorized_keys file are set to 600
After password-free login, ssh executes commands directly on the remote machine
Summary of password-free login:
1) Password-free login verification is one-way;
2) Based on users, it is best not to cross different users;
3) The problem of slow ssh connection;
Reference: SSH remote connection service slow solution under linux ;
SSH batch distribution and management scheme
1 Use root for ssh key authentication
Pros: Simple, easy to use
Disadvantages: poor security, and cannot prohibit root remote connections.
2. Use ordinary users to do: first copy the distributed files to the server user's home directory, then sudo to escalate the rights, and copy them to the corresponding rights directory of the server.
Advantages: safety.
Disadvantages: complex configuration.
3 Same as program 2, but instead of using sudo, set suid to escalate privileges for fixed commands.
Pros: Relatively Safe
Disadvantages: complex, poor security. Anyone can process commands with suid privileges.
Batch management of enterprise-level production scenarios, automated management solutions
1 The simplest and most commonly used ssh key, the most powerful. Generally used by small and medium-sized enterprises, less than 50-100 units;
2 sina cfengine 较早的批量管理工具,现在基本没有企业使用了;
3门户级别比较流行的,puppet批量管理工具,复杂,笨重;
4 saltstack 批量管理工具,特点:简单,功能强大(配置复杂);
连接: