自动生成SSH秘钥并设置免密登录
自动生成SSH秘钥并设置免密登录
#!/bin/bash
# 仅在Centos 7上测试通过,需要root权限
# 本脚本使用ssh-keygen 命令生成密钥
# 本脚本需要在服务器安装sshd服务才能执行
# 作者:WaterBear 手动安装请查看文章:https://waterbear.pw/2051.html
# 定义变量
passphrase=无
backupdir=/root/backup_keygen
next=Y
if [ $UID -ne 0 ];then
echo "需要root权限才能执行该脚本!"
exit 1
fi
# 选择安装keygen密钥类型
while :
do
printf "
=======================================
1) 快速生成安装keygen密钥(无passphrase)
2) 快速生成安装keygen密钥(有passphrase)
3) Exit
=======================================
"
read -p "请选择输入1|2|3:(default 1) " num
# echo "num = $num"
filename=`date +%Y-%m-%d_%H:%M:%S`
backupdir=/root/backup_keygen
if [ "$num" == "1" ] || [ -z "$num" ];then
echo "你选择执行操作为:1"
echo -e "\e[34m 快速生成安装keygen密钥(无passphrase)!\e[0m"
elif [ "$num" == "2" ];then
echo "你选择执行操作为:2"
echo -e "\e[34m 快速生成安装keygen密钥(有passphrase)!\e[0m"
read -p "请输入密钥锁码:passphrase= " passphrase
elif [ "$num" == "3" ];then
echo -e "\e[31m 程序退出!\e[0m"
break
else
clear
echo -e "\033[31m 输入参数错误,需要重新输入!\033[0m"
continue
fi
echo -e "当前输入密钥锁码passphrase为:\033[34m $passphrase \033[0m "
read -p "确认无误请输入Y|y;输入错误需要重新输入请输入N|n。(default Y)" next
if [ "$next" == "Y" ] || [ "$next" == "Y" ] || [ -z "$next" ];then
echo -e "\e[34m 执行快速生成安装keygen密钥中!\e[0m"
break
else
clear
continue
fi
done
# 生成安装keygen密钥
case $num in
1)
ssh-keygen -t rsa -N "" -C "${HOSTNAME}_key" -f /root/.ssh/$filename &> keygen.log
;;
2)
ssh-keygen -t rsa -N $passphrase -C "${HOSTNAME}_key" -f /root/.ssh/$filename &> keygen.log
echo "密钥锁码passphrase为:$passphrase" > /root/.ssh/$filename_passphrase.txt
;;
3)
exit 1
;;
*)
ssh-keygen -t rsa -N "" -C "${HOSTNAME}_key" -f /root/.ssh/$filename &> keygen.log
esac
cd /root/.ssh
cat $filename.pub >> authorized_keys
chmod 600 authorized_keys
chmod 700 ~/.ssh
sed -i '/#PubkeyAuthentication yes/i\RSAAuthentication yes\' /etc/ssh/sshd_config
sed -i '/#PubkeyAuthentication yes/c\PubkeyAuthentication yes\' /etc/ssh/sshd_config
systemctl restart sshd
tar zcvf ./${filename}.tar.gz ./${filename}*
if [ ! -d $backupdir ];then
mkdir -p $backupdir
fi
mv ./${filename}.tar.gz $backupdir
echo -e "\033[32m 服务器端密钥安装完成! \033[0m"
printf "
================================================================
密钥相关信息如下:
私钥文件名:$filename
公钥文件名:$filename.pub
密钥锁码:$passphrase
私钥、公钥备份压缩包位置:$backupdir/${filename}.tar.gz
================================================================
"
echo -e "\033[31m 请下载密钥文件确认密钥是否可以正常使用ssh登录,以下安全设置将关闭ssh密码登陆!\033[0m"
# 安全设置,关闭sshd服务密码登陆
while :
do
read -p "继续安全设置请输入Y|y,取消安全设置请输入N|n。(default Y)" next
if [ "$next" == "Y" ] || [ "$next" == "y" ] || [ -z $next ];then
echo "你选择执行操作为:Y"
echo -e "\e[34m 即将执行关闭ssh密码登陆!\e[0m"
else
echo "你选择执行操作为:N"
echo -e "\e[34m ssh密码登陆将保留,不执行关闭密码登陆操作!\e[0m"
exit 0
fi
read -p "确认无误请输入Y|y;输入错误需要重新输入请输入N|n。(default Y)" next
if [ "$next" == "Y" ] || [ "$next" == "y" ] || [ -z $next ];then
echo -e "\e[33m 执行关闭ssh密码登陆操作中!\e[0m"
break
else
clear
continue
fi
clear
done
# 执行关闭sshd服务密码登陆
sed -i '/PasswordAuthentication yes/d' /etc/ssh/sshd_config
sed -i '/#PermitEmptyPasswords no/i\#PasswordAuthentication no\' /etc/ssh/sshd_config
sed -i '/#PermitEmptyPasswords no/a\PasswordAuthentication no\' /etc/ssh/sshd_config
systemctl restart sshd
if [ $? -eq 0 ];then
echo -e "\033[32m 执行关闭ssh密码登陆成功!\033[0m"
else
echo -e "\033[31m 执行关闭ssh密码登陆失败!\033[0m"
fi
共有 0 条评论