测试基于salt-ssh的密码及密钥
这里先记录下下今天对salt-ssh关于密码以密钥的测试情况(后期完善)1
2
3
4
5
6
7
操作系统版本:
# cat /etc/redhat-release
CentOS release 6.7 (Final)
主机信息:
master: 10.10.10.140(安装salt-ssh)
node01: 10.10.10.141
node01:10.10.10.142
基于密码验证的测试过程:
a、安装epel源以及salt-ssh
1
2
# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# yum -y install salt-ssh
b、配置salt-ssh配置文件
1
2
3
4
5
6
7
8
9
# vim /etc/salt/roster
node01:
host: 10.10.10.141
user: root
passwd: redhat12345
node02:
host: 10.10.10.142
user: root
passwd: redhat12345
c、使用salt-ssh进行测试
1
2
3
4
5
6
7
8
9
10
11
12
13
# salt-ssh '*' test.ping
Failed to open log file, do you have permission to write to /var/log/salt/master?
node01:
True
node02:
True
# salt-ssh '*' cmd.run 'uptime'
Failed to open log file, do you have permission to write to /var/log/salt/master?
node01:
05:33:37 up 23 min,1 user,load average: 0.17, 0.05, 0.02
node02:
21:33:42 up 23 min,1 user,load average: 0.16, 0.06, 0.02
说明:这里由于我没有安装salt-master,出现没有日志文件权限的警告信息,可以忽略
基于密钥验证的测试过程:
a、配置免密钥登录:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
19:65:dc:fa:72:33:35:d6:81:18:e0:91:d3:ce:ce:0f root@master.saltstack.com
The key's randomart image is:
+--[ RSA 2048]----+
| +*oo .|
| .=oo.. . |
| ..+. ..|
| o.o+ .|
| S o. o . |
| .E= |
| ooo |
| . |
| |
+-----------------+
# scp ~/.ssh/id_rsa.pub root@10.10.10.141:/root/
root@10.10.10.141's password:
id_rsa.pub 100%407 0.4KB/s 00:00
# scp ~/.ssh/id_rsa.pub root@10.10.10.142:/root/
root@10.10.10.142's password:
id_rsa.pub 100%407 0.4KB/s 00:00
# cat id_rsa.pub >>~/.ssh/authorized_keys
# service sshd restart
停止 sshd: [确定]
正在启动 sshd: [确定]
# cat id_rsa.pub >>~/.ssh/authorized_keys
# service sshd restart
停止 sshd: [确定]
正在启动 sshd: [确定]
b、调整salt-ssh的配置文件
1
2
3
4
5
6
7
为了测试密钥登录,而不是在配置文件中写好密码登录,重新调整下/etc/salt/roster文件,将密码的部分注销掉
# vim /etc/salt/roster
# Sample salt-ssh config file
node01:
host: 10.10.10.141
node02:
host: 10.10.10.142
c、基于密钥的配置:
1
2
3
4
5
6
7
8
# ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub root@10.10.10.141
Now try logging into the machine, with "ssh 'root@10.10.10.141'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
# ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub root@10.10.10.142
Now try logging into the machine, with "ssh 'root@10.10.10.142'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
d、测试实验效果:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# salt-ssh '*' cmd.run 'df -h'
Failed to open log file, do you have permission to write to /var/log/salt/master?
node02:
Filesystem SizeUsed Avail Use% Mounted on
/dev/sda5 14G8.3G4.6G65% /
tmpfs 932M 0932M 0% /dev/shm
/dev/sda1 190M 42M139M23% /boot
/dev/sda3 2.0G 18M1.8G 1% /tmp
node01:
Filesystem SizeUsed Avail Use% Mounted on
/dev/sda5 14G8.3G4.6G65% /
tmpfs 932M 72K932M 1% /dev/shm
/dev/sda1 190M 42M139M23% /boot
/dev/sda3 2.0G 18M1.8G 1% /tmp
到此,salt-ssh的测试初步完成,参考资料:https://docs.saltstack.cn/topics/ssh/index.html
{:6_408:}
页:
[1]