CentOs7.3 ssh 免密登入
阿新 • • 發佈:2022-04-28
環境
三臺虛擬機器(IP):
- 192.168.252.121
- 192.168.252.122
- 192.168.252.123
1.修改主機名
修改三臺主機名,以此類推,node1,node3,node3
命令格式
hostnamectl set-hostname <hostname>
$ hostnamectl set-hostname node1
剩下的虛擬機器依次修改hostnamectl set-hostname[1-3]
重啟作業系統
$ reboot
2.修改對映關係
1.在 node1 的 /etc/hosts
檔案下新增如下內容
$ vi /etc/hosts
2.檢視修改後的/etc/hosts
檔案內容
$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# 以下是新增的
192.168.252.121 node1
192.168.252.122 node2
192.168.252.123 node3
2.將叢集node1 上的檔案hosts
檔案 通過 scp
$ for a in {1..3} ; do scp /etc/hosts node$a:/etc/hosts ; done
3.檢查是否叢集每一個節點的 hosts
檔案都已經修改過來了
$ for a in {1..3} ; do ssh node$a cat /etc/hosts ; done
3.啟動 ssh 無密登入
1.在叢集node1的 /etc/ssh/sshd_config
檔案去掉以下選項的註釋
$ vi /etc/ssh/sshd_config RSAAuthentication yes #開啟私鑰驗證 PubkeyAuthentication yes #開啟公鑰驗證
2.將叢集node1 修改後的 /etc/ssh/sshd_config
通過 scp
命令複製傳送到叢集的每一個節點
$ for a in {1..3} ; do scp /etc/ssh/sshd_config node$a:/etc/ssh/sshd_config ; done
4.生成公鑰、私鑰
1.在叢集的每一個節點節點輸入命令 ssh-keygen -t rsa -P ''
,生成 key,一律回車
$ ssh-keygen -t rsa -P ''
[root@node1 ~]# ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
22:42:2d:15:39:cc:f6:4a:9c:da:57:5b:55:b8:18:5d root@node1
The key's randomart image is:
+--[ RSA 2048]----+
| ooo . +E |
| o* . + |
| oo.+ + . |
| . .+ . . o . |
| .+....So |
| ..o.... |
| . |
| |
| |
+-----------------+
2.在叢集的node1 節點輸入命令
將叢集每一個節點的公鑰id_rsa.pub
放入到自己的認證檔案中authorized_keys
;
for a in {1..3}; do ssh node$a cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys; done
3.在叢集的node1 節點輸入命令
將自己的認證檔案 authorized_keys
` 通過 scp
命令複製傳送到每一個節點上去: /root/.ssh/authorized_keys
for a in {1..3}; do scp /root/.ssh/authorized_keys node$a:/root/.ssh/authorized_keys ; done
4.在叢集的每一個節點節點輸入命令
接重啟ssh服務
systemctl restart sshd.service
5.驗證 ssh 無密登入
5.開一個其他視窗測試下能否免密登陸
例如:在node3
[root@node3 ~]# ssh node1
The authenticity of host 'node1 (192.168.252.121)' can't be established.
ECDSA key fingerprint is ab:0f:08:20:3d:7a:11:05:ea:d9:b0:0c:9e:e1:d0:97.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node1,192.168.252.121' (ECDSA) to the list of known hosts.
Last login: Tue Aug 22 14:00:18 2017 from 192.168.252.1
exit
退出
[root@node1 ~]# exit
logout
Connection to node1 closed.
注意:開新的其他視窗測試下能否免密登陸,把當前視窗都關了
Contact
- 作者:鵬磊
- 出處:http://www.ymq.io
- Email:[email protected]
- 版權歸作者所有,轉載請註明出處
- Wechat:關注公眾號,搜雲庫,專注於開發技術的研究與知識分享