赞
踩
我们这里会有两种配置ssh
免密登录的设置,第一种较为简单,几行代码即可完成;第二行虽然较为复杂但是可以帮助理解ssh
的原理,具体使用哪一个来作为配置,可以看自己的选择
实现SSH
登录需要openssh
和rsync
两个服务
查看是否安装openssh
[root@master ~]# rpm -qa | grep openssh
openssh-7.4p1-11.el7.x86_64
openssh-server-7.4p1-11.el7.x86_64
openssh-clients-7.4p1-11.el7.x86_64
查看是否安装rsync
[root@master ~]# rpm -qa | grep rsync
rsync-3.1.2-10.el7.x86_64
如果没有下载,可使用下面命令来进行下载
rpm -i openssh-2.1.1p4-1.i386.rpm # 下载openssh
yum -y install rsync # 下载rsync
命令:ssh-keygen -t rsa
,连续回车四次
使用命令将公钥分发到本机节点上:ssh-copy-id localhost
使用命令将公钥分发到slave1节点:ssh-copy-id slave
注:三个节点的公钥需要交互分发
我们在此只示范一个节点的安装过程,其他节点都是重复操作就不示范了
生成密钥对
ssh-keygen -t rsa -P ''
[root@master ~]# ssh-keygen -t rsa -P '' Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:WiHS79X6u98d1WUR9FfJ5n3bbQC5ebvHK6zcj4X8Gzw root@master The key's randomart image is: +---[RSA 2048]----+ | .o++| | . o ++| | . o . +o *| | . o . .o oo*| | S . .. oB| | + . .. +.=| | . . . .o E | | ...o=.B| | o=*+*=| +----[SHA256]-----+
不需要操作,回车即可
查看/root
下是否有".ssh"文件夹,且".ssh"文件下是否有两个刚生产的无密码密钥对。,因为我是使用root
用户来配置的,所以在这目录下,若你使用的时其他用户,则需要在/home/User
目录下寻找.ssh
目录
[root@master .ssh]# pwd
/root/.ssh
[root@master .ssh]# ll
total 8
-rw-------. 1 root root 1675 Mar 16 16:02 id_rsa
-rw-r--r--. 1 root root 393 Mar 16 16:02 id_rsa.pub
将 id_rsa.pub
追加到授权key
文件中
cat id_rsa.pub >> authorized_keys
修改文件权限,若使用的时管理员用户则不需要
chmod 600 authorized_keys
修改SSH
配置文件"/etc/ssh/sshd_config
"的下列内容,需要将该配置字段前面的#
号删除,启用公钥私钥配对认证方式。
PubkeyAuthentication yes
重启服务
systemctl restart sshd
尝试本机嵌套登录,如能不输入密码就表示本机通过密钥登陆验证成功
[root@master .ssh]# ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:Hr69gEn5JbaH3pZPvyJ9qhzyCzPYIyleYQyqA+vPz3U.
ECDSA key fingerprint is MD5:f6:f4:9e:7d:c5:b1:8f:68:db:a3:49:66:05:6e:e4:c4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
Last login: Wed Mar 16 15:41:55 2022 from 192.168.0.1
将 Master
节点的公钥id_rsa.pub
复制到每个 Slave
点,注意不要复制到相同目录下,否则会直接覆盖,建议放到前一个目录
scp id_rsa.pub root@slave1:/root/
[root@master .ssh]# scp id_rsa.pub root@slave1:/root/
The authenticity of host 'slave1 (192.168.0.163)' can't be established.
ECDSA key fingerprint is SHA256:HCyXDBNPToF3n/6WgB/Sj8M9z3IHaGy8CRVTJY6YqQs.
ECDSA key fingerprint is MD5:2e:16:4d:94:00:05:ff:c5:8e:13:08:6a:6a:a9:02:f8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave1,192.168.0.163' (ECDSA) to the list of known hosts.
root@slave1's password:
id_rsa.pub 100% 393 314.0KB/s 00:00
在每个Slave
点把 Master
节点复制的公钥复制到 authorized_keys
文件
cat id_rsa.pub >> .ssh/authorized_keys
删除文件
rm -fr id_rsa.pub
将slave1
的公钥发送到master
scp .ssh/id_rsa.pub root@master:/root/
The authenticity of host 'master (192.168.0.162)' can't be established.
ECDSA key fingerprint is SHA256:Hr69gEn5JbaH3pZPvyJ9qhzyCzPYIyleYQyqA+vPz3U.
ECDSA key fingerprint is MD5:f6:f4:9e:7d:c5:b1:8f:68:db:a3:49:66:05:6e:e4:c4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'master,192.168.0.162' (ECDSA) to the list of known hosts.
root@master's password:
id_rsa.pub 100% 393 493.3KB/s 00:00
在 Master
节点把从 Slave
节点复制的公钥复制到 authorized_keys
文件
cat id_rsa.pub >> .ssh/authorized_keys
删除文件
rm -fr id_rsa.pub
查看master
节点的authorized_keys
文件,可以发现有两个公钥
[root@master ~]# cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIgiraYbUS+wal7gSzx/kpuZ+ZPnE1Tc+u1QVi25i3ZgoBTOFqjTv973xy3ueExn1udYGmhDDB+vXFxNs2AIgXZEoEpgZAz2kcAEJBjkXT0p8sYXgaliMMFNP8dwiJTCs/YIDol+KIIkIwa3WbQoVEc1zQH1+Xr1Rto1IgLXPRgXO3IMfmX7nqc2ZMdBt0OaPDf2NtBI3e/QDEa59f6J+ge4r8MPuc9C51MeU6NPr20A99Psy1Jbvrr7/Fb2pLxnfne50+4DYjsGPztOgHuQFWoAQ+LDUW6Xhbs5Ig8bUEHt1AILwyNwagJvcsGIvp3wOQt+HRHxJCoAjgPeFsFwJF root@master
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoPA9uCf/PmUgbpmbPF13VvIwJiSHqAVIpffylbk2g+mEJQMnLxmYv4AVsdc3Wjul2rUMoQh4RPeMFFFincrYFN88DA6SF0F9ZNQOy+6p7CWxLd24hrsn7J69Pab0HxIlMAng8zKjAxZKAOBWyih1nJzqf3UHNdAeZkoe8MbNf6jTXM67vGa0V0FUFU/GvX6st8fLDbROKB8kh1N2X/qLNFiDgxY3Vm1rgN4cDGhs/UqugOHgwnvUScUkjoDQyGn/vYfgHxThHoF+Dv57Xa+bjyUbMmIQYgH7xR/V25F3iU6no3P0LmWsVc4uTTZwdcsPpxMcAfDFL+u5cnivtKrdj root@slave1
这时可以从master
节点来登录slave
[root@master ~]# ssh slave1
Last login: Tue Mar 15 12:18:56 2022 from ::1
[root@slave1 ~]#
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。