linux ssh 免密登录

发表于 | 分类于 | | 阅读次数 |
| 字数统计 806 | 阅读时长 4

环境

Linux版本 Oracle Linux Server release 6.5

三台虚拟机 192.168.229.115,192.168.229.116,192.168.229.117

修改主机名

修改三台主机名,以此类推,kiko1,kiko2,kiko3

1
# vim /etc/sysconfig/network

依次修改各机器的hostname

1
2
NETWORKING=yes
HOSTNAME=kiko1

修改完成后重启相应机器使主机名生效

1
#reboot

修改映射关系

  1. 在kiko1的/etc/hosts文件添加如下内容

    1
    2
    3
    192.168.229.115 kiko1
    192.168.229.116 kiko2
    192.168.229.117 kiko3

  2. 查看修改后的/etc/hosts文件内容

    1
    2
    3
    4
    5
    6
    [root@kiko1 ~]# cat /etc/hosts
    127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
    192.168.229.115 kiko1
    192.168.229.116 kiko2
    192.168.229.117 kiko3

  3. 将集群kiko1 上的文件hosts文件 通过 scp 命令复制发送到集群的每一个节点

    1
    # for a in {1..3} ; do scp /etc/hosts kiko$a:/etc/hosts ; done

  4. 检查是否集群每一个节点的 hosts 文件都已经修改过来

    1
    # for a in {1..3} ; do ssh kiko$a cat /etc/hosts ; done

启动ssh免密登录

  1. 在集群kiko1/etc/ssh/sshd_config 文件去掉以下选项的注释并保存

    1
    2
    3
    # vim /etc/ssh/sshd_config
    RSAAuthentication yes
    PubkeyAuthentication yes

  2. 将集群kiko1 修改后的 /etc/ssh/sshd_config 通过 scp 命令复制发送到集群的每一个节点

    1
    # for a in {1..3} ; do scp /etc/ssh/sshd_config kiko$a:/etc/ssh/sshd_config ; done

生成公钥、私钥

  1. 在集群的每一个节点节点输入命令 ssh-keygen -t rsa -P '',生成 key,一律回车

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    [root@kiko1 ~]#  ssh-keygen -t rsa -P ''
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa):
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.
    The key fingerprint is:
    ef:59:fa:c6:fa:da:b1:d3:ba:88:60:00:4a:35:c0:6f root@kiko1
    The key's randomart image is:
    +--[ RSA 2048]----+
    |...o             |
    | .. .            |
    | .o              |
    |.. E             |
    |. . .   S        |
    |     .   .       |
    |      o   ..o.   |
    |     . . o *+o.  |
    |        . B*B+   |
    +-----------------+

  2. 在集群的kiko1 节点输入命令

将集群每一个节点的公钥id_rsa.pub放入到自己的认证文件中authorized_keys;

1
for a in {1..3}; do ssh kiko$a cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys; done

  1. 在集群的kiko1 节点输入命令

将自己的认证文件 authorized_keys 通过 scp 命令复制发送到每一个节点上去: /root/.ssh/authorized_keys

1
for a in {1..3}; do scp /root/.ssh/authorized_keys kiko$a:/root/.ssh/authorized_keys ; done

  1. 在集群的每一个节点节点输入命令

接重启ssh服务

1
# service sshd restart

  1. 验证 ssh 免密登录

例如在kiko3机器 ssh登录kiko1

1
2
3
4
5
6
7
[root@kiko3 ~]# ssh kiko1
The authenticity of host 'kiko1 (192.168.229.115)' can't be established.
RSA key fingerprint is d9:33:04:3b:3a:d4:c3:1e:9e:bb:f1:bd:d9:bf:2a:3f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'kiko1,192.168.229.115' (RSA) to the list of known hosts.
Last login: Tue May  8 20:29:25 from kiko2
[root@kiko1 ~]#

表示登录成功

exit退出

1
2
3
[root@kiko1 ~]# exit
logout
Connection to kiko1 closed.

注意事项

在重启sshd服务时,只能选择service sshd restart命令重启,切记千万不要对sshd服务进程进行kill操作,再进行启动,因为当你kill掉sshd服务进程后,你远程登录的机器将会自动退出并永远无法登录。特别是linux服务器不受自己控制或在异地的时候,惨痛的教训

本文参考:CentOs7.3 ssh 免密登录