快速配置Linux-ssh互信
cd ~/.ssh
rm -f *
1、生成金鑰對
/usr/bin/ssh-keygen -t dsa
id_dsa.pub 公鑰 =》鎖 =》服務端
id_dsa 私鑰 =》鑰匙 =》客戶端
例如:
在節點node1,去ssh連線節點node2,則節點node1必須有節點2的公鑰。
1)node1拿著node2的公鑰,去連線node2;
2)node2收到請求連線,會用自己的私鑰去驗證公鑰,若驗證成功,則允許node1連線。
2、所有節點的公鑰id_dsa.pub生成一個檔案authorized_keys。
[root@AWS-BigData-Spark04-172-31-14-221 .ssh]# ll
total 16
-rw------- 1 root root 2517 Feb 18 04:10 authorized_keys
-rw------- 1 root root 668 Feb 18 04:07 id_dsa
-rw-r--r-- 1 root root 628 Feb 18 04:07 id_dsa.pub
-rw-r--r-- 1 root root 1776 Feb 18 04:22 known_hosts
以下每行是一個公鑰id_dsa.pub的內容:
cat > ~/.ssh/authorized_keys <<!--
ssh-dss AAAAB3NzaC1kc3MAAACBAI+QGLhpd/8GirORS2QYPlYjKLGnNCX5/bIxZBaUkdwdn60Te/Gy52v2jd2uLmaKw/xqidKlp6gxxJzQgVGfQ6eaOdDXCDM9SVTvq+vMMm1Mi5HbRwJXZXrVDOEsVxX0smzt+Fz4mqgJXfr0HokdgTTKpxNq6vfrY5y79T99QN9fAAAAFQCcLl0YycvUuX9Y6uBiDGgfvGjFNwAAAIBEi8pBvhtrB1vt6RcRMWpU9a2TCzYSBlcJZSGRE/XMYEk5IqjF+knDwwiyyOntnEkQXMOhRiclZBMHkkGBniCKeaqJ4QOZNL52ko/US3owBvN5myNSGX7DMjEs8J/jqoBGoEmAWr0x/Tw5B9CgyVeFKSzigqXbPSU5I5+LO3FqiAAAAIEAj2VzSbjT9177A5HnN7+JKq+nd9DArWZIek5phuK45OleH78DtYIqqDiK5IhIe3Ke55SZhdoLa0mUVKP46GFXHXy584ma4vJaDtF2zfjH0imAhxfF7TOjAoaE4zPr55oaiPtEFhVa4qXo4MJoUQ9gpLA+9SAxUzP/Wn87ai9aYr4= root@spark02
ssh-dss AAAAB3NzaC1kc3MAAACBAINvbeQTau4waH0DvpGET5g5oyeOhJ5bhSZVhwPKHC9KA0Q9SuIvryAPgb2DcfiaBgNcGN5X9Xv+h/M3WytraTDHF6EtZCjd+PssX3jlAM83GIbGXD0Qv+NLbIGLdewR413ggG7ss/idjb5gE+d88WDn14oWClfZR830k+77ed+dAAAAFQCKhqjeAnPcX3iQs/8IDZKM/u/ohQAAAIA+IKxK/OsW/vLX9S2P8hFO4pn+rE/OxvEAJTmxxVoejPp0VE9KoVhaaFeNE0Jxz3gNZimtbzZMPe+eSZ36FUY7tEQRLaBV2m5taBz28g7cTVHnyhZ1ddfmojHkiDSpcoB4Z+1u5mJmdhLqE9L7jsmiLkBXERdRFopJYhC98ba14QAAAIBJC16EEBZ4DZUoVE6b+Elg5T+TLD+Sde1+WtW08ZcN0hC9RTvjIp6UxW029cgy4/ct+y00OsymMzJc+YA9sq3M8xVUpc65JJ5eW6GpS3ggdDM5f4pRUBZwhsAQLGJCOISYTs/Ikboz48MjFtvZvGtQYwSmHsARhfAng6k4VblUaQ== root@spark03
ssh-dss AAAAB3NzaC1kc3MAAACBAOroxRmuhJ9Lkp7CoumuFOQVpR**5y92vL2K1VbbXbtGZzm6k4Zwh0FlZJf/qNnHq8AUFfhCXbU+vbBARk0c6GyLxT4mRRJ9N6C4lt21sSaNmc3kE6wHCYzLdQy5VonRT6YgFB/MPogtIO9MLTQ+yhMgHsH/MmA1+6zeDJ5N3iNAAAAFQC+yHZuwMh28iry6qF9bQ7o/DvtBQAAAIEAwyJRzqsWagNokmKpB/qNkCbMDVWxTBUnS4weu+HeJwvgxay7nPxGrZ0yZRmbClm9VGCi5Oevz28lk0QqkkpZ45GXPWj+dEW+kMxVUqanYJ0M+li04flf4J7k/CVdl12uqnRU4Atjau7DOpmr0jtezigi91yLwGNsEMuPefSCfiEAAACADXj43AB8MsRnOsQ8hdPN9ff95Tg0Anvnzb16lH8O0MoMWX2G1m4kwSTcYrZCgOTh7wWKvf7xjZpykqPgbb17HZMdgcmXUgXAoEyM3B5GWt7EZUfM1rBq1vLGfRkEzs1W6oymo73L4RinIt7A9jHKEDL0njLz/aP/tuQ+F3lLLPs= root@spark04
!
3、目錄檔案許可權
chmod 700 ~/.ssh
chmod 744 ~/.ssh/id_dsa.pub
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/id_dsa
4、測試ssh互信
for i in 1 2 3 4; do ssh spark0$i "date;hostname" ; done
5、hosts地址解析
cat >> /etc/hosts <<!--
10.31.14.222 spark01
10.31.14.223 spark02
10.31.14.220 spark03
10.31.14.221 spark04
!
6、若是root互信,注意ssh允許root登入。
ssh配置檔案:/etc/ssh/sshd_config
PermitRootLogin yes
# Only allow root to run commands over ssh, no shell
#PermitRootLogin forced-commands-only
--平滑重啟ssh
/etc/init.d/sshd reload
rm -f *
1、生成金鑰對
/usr/bin/ssh-keygen -t dsa
id_dsa.pub 公鑰 =》鎖 =》服務端
id_dsa 私鑰 =》鑰匙 =》客戶端
例如:
在節點node1,去ssh連線節點node2,則節點node1必須有節點2的公鑰。
1)node1拿著node2的公鑰,去連線node2;
2)node2收到請求連線,會用自己的私鑰去驗證公鑰,若驗證成功,則允許node1連線。
2、所有節點的公鑰id_dsa.pub生成一個檔案authorized_keys。
[root@AWS-BigData-Spark04-172-31-14-221 .ssh]# ll
total 16
-rw------- 1 root root 2517 Feb 18 04:10 authorized_keys
-rw------- 1 root root 668 Feb 18 04:07 id_dsa
-rw-r--r-- 1 root root 628 Feb 18 04:07 id_dsa.pub
-rw-r--r-- 1 root root 1776 Feb 18 04:22 known_hosts
以下每行是一個公鑰id_dsa.pub的內容:
cat > ~/.ssh/authorized_keys <<!--
ssh-dss AAAAB3NzaC1kc3MAAACBAI+QGLhpd/8GirORS2QYPlYjKLGnNCX5/bIxZBaUkdwdn60Te/Gy52v2jd2uLmaKw/xqidKlp6gxxJzQgVGfQ6eaOdDXCDM9SVTvq+vMMm1Mi5HbRwJXZXrVDOEsVxX0smzt+Fz4mqgJXfr0HokdgTTKpxNq6vfrY5y79T99QN9fAAAAFQCcLl0YycvUuX9Y6uBiDGgfvGjFNwAAAIBEi8pBvhtrB1vt6RcRMWpU9a2TCzYSBlcJZSGRE/XMYEk5IqjF+knDwwiyyOntnEkQXMOhRiclZBMHkkGBniCKeaqJ4QOZNL52ko/US3owBvN5myNSGX7DMjEs8J/jqoBGoEmAWr0x/Tw5B9CgyVeFKSzigqXbPSU5I5+LO3FqiAAAAIEAj2VzSbjT9177A5HnN7+JKq+nd9DArWZIek5phuK45OleH78DtYIqqDiK5IhIe3Ke55SZhdoLa0mUVKP46GFXHXy584ma4vJaDtF2zfjH0imAhxfF7TOjAoaE4zPr55oaiPtEFhVa4qXo4MJoUQ9gpLA+9SAxUzP/Wn87ai9aYr4= root@spark02
ssh-dss AAAAB3NzaC1kc3MAAACBAINvbeQTau4waH0DvpGET5g5oyeOhJ5bhSZVhwPKHC9KA0Q9SuIvryAPgb2DcfiaBgNcGN5X9Xv+h/M3WytraTDHF6EtZCjd+PssX3jlAM83GIbGXD0Qv+NLbIGLdewR413ggG7ss/idjb5gE+d88WDn14oWClfZR830k+77ed+dAAAAFQCKhqjeAnPcX3iQs/8IDZKM/u/ohQAAAIA+IKxK/OsW/vLX9S2P8hFO4pn+rE/OxvEAJTmxxVoejPp0VE9KoVhaaFeNE0Jxz3gNZimtbzZMPe+eSZ36FUY7tEQRLaBV2m5taBz28g7cTVHnyhZ1ddfmojHkiDSpcoB4Z+1u5mJmdhLqE9L7jsmiLkBXERdRFopJYhC98ba14QAAAIBJC16EEBZ4DZUoVE6b+Elg5T+TLD+Sde1+WtW08ZcN0hC9RTvjIp6UxW029cgy4/ct+y00OsymMzJc+YA9sq3M8xVUpc65JJ5eW6GpS3ggdDM5f4pRUBZwhsAQLGJCOISYTs/Ikboz48MjFtvZvGtQYwSmHsARhfAng6k4VblUaQ== root@spark03
ssh-dss AAAAB3NzaC1kc3MAAACBAOroxRmuhJ9Lkp7CoumuFOQVpR**5y92vL2K1VbbXbtGZzm6k4Zwh0FlZJf/qNnHq8AUFfhCXbU+vbBARk0c6GyLxT4mRRJ9N6C4lt21sSaNmc3kE6wHCYzLdQy5VonRT6YgFB/MPogtIO9MLTQ+yhMgHsH/MmA1+6zeDJ5N3iNAAAAFQC+yHZuwMh28iry6qF9bQ7o/DvtBQAAAIEAwyJRzqsWagNokmKpB/qNkCbMDVWxTBUnS4weu+HeJwvgxay7nPxGrZ0yZRmbClm9VGCi5Oevz28lk0QqkkpZ45GXPWj+dEW+kMxVUqanYJ0M+li04flf4J7k/CVdl12uqnRU4Atjau7DOpmr0jtezigi91yLwGNsEMuPefSCfiEAAACADXj43AB8MsRnOsQ8hdPN9ff95Tg0Anvnzb16lH8O0MoMWX2G1m4kwSTcYrZCgOTh7wWKvf7xjZpykqPgbb17HZMdgcmXUgXAoEyM3B5GWt7EZUfM1rBq1vLGfRkEzs1W6oymo73L4RinIt7A9jHKEDL0njLz/aP/tuQ+F3lLLPs= root@spark04
!
3、目錄檔案許可權
chmod 700 ~/.ssh
chmod 744 ~/.ssh/id_dsa.pub
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/id_dsa
4、測試ssh互信
for i in 1 2 3 4; do ssh spark0$i "date;hostname" ; done
5、hosts地址解析
cat >> /etc/hosts <<!--
10.31.14.222 spark01
10.31.14.223 spark02
10.31.14.220 spark03
10.31.14.221 spark04
!
6、若是root互信,注意ssh允許root登入。
ssh配置檔案:/etc/ssh/sshd_config
PermitRootLogin yes
# Only allow root to run commands over ssh, no shell
#PermitRootLogin forced-commands-only
--平滑重啟ssh
/etc/init.d/sshd reload
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/22661144/viewspace-1990505/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- oracle手動配置互信Oracle
- 配置系統間互信
- oracle RAC手動配置互信Oracle
- linux環境下ssh 互信配置Linux
- Linux系統互信ssh的配置方法Linux
- 兩臺Linux伺服器之間配置互信Linux伺服器
- 建立Linux的互信Linux
- 利用Python Fabric配置主機間SSH互信和新增公鑰薦Python
- Linux/Unix shell內嵌expect自動配置多臺主機SSH互信Linux
- linux主機互信操作Linux
- linux雙機互信設定Linux
- gbase叢集管理之伺服器配置互信及C3工具安裝伺服器
- 快速清空埠上的配置
- Laravel 快速配置dingo/apiLaravelGoAPI
- 快速入門vue-cli配置Vue
- 訊息型別快速配置型別
- oracle aix平臺19c rac互信不通案例OracleAI
- 三臺linux機器做ssh互信的方法Linux
- Linux 搭建互信後,仍需要密碼驗證Linux密碼
- webpack介紹以及快速配置上手Web
- Web | 快速整合華為AGC遠端配置WebGC
- 簡明快速配置 Rust 工具鏈Rust
- 快速安裝配置 GitLab 並漢化Gitlab
- 快速打造簡易高效的webpack配置Web
- 用實驗快速配置VsftpFTP
- 快速配置 webpack 多入口腳手架Web
- 【筆記】Ubuntu 20.04 快速配置 SSH筆記Ubuntu
- 開發環境配置pyenv快速入門開發環境
- 快速自定義Cordova外掛(-配置檔案)
- Poechant快速安裝配置教程:Eclipse + SVNEclipse
- 網路配置檔案快速解讀(轉)
- 19c rhel7 GI安裝 互信配置報錯 INS-44000 INS-44015 INS-06006
- linux下SCP無密碼傳輸(建立互信關係)Linux密碼
- Linux 作業系統配置互信認證後,登入仍然需要輸入使用者密碼的解決辦法Linux作業系統密碼
- Dubbo | Dubbo快速上手筆記 - 環境與配置筆記
- Spring Boot redis分散式session快速配置Spring BootRedis分散式Session
- VS Code C++ 專案快速配置模板C++
- Flask快速入門day 01(flask介紹、快速使用、配置檔案、路由系統)Flask路由