CentOs7.3 ssh 免密登入 post 2018年1月4日13:39:46

環境

VMware版本號：12.0.0

CentOS版本：CentOS 7.3.1611

三臺虛擬機器(IP)：

192.168.252.121
192.168.252.122
192.168.252.123

1.修改主機名

修改三臺主機名，以此類推，node1，node3，node3

命令格式
hostnamectl set-hostname <hostname>


$ hostnamectl set-hostname node1

剩下的虛擬機器依次修改hostnamectl set-hostname[1-3]

重啟作業系統

$ reboot

2.修改對映關係

1.在 node1 的 /etc/hosts 檔案下新增如下內容

$ vi /etc/hosts

2.檢視修改後的/etc/hosts 檔案內容

$ cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
# 以下是新增的
192.168.252.121 node1
192.168.252.122 node2
192.168.252.123 node3

2.將叢集node1 上的檔案hosts檔案 通過 scp 命令複製傳送到叢集的每一個節點

$ for a in {1..3} ; do scp /etc/hosts node$a:/etc/hosts ; done

3.檢查是否叢集每一個節點的 hosts 檔案都已經修改過來了

$ for a in {1..3} ; do ssh node$a cat /etc/hosts ; done

3.啟動 ssh 無密登入

1.在叢集node1的 /etc/ssh/sshd_config 檔案去掉以下選項的註釋

$ vi /etc/ssh/sshd_config 

RSAAuthentication yes      #開啟私鑰驗證
PubkeyAuthentication yes   #開啟公鑰驗證

2.將叢集node1 修改後的 /etc/ssh/sshd_config 通過 scp 命令複製傳送到叢集的每一個節點

$ for a in {1..3} ; do scp /etc/ssh/sshd_config node$a:/etc/ssh/sshd_config ; done

4.生成公鑰、私鑰

1.在叢集的每一個節點節點輸入命令 ssh-keygen -t rsa -P “，生成 key，一律回車

$ ssh-keygen -t rsa -P ``

[root@node1 ~]# ssh-keygen -t rsa -P ``
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
22:42:2d:15:39:cc:f6:4a:9c:da:57:5b:55:b8:18:5d root@node1
The key`s randomart image is:
+--[ RSA 2048]----+
|   ooo     . +E  |
|   o*     . +    |
|  oo.+     + .   |
| . .+ . . o .    |
|  .+....So       |
|  ..o....        |
|     .           |
|                 |
|                 |
+-----------------+

2.在叢集的node1 節點輸入命令

將叢集每一個節點的公鑰id_rsa.pub放入到自己的認證檔案中authorized_keys;

for a in {1..3}; do ssh node$a cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys; done

3.在叢集的node1 節點輸入命令

將自己的認證檔案 authorized_keys 通過 scp 命令複製傳送到每一個節點上去: /root/.ssh/authorized_keys`

for a in {1..3}; do scp /root/.ssh/authorized_keys node$a:/root/.ssh/authorized_keys ; done

4.清除node1 節點下的 .ssh/known_hosts 檔案

rm -rf ~/.ssh/known_hosts

5.在叢集的每一個節點節點輸入命令重啟ssh服務

systemctl restart sshd.service

5.驗證 ssh 無密登入

開一個其他視窗測試下能否免密登陸

例如：在node3

[root@node3 ~]# ssh node1
The authenticity of host `node1 (192.168.252.121)` can`t be established.
ECDSA key fingerprint is ab:0f:08:20:3d:7a:11:05:ea:d9:b0:0c:9e:e1:d0:97.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added `node1,192.168.252.121` (ECDSA) to the list of known hosts.
Last login: Tue Aug 22 14:00:18 2017 from 192.168.252.1

exit 退出

[root@node1 ~]# exit
logout
Connection to node1 closed.

注意：開新的其他視窗測試下能否免密登陸，把當前視窗都關了