CentOS7配置免密码登陆

4台主机

192.168.248.132 mini01

192.168.248.133 mini02
192.168.248.134 mini03
192.168.248.135 mini04

三台主机检查 ~/.ssh 文件夹没有则新建

ssh-keygen -t rsa 一路狂按回车,最终生成（id_rsa,id_rsa.pub两个文件）.

[root@localhost etc]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:+ip+Um7Kya+ceNIeG6Yv0d1QRR9omMBss5XJQ+zjwws root@mini01
The key's randomart image is:
+---[RSA 2048]----+
|     o.=.Bo..    |
|      = @ o. .   |
|     . * o  .    |
|      o o        |
|   . . =S.       |
|  . . E.=        |
|   o+o.. o       |
|  oB=*+..        |
|  oB&Oo..        |
+----[SHA256]-----+

把id_rsa.pub 复制到133,134,135三台node上去.

scp ~/.ssh/id_rsa.pub root@192.168.248.133:~/.ssh

scp ~/.ssh/id_rsa.pub root@192.168.248.134:~/.ssh

scp ~/.ssh/id_rsa.pub root@192.168.248.135:~/.ssh

[root@localhost ~]# scp ~/.ssh/id_rsa.pub root@mini02:~/.ssh
root@mini02's password: 
id_rsa.pub                                                                         100%  393   147.7KB/s   00:00 

[root@localhost ~]# scp ~/.ssh/id_rsa.pub root@mini03:~/.ssh
The authenticity of host 'mini03 (192.168.248.134)' can't be established.
ECDSA key fingerprint is SHA256:lDdIo2ZoWMx+BrnTlPHubdkYfQ+0TkflYhlE8HEGnNE.
ECDSA key fingerprint is MD5:6c:a2:e2:f3:70:11:0f:00:bb:33:9a:77:1d:cb:0a:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'mini03' (ECDSA) to the list of known hosts.
root@mini03's password: 
id_rsa.pub                                                                         100%  393   141.6KB/s   00:00    

[root@localhost ~]# scp ~/.ssh/id_rsa.pub root@mini04:~/.ssh
The authenticity of host 'mini04 (192.168.248.135)' can't be established.
ECDSA key fingerprint is SHA256:lDdIo2ZoWMx+BrnTlPHubdkYfQ+0TkflYhlE8HEGnNE.
ECDSA key fingerprint is MD5:6c:a2:e2:f3:70:11:0f:00:bb:33:9a:77:1d:cb:0a:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'mini04' (ECDSA) to the list of known hosts.
root@mini04's password: 
id_rsa.pub                                                                         100%  393   190.3KB/s   00:00    

切换到133,134,135，生成authorized_keys. cat id_rsa.pub >> authorized_keys

[root@localhost .ssh]# cat id_rsa.pub >> authorized_keys

然后把authorized_keys scp到132.

[root@localhost .ssh]# scp ~/.ssh/authorized_keys root@mini01:~/.ssh 
The authenticity of host 'mini01 (192.168.248.132)' can't be established.
ECDSA key fingerprint is SHA256:lDdIo2ZoWMx+BrnTlPHubdkYfQ+0TkflYhlE8HEGnNE.
ECDSA key fingerprint is MD5:6c:a2:e2:f3:70:11:0f:00:bb:33:9a:77:1d:cb:0a:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'mini01,192.168.248.132' (ECDSA) to the list of known hosts.
root@mini01's password: 
authorized_keys                                                                    100%  393   178.2KB/s   00:00

然后把三台机器 .ssh/ 文件夹权限改为700，authorized_keys文件权限改为600（or 644）.

chmod 700 ~/.ssh

chmod 600 ~/.ssh/authorized_keys

三台主机改配置文件:

vi /etc/ssh/sshd_config

#禁用root账户登录，如果是用root用户登录请开启
PermitRootLogin yes

# 是否让 sshd 去检查用户家目录或相关档案的权限数据，
# 这是为了担心使用者将某些重要档案的权限设错，可能会导致一些问题所致。
# 例如使用者的 ~.ssh/ 权限设错时，某些特殊情况下会不许用户登入
StrictModes no

# 是否允许用户自行使用成对的密钥系统进行登入行为，仅针对 version 2。
# 至于自制的公钥数据就放置于用户家目录下的 .ssh/authorized_keys 内
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

# 有了证书登录了，就禁用密码登录吧，安全要紧
PasswordAuthentication no

启动ssh服务

/bin/systemctl start sshd.service

reboot

然后试试效果

​