root账号设备之间切换免密登录:
以root账号为例,我的三台虚拟机。
虚拟机ip | 主机名 |
---|---|
192.168.0.10 | Centos_01 |
192.168.0.11 | Centos_02 |
192.168.0.13 | Centos_03 |
- 准备工作,首先要确保三台机器都安装了ssh服务,且已经默认打开。不清楚的百度。
- 打开文件/etc/ssh/sshd_config,确保以下配置已经添加(一般是被"#“注释了,放开#):
- 三台虚拟机的/etc/hostname文件中的内容分别是Centos_01 、Centos_02 、Centos_03 ;
- 三台虚拟机的/etc/hosts文件尾部都添加以下三行内容(注意按照自己机器的ip地址来填写)
192.168.0.10 Centos_01
192.168.0.11 Centos_02
192.168.0.13 Centos_03
接下来如果在192.168.0.10中尝试去登录192.168.0.11的root用户
ssh root@Centos_02
正常情况下如果不进行配置,会出现下面操作,需要输入密码才可行。
[root@Centos_01 ~]$ ssh root@Centos_02
The authenticity of host 'Centos_02 (192.168.0.10)' can't be established.
ECDSA key fingerprint is SHA256:DJ8ZdacngzPjAszOZTpx1WudYX+u0aAUld7ZYSK9/4g.
ECDSA key fingerprint is MD5:86:78:2f:c7:c2:97:7f:79:dd:b7:d0:26:fd:bf:a6:9b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'Centos_02,192.168.0.10' (ECDSA) to the list of known hosts.
root@Centos_02's password:
Last login: Thu Feb 7 18:10:40 2019 from 192.168.119.1
[root@Centos_02 ~]$
接下来,开始进入正轨。
- 第一步生成秘钥(三台设备都要执行)
- 以root账号为例, 输入ssh-keygen -t rsa,然后一路回车,顺利生成秘钥文件,如下:
[root@Centos_01 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/root/.ssh
/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /home/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Ct6HIbAfypJpr/VLzxOeWX4WngQPUaSrJTguPN23Eh4 root@Centos_01
The key's randomart image is:
+---[RSA 2048]----+
| oo |
| .. |
| . .. |
| o . o. |
| . +o..So+ |
| +.+o=oE+. + |
|+.o=o+*oX.o o |
|..o = oO...= |
| ... o.oo.o |
+----[SHA256]-----+
[root@Centos_01 ~]$
进入此目录,我们可以看到刚刚生成的私钥和公钥
/root/.ssh
配置秘钥授权文件,以root账号登录Centos_01 设备来说;
- 生成一个空白文件
touch ~/.ssh/authorized_keys
- 将Centos_01 自己的公钥放入文件authorized_keys中
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
- 以root账号登录Centos_02设备,执行以下命令,即可将Centos_02的公钥传输到Centos_01机器,文件名为Centos_02.id_rsa.pub:
scp ~/.ssh/id_rsa.pub root@Centos_01:~/.ssh/Centos_02.id_rsa.pub
上传过程要输入Centos_01的root账号的密码,输入后传输完成,在Centos_01的/home/Centos_01 /.ssh目录下,多了个名为Centos_02.id_rsa.pub的文件;
- 在Centos_01机器执行以下命令,即可将Centos_02.id_rsa.pub的内容写入authorized_keys文件:
cat ~/.ssh/node1.id_rsa.pub >> ~/.ssh/authorized_keys
此时authorized_keys文件中已经有了node0和node1的公钥
- 以root账号登录Centos_03机器,执行以下命令,即可将Centos_03的公钥传输到Centos_01机器,文件名为Centos_03.id_rsa.pub:
scp ~/.ssh/id_rsa.pub root@Centos_01:~/.ssh/Centos_03.id_rsa.pub
- 在Centos_01机器执行以下命令,即可将Centos_03.id_rsa.pub的内容写入authorized_keys文件:
此时Centos_01的authorized_keys文件中已经有了三台设备的公钥;
- 接下来我们需要将第一台设备的authorized_keys文件分发到,Centos_02,Centos_03机器上。
以Centos_01为例,执行下面命令,将authorized_keys分发到Centos_02上:
scp ~/.ssh/authorized_keys root@Centos_02:~/.ssh/
- 执行下面命令,将authorized_keys分发到Centos_03上:
scp ~/.ssh/authorized_keys root@Centos_03:~/.ssh/
至此,秘钥授权文件已经同步到所有机器,如果前面的所有操作用的是root账号,此时已经可以免密码登录成功了。如下所示,不需要输入密码,就可以直接登录了 。