集群情况:talos112(192.169.100.112) ,talos113(192.169.100.113) ,talos114(192.169.100.114) 三台机器
操作目的:实现talos112机器到talos113,talos114的免密登陆访问
操作环境:VMWARE15、CentOS-7-x86_64-Minimal-1804
操作步骤:
- root用户登陆talos112机器,创建RSA公钥文件
[root@talos112 ~]# cd .ssh
[root@talos112 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ZwGuBNh2xfx1vKfrDG59JMlSIJ3vH4t9yJzTzbSuQuk root@talos112
The key's randomart image is:
+---[RSA 2048]----+
| o. +o . o |
| . o...o.. = o |
| . .. ...o + . |
| . . .. + .|
| . S o .+ + |
| o o. *.o|
| o .=o@=|
| E.+O+B|
| .oo=+.|
+----[SHA256]-----+
[root@talos112 .ssh]# ls
id_rsa id_rsa.pub known_hosts
[root@talos112 .ssh]#
注:a. 首次安装完的Centos虚拟机,可能没有.ssh的文件夹,只要执行ssh localhost命令就可以;
b. ssh-keygen -t rsa 命令后面直接三次回车就可以
2. 将id_rsa.pub文件拷贝到192.168.100.113,192.168.100.114两台机器上
[root@talos112 .ssh]# scp id_rsa.pub 192.168.100.113:/root/.ssh/
The authenticity of host '192.168.100.113 (192.168.100.113)' can't be established.
ECDSA key fingerprint is SHA256:YAvwTFRMgGdj+jpDIojRJVUK7v2Yzn/rl70uhQciKtg.
ECDSA key fingerprint is MD5:46:d8:34:5c:f2:e5:db:20:fc:7c:17:59:1d:22:0d:b8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.113' (ECDSA) to the list of known hosts.
root@192.168.100.113's password:
id_rsa.pub 100% 395 569.4KB/s 00:00
[root@talos112 .ssh]# scp id_rsa.pub 192.168.100.114:/root/.ssh/
The authenticity of host '192.168.100.114 (192.168.100.114)' can't be established.
ECDSA key fingerprint is SHA256:YAvwTFRMgGdj+jpDIojRJVUK7v2Yzn/rl70uhQciKtg.
ECDSA key fingerprint is MD5:46:d8:34:5c:f2:e5:db:20:fc:7c:17:59:1d:22:0d:b8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.114' (ECDSA) to the list of known hosts.
root@192.168.100.114's password:
id_rsa.pub 100% 395 406.0KB/s 00:00
[root@talos112 .ssh]#
3. 分别登陆talos113(192.168.100.113)、talos114(192.168.100.114)两台机器,使用id_rsa.pub生成授权文件authorized_keys
[root@talos114 ~]# cd .ssh
[root@talos114 .ssh]# ls
id_rsa.pub known_hosts
[root@talos114 .ssh]# cat id_rsa.pub >> authorized_keys
[root@talos114 .ssh]#
4. 在talos102(192.168.100.112)验证是否可以免密登陆talos113(192.168.100.113)和talos114(192.168.100.114)
[root@talos112 .ssh]# ssh 192.168.100.113
Last login: Thu Mar 26 23:30:16 2020 from localhost
[root@talos113 ~]#