SSH免密登陆
现在很多部署在Linux集群的软件系统都会涉及到ssh免密登陆,例如Oracle的Rac、Hadoop等,下面将简单介绍一下SSH的免密登陆
前期准备:VirtualBox软件,Ubuntu虚拟机2台(node,node1)
node:192.168.57.101
node1:192.168.57.103
现在想实现两个节点之间彼此的免密ssh登陆
生成rsa密钥
root@node:~# ssh-keygen -t rsa -P ”
参数P表示存在密码,可以在后面加自定义密码,我这里为了方便用的是-P ”空字符串表示密码为空,当然也可以不加P参数但是需要多回车两次,回车后就会在/root目录下生成ssh目录,如果你用的其他用户登陆如XX则会在/home/XX下生成.ssh目录,目录里有id_rsa和id_rsa.pub文件,这两个文件就是用来实现免密登陆的。
root@node:~# ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:jxfmhN3Oofu0DzIbGv3mGBw6VgcX5YBnkp1XemeiqfY root@node
The key's randomart image is:
+---[RSA 2048]----+
| +oo...|
| + =+.. |
| .+..+ +|
| o + o +.|
| S B * |
| @ O . |
| * # = |
| . * %.o |
| . ++E.. |
+----[SHA256]-----+
复制密钥
使用scp命令将生成的id_rsa.pub文件上传到node1指定目录
root@node:~# scp /root/.ssh/id_rsa.pub root@192.168.57.103:/root
由于目前没有实现免密登陆所以需要输入密码
The authenticity of host '192.168.57.103 (192.168.57.103)' can't be established.
ECDSA key fingerprint is SHA256:+rYv2fdh3HngKOh1p/X1LTRHn66BW9jA8EPJO6vwiN8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.57.103' (ECDSA) to the list of known hosts.
root@192.168.57.103's password:
id_rsa.pub 100% 391 0.4KB/s 00:00
添加authorzied_keys
下一步将在node1把从node复制过来的id_rsa.pub文件添加到.ssh/authorzied_keys文件中
在node1端
root@node1:~# cat id_rsa.pub >> .ssh/authorized_keys
然后再给authorized_keys添加600的权限
root@node1:~# chmod 600 .ssh/authorized_keys
至此完成了ssh免密登陆的配置,测试一下成功,同理从node1免密登陆也是一样的
root@node:~# ssh 192.168.57.103
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-62-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
8 个可升级软件包。
8 个安全更新。
Last login: Thu Jul 6 15:32:09 2017 from 192.168.57.1