一、准备工作
id_rsa :私钥
id_rsa.pub :公钥
2.生成公钥认证文件,并更改权限
1. 打开本机的ssh的配置文件
sudo vi /etc/ssh/sshd_config
把以下内容的行删除注释符号“#”
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
2. 然后重新启动sshd的服务
service sshd restart
3. 由于CentOS6.5对于网络的管理相对较于严格,所以需要修改下安全配置,即关闭selinux
[root@master ~]vi /etc/selinux/config
修改以下内容:
将
SELINUX=enforcing
修改为
SELINUX=disabled
4.附加:如果您的centos安装好之后不能上网,即ping baidu.com时提示connect network is unreachable,很有可能是DHCP的问题,是要输入 sudo dhclient 就可以了。
二、配置SSH免密码登录
1. 生成公钥和私钥(只要一路回车就可以了)
[root@master ~]ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/usera/.ssh/id_rsa):
Created directory '/home/usera/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/usera/.ssh/id_rsa.
Your public key has been saved in /home/usera/.ssh/id_rsa.pub.
The key fingerprint is:
39:f2:fc:70:ef:e9:bd:05:40:6e:64:b0:99:56:6e:01 usera@serverA
The key's randomart image is:
+--[ RSA 2048]----+
| Eo* |
| @ . |
| = * |
| o o . |
| . S . |
| + . . |
| + . .|
| + . o . |
| .o= o. |
+-----------------+
默认在 ~/.ssh目录生成两个文件:
id_rsa :私钥
id_rsa.pub :公钥
2.生成公钥认证文件,并更改权限
$cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[root@master ~]$chmod 700 ~/.ssh/
[root@master ~]$chmod 600 ~/.ssh/authorized_keys
3.将生成的公钥认证文件复制到其他节点机器
[root@master ~]$scp ~/.ssh/id_rsa.pub root@slave1:/home/id_rsa.pub
[root@master ~]$scp ~/.ssh/id_rsa.pub root@slave2:/home/id_rsa.pub
4.附加:若用过以上方法,输入 ssh localhost 还是需要提示输入密码,这个时候就试试以下方法,通过在每台节点上执行ssh-copy-id的命令,将生成的公钥自动添加到authorized_keys中。
[root@master ~]$ cd ~/.ssh
[root@master .ssh]$ ssh-copy-id -i id_rsa.pub "-p 22 root@slave1"
[root@master .ssh]$ ssh-copy-id -i id_rsa.pub "-p 22 root@slave2"
若出现以下信息则代表复制成功!
Now try logging into the machine, with "ssh '-p 22 root@192.168.4.244'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
然后在测试ssh localhost ,免密成功!