构建双向密钥对验证ssh--------实例

注：做实验前确保系统中安装好了(建议使用yum安装)
openssh-5.3p1-94.el6.x86_64
openssh-clients-5.3p1-94.el6.x86_64
软件包
1、首先为两台需要验证的机器添加hadoop用户

第一台
[root@dhcp ~]# useradd hadoop && echo "123" | passwd --stdin hadoop
更改用户 hadoop 的密码 。
passwd：所有的身份验证令牌已经成功更新。
第二台
[root@zhongji ~]#  useradd hadoop && echo "123" | passwd --stdin hadoop
更改用户 hadoop 的密码 。
passwd： 所有的身份验证令牌已经成功更新。

2、切换到hadoop用户模式

第一台
[root@dhcp ~]# su hadoop
[hadoop@dhcp root]$ 
第二台
[root@zhongji ~]# su hadoop
[hadoop@zhongji root]$ 

3、设置密钥对

第一台
[hadoop@dhcp root]$ ssh-keygen -t rsa           #创建本地密钥对
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): 
Created directory '/home/hadoop/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
01:9c:0c:9c:d4:08:dd:28:c1:fa:74:ad:ee:0e:e1:22 hadoop@dhcp
The key's randomart image is:
+--[ RSA 2048]----+
| .o*oX..         |
|  o * *.         |
| . . .  .        |
|. . . .  .       |
| o.. .  S        |
| ....            |
|E o.             |
|.. ..            |
|   oo            |
+-----------------+
[hadoop@dhcp root]$ ls /home/hadoop/.ssh/     #查看家目录用，说明创建成功
id_rsa  id_rsa.pub

第二台
[hadoop@zhongji root]$ ssh-keygen -t rsa       #创建本地密钥对
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): 
Created directory '/home/hadoop/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
38:e9:9b:ae:df:0e:b1:bb:2c:f1:8e:64:b1:f3:47:2e hadoop@zhongji
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|       o         |
|    . = S        |
|    .+ +.        |
|    =o+o         |
|   o.=E*o        |
|    o*@=o        |
+-----------------+
[hadoop@zhongji root]$ ls /home/hadoop/.ssh/        #查看家目录用，说明创建成功
id_rsa  id_rsa.pub

4、将公钥上传到要登录的机器上

	第一台	
	[hadoop@dhcp root]$ ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub hadoop@192.168.59.5     #上传公钥
	The authenticity of host '192.168.59.5 (192.168.59.5)' can't be established.
	RSA key fingerprint is 0f:b0:4b:2b:ed:6b:65:95:e6:1e:45:d7:12:06:6a:04.
	Are you sure you want to continue connecting (yes/no)? yes
	/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
	/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
	hadoop@192.168.59.5's password: 
	
	Number of key(s) added: 1
	
	Now try logging into the machine, with:   "ssh 'hadoop@192.168.59.5'"
	and check to make sure that only the key(s) you wanted were added.
	
	第二台
	[hadoop@zhongji root]$ ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub hadoop@192.168.59.100           #上传公钥
	The authenticity of host '192.168.59.100 (192.168.59.100)' can't be established.
	RSA key fingerprint is 28:9a:63:56:e2:73:3f:ab:87:6f:27:be:75:f0:c8:f6.
	Are you sure you want to continue connecting (yes/no)? yes
	Warning: Permanently added '192.168.59.100' (RSA) to the list of known hosts.
	hadoop@192.168.59.100's password: 
	Now try logging into the machine, with "ssh 'hadoop@192.168.59.100'", and check in:
	
	  .ssh/authorized_keys
	
	to make sure we haven't added extra keys that you weren't expecting.

6、测试

第一台成功登陆第二台
[hadoop@dhcp root]$ ssh hadoop@192.168.59.5
[hadoop@zhongji ~]$ 

第二台
[hadoop@zhongji root]$ ssh hadoop@192.168.59.100
Last login: Fri Aug 16 17:46:48 2019
[hadoop@dhcp ~]$