我的环境:两台linux主机,主机名分别为:rhel6和rhel6cp
这里以rhel6登录到rhel6cp为例进行讲解。
配置方式有两种:1、原始方式 2、ssh工具
(1)原始方式
a.因为主机rhel6要无密码ssh到主机rhel6cp,所以需要在主机rhel6上创建公钥和私钥。
[hadoop@rhel6 ~]$ pwd
/home/hadoop
[hadoop@rhel6 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Created directory '/home/hadoop/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
10:46:72:2f:dc:cb:bd:de:d5:95:4d:41:63:46:e8:69 hadoop@rhel6
The key's randomart image is:
+--[ RSA 2048]----+
| ..= +B |
| = + .o o|
| + o . . .|
| + o E .o|
| S . . .o|
| . ..|
| . . .|
| . . . |
| . . |
+-----------------+
b.将主机rhel6的公钥拷贝到主机rhel6cp的目录下
[hadoop@rhel6 ~]$ cd .ssh
[hadoop@rhel6 .ssh]$ ls
id_rsa id_rsa.pub
[hadoop@rhel6 .ssh]$ scp id_rsa.pub rhel6cp:/home/hadoop
The authenticity of host 'rhel6cp (192.168.60.234)' can't be established.
RSA key fingerprint is de:eb:e1:13:a0:b8:fe:be:b8:40:ff:3a:6c:ce:00:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rhel6cp,192.168.60.234' (RSA) to the list of known hosts.
hadoop@rhel6cp's password:
id_rsa.pub 100% 394 0.4KB/s 00:00
c.在主机rhel6cp上创建目录.ssh,并创建授权列表文件authorized_keys文件,同时将主机rhel6的公钥文件追加到authorized_keys文件中
[hadoop@rhel6cp ~]$ pwd
/home/hadoop
[hadoop@rhel6cp ~]$ mkdir .ssh
[hadoop@rhel6cp ~]$ cat id_rsa.pub >> .ssh/authorized_keys
d. 在主机rhel6cp上修改文件权限
[hadoop@rhel6cp ~]$ pwd
/home/hadoop
[hadoop@rhel6cp ~]$ ls -ld .ssh
drwxrwxr-x. 2 hadoop hadoop 4096 Jan 17 00:55 .ssh
[hadoop@rhel6cp ~]$ chmod 700 .ssh
[hadoop@rhel6cp ~]$ ls -ld .ssh
drwx------. 2 hadoop hadoop 4096 Jan 17 00:55 .ssh
[hadoop@rhel6cp .ssh]$ pwd
/home/hadoop/.ssh
[hadoop@rhel6cp .ssh]$
[hadoop@rhel6cp .ssh]$ ll
total 4
-rw-rw-r--. 1 hadoop hadoop 394 Jan 17 00:55 authorized_keys
[hadoop@rhel6cp .ssh]$ chmod 600 authorized_keys
[hadoop@rhel6cp .ssh]$ ll
total 4
-rw-------. 1 hadoop hadoop 394 Jan 17 00:55 authorized_keys
e. 进行ssh远程登录验证
[hadoop@rhel6 ~]$ hostname
rhel6
[hadoop@rhel6 ~]$ ssh hadoop@rhel6cp
[hadoop@rhel6cp ~]$ hostname
rhel6cp
[hadoop@rhel6cp ~]$ exit
logout
Connection to rhel6cp closed.
[hadoop@rhel6 ~]$ hostname
rhel6
OK,这种配置方式没有问题。
(2)使用ssh工具进行配置。
在进行ssh工具配置之前,先删除之前的ssh配置信息。
[hadoop@rhel6 ~]$ hostname
rhel6
[hadoop@rhel6 ~]$ pwd
/home/hadoop
[hadoop@rhel6 ~]$
[hadoop@rhel6 ~]$ rm -fr .ssh
[hadoop@rhel6 ~]$
[hadoop@rhel6cp ~]$ hostname
rhel6cp
[hadoop@rhel6cp ~]$
[hadoop@rhel6cp ~]$ pwd
/home/hadoop
[hadoop@rhel6cp ~]$
[hadoop@rhel6cp ~]$ rm -fr .ssh
[hadoop@rhel6cp ~]$
[hadoop@rhel6cp ~]$
a. 在主机rhel6上执行ssh-keygen生成公钥和私钥。
[hadoop@rhel6 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Created directory '/home/hadoop/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
d1:12:79:86:b6:38:54:5e:44:b2:b5:f9:ac:15:f4:fd hadoop@rhel6
The key's randomart image is:
+--[ RSA 2048]----+
| .+== . |
| ..+Bo+ . . |
| . o=++ . . .|
| o .o o . .|
| .S + E|
| o |
| . |
| |
| |
+-----------------+
b. 在主机rhel6上执行ssh-copy-id来自动化拷贝主机rhel6的公钥到主机rhel6cp,并修改相应的权限位。
[hadoop@rhel6 ~]$ ssh-copy-id rhel6cp
The authenticity of host 'rhel6cp (192.168.60.234)' can't be established.
RSA key fingerprint is de:eb:e1:13:a0:b8:fe:be:b8:40:ff:3a:6c:ce:00:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rhel6cp,192.168.60.234' (RSA) to the list of known hosts.
hadoop@rhel6cp's password:
Now try logging into the machine, with "ssh 'rhel6cp'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[hadoop@rhel6 ~]$
c. 在rhel6上使用ssh进行远程登录验证
[hadoop@rhel6 ~]$ ssh hadoop@rhel6cp
Last login: Tue Jan 17 00:58:05 2017 from 192.168.60.231
[hadoop@rhel6cp ~]$ hostname
rhel6cp
[hadoop@rhel6cp ~]$ exit
logout
Connection to rhel6cp closed.
[hadoop@rhel6 ~]$ hostname
rhel6
[hadoop@rhel6 ~]$
Ok,这样方式也没有问题,使用ssh-copy-id工具帮我们做了很多事情。