免密登录原因
在平时运用计算机集群的时候,如若不设置免密登录,在启动平台的时候就会需要频繁的输入用户口令,这无疑会降低电脑运行速度,影响工作效率,所以才要设置免密登录
准备工作
1.准备三台虚拟机名字分别叫做master,slave1,slave2,对应IP分别为192.168.23.1 192.168.23.2 192.168.23.3
2.关闭所有机器防火墙
3.检查机器间是否可以互通
4.检查机器间的映射关系
一.我们需要在master上产生密钥,用于分发给其他电脑,命令如下,-t代表密钥类型,默认为rsa,可以忽略,在之后进行连续四次回车就可以
- [root@master ~]# ssh-keygen -t rsa
- Generating public/private rsa key pair.
- Enter file in which to save the key (/root/.ssh/id_rsa):
- Enter passphrase (empty for no passphrase):
- Enter same passphrase again:
- Your identification has been saved in /root/.ssh/id_rsa.
- Your public key has been saved in /root/.ssh/id_rsa.pub.
- The key fingerprint is:
- SHA256:2ws4RBoCmra/6qSkOzdmFaEVyYVjQFLAvFJBYzZoasw root@master
- The key's randomart image is:
- +---[RSA 2048]----+
- |**@+.=. |
- |oX.oO |
- |Boo+.o. |
- |+Eo..+ |
- |o. ... S |
- | . .. . o |
- | o o o o . |
- |* = . . . . |
- |=O.o . |
- +----[SHA256]-----+
- 二.密钥产生成功之后系统会自动在/root创建一个.ssh的文件(. ..开头的文件代表的阴藏文件),该目录会自动产生2个文件,分别是私钥文件(id rsa)和公钥文件(id_rsa.pub),以下命令用来查看公钥和私钥的详细信息
-
[root@master ~]# ls /root/.ssh/
id_rsa id_rsa.pub known_hosts
[root@master ~]# cat /root/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAyJBIx4hhYFpEZl3m6I2ek1r/zwm19D/2lv5auYds8L2V3yjS
Njs8PyatwviT3OOuuArtObs2jXGDTRxgTR4H9FvabBq4P+xWmjGQ3KqIqD3xTRnx
txMwS0mTKXRqp//5Y9hVlp7S0HOjdHjS6cJ39oc76+M1PvRE3KqNKcqyo6UFgMXJ
VXn1WCO2+7YZTirVdyRV6CHXs5BfKM0qXUC4PbnLMwrCsylCYktOIUybIofgA2Do
L1d/eKYsSBu9wSKn4JnCwd0Xe2h1kjD1VNp5Gt/YnNZTXmO1Ryw8mbWpextutM1N
w/qIUwisyOVd0hVveJMZz0XtmB1zluSSiz+oUQIDAQABAoIBAAtbWDOsPk9VbTAa
uxuKAWO4sGmJ1DrLcGwmZP7Cc2HCan0jc5vMiOHOj+JNbxn/7oHPZJVzS2iA9/1i
0PUs8SheFyUt8ib0fAbpLZnBMlHMiCBkirJiLMbmmKWtSOjQbs+/jUElJyzUj3nl
6ZOBBof4KmV2DSrObCPOqIWoS6tGcDqGIc2oCpu0j5SgF3T3H2+O/pQ1J6kXNv1S
Kr4wRde3SekY8YVn8SDjF5iCjDO/c5rd0vVeWmKI+xQDJEJnHXu/bUkyXC4qnlAj
48BkVeGzDI7WXV/12tkPosRn0zDlD1krNJUst6hMBDyOUiFCMoBkRG6kJ3o/TQHG
AzM58ZECgYEA5RMbFQ3BffFhlimuRrtQLpABjhSC6PtjB0b46PBKwoJt+hA8uysT
FOuYxivTCPxr4lPbfyNuLqNR2R2hfYCLLAjbyTkKYvVLIMGit1ct0PlRXpr/zu1l
l3kJgGmK/riFt7PlOvYlCuE7FxYFTlRy2N3W8wiaFPeXrp4//UbJJyUCgYEA4CNG
7j3MLXfJJRWoV8csTS0xq/FwuOUYKN30iSUCX/fJQXwC5cY1mPPjaFKX8Zo7xK7N
PB/lMZdbP/0jy5AJG8HhXHvPOt5b75AKoMG4pCCqHxgOYTyv1Su2t8UzUWBD4gip
3e+djjTpn95vSw2VFX6a+3XZtmIbcoe270Z0Gr0CgYEAtkkw2N0cZxMI28yJMSHn
WVYg1qX90lYQ5H6Wng5w/z15NG9tVGefhJtB9Bh1k4YCd5TRauePyy8Nd587nboH
hV/7PbHVUQ/u278as5h9DfkHxifDfi+tEw8u/299OtstFRTjSbsLmQ/HzMQqLr3G
sko9vSHQMvUfT8YAF5UXhr0CgYBXQUR2sLYQqUYz2qeLbG0xqjthDX/taroqBqYQ
0ciH5aWCia1zF+N7pM5NqYGfO4Sy/73D/0KxOJP8aCaMM4loNeTupQA6kZ/GthN9
G40uz8yKiEnozsBAw2DBT9K3hjtG/kpqrMJwPucIJoa6+BGmqX/aDrnvh2faAT1V
Dt9aHQKBgCskgmEhoa1eVwK26BY6V/FblxOIhRdpm8QRy5fJGp07bSYdXaAtFvgm
gnzZzd//c9HLMEF6+aNxNrTOGn3QC1ENQRnDneHrrSmjznjzS0+urgispMDgyyGk
dChHCADMeo+UroqnhngBLxx9zwPnEQSJJ9LJ1GBnCLlBnU1Ak0RG
-----END RSA PRIVATE KEY-----
相对于公钥文件而言,私钥文件会比较大一些。因为它的主要作用是解密。下面我们来查看公钥文件。
[root@master ~]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIkEjHiGFgWkRmXebojZ6TWv/PCbX0P/aW/lq5h2zwvZXfKNI2Ozw/Jq3C+JPc4664Cu05uzaNcYNNHGBNHgf0W9psGrg/7FaaMZDcqoioPfFNGfG3EzBLSZMpdGqn//lj2FWWntLQc6N0eNLpwnf2hzvr4zU+9ETcqo0pyrKjpQWAxclVefVYI7b7thlOKtV3JFXoIdezkF8ozSpdQLg9ucszCsKzKUJiS04hTJsih+ADYOgvV394pixIG73BIqfgmcLB3Rd7aHWSMPVU2nka39ic1lNeY7VHLDyZtal7G260zU3D+ohTCKzI5V3SFW94kxnPRe2YHXOW5JKLP6hR root@master
三.公钥文件较小,主要用来加密,以下命令用来将公钥文件拷贝到需要免密登录的节点(电脑)上,包括自身节点
[root@master ~]# ssh-copy-id master
[root@master ~]# ssh-copy-id slave1
[root@master ~]# ssh-copy-id slave2
分发过程需要输入输入用户口令,用于验证身份和加密验证,看到形如Mumber of key(s) added: 1(钥匙分发的数量)即为成功
这时候如果我们在slave1节点上查看authorized_keys文件,
[root@slave1 ~]# cat /root/.ssh/authorized_keys
可以明显的看到master的公钥已经成功的发送到了slave1节点中,slave2也是如此。最后我们要验证从master到自身、slave1和slave2的免密登录,
四.进行免密登录测试
[root@master ~]# ssh master
Last login: Fri Jan 8 19:56:28 2021 from slave1
[root@master ~]# exit
登出
Connection to master closed.
[root@master ~]# ssh slave1
Last login: Fri Jan 8 19:55:41 2021 from master
[root@slave1 ~]# exit
登出
Connection to slave1 closed.
[root@master ~]# ssh slave2
Last login: Fri Jan 8 19:48:14 2021 from 192.168.56.10
[root@slave2 ~]# exit
登出
成功后可以看出从master登录到slave1和slave2是不需要密码的,但是从slave1和slave2登录其他两台节点还是需要密码的,因为slave1和slave2我i们并没有生成密码对,并进行分别开发,就可以理解为master,slave1和slave2是三家公司,因为master公司把自己的资质,安全信息进行了打包对slave1以及slave2进行了发送,或者可以说是备案,所以master公司的人可以随意不需要密码就可以进入slave1和slave2公司,但是slave1和slave2没有将自己的资质和安全信息进行打包发送初自己外的公司,所以进入还是需要密码。