三台主机互相基于key验证的ssh连接

实验环境：
三台centos主机
方法一：在各自主机上分别生成私钥公钥对，然后把所有公钥复制到其中一台主机上的authorized_keys文件中，最后把这个文件又分别复制到其他主机。
一、在三台主机上分别生成密钥对。
1、192.168.147.128主机

[root@centos6 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):  ##不输，默认保存在/root/.ssh/id_rsa中
Enter passphrase (empty for no passphrase):    ##不输入私钥密码
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a0:e0:8f:5f:59:a1:ea:69:bc:d6:d8:27:30:eb:72:b7 root@centos6.cwj.com
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|  .   . .        |
| . . . o .       |
|  . . . S        |
|   oo. o         |
|  ..oBo          |
|  .oBo= .        |
|   **oE+         |
+-----------------+
[root@centos6 ~]# ssh-copy-id 192.168.147.128  ##把公钥复制到自己的authorized_keys
文件中
root@192.168.147.128's password: 
Now try logging into the machine, with "ssh '192.168.147.128'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

2、192.168.147.129主机

[root@centos7 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y   ##覆盖已存在的私钥
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:OeveQND3blO4XVkH2Qc5Bm4ShAbhPIu6WFh7nr2pWWw root@centos7.cwj.com
The key's randomart image is:
+---[RSA 2048]----+
|      oo oo ..o= |
|     o .o  o  =.o|
|      =.. o o. .+|
|     . + o + .  +|
|  . . . S   o ...|
| o o . . o . + . |
|. + . E o   = .  |
| o + * o o . .   |
|. . =.+oo .      |
+----[SHA256]-----+
[root@centos7 ~]# ssh-copy-id 192.168.147.128
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.147.128's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.147.128'"
and check to make sure that only the key(s) you wanted were added.

3、192.168.147.130主机

[root@centos6 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
ea:77:1a:c0:92:6a:04:c0:ee:92:2c:a8:53:f0:7d:18 root@centos6.cwj.com
The key's randomart image is:
+--[ RSA 2048]----+
|o                |
|..               |
|o                |
|.o  Eo           |
|++..ooo S        |
|=+o.o..o         |
|+.o  .. .        |
|o.   .  ...      |
| .    ...o       |
+-----------------+
[root@centos6 ~]# ssh-copy-id -i .ssh/id_rsa 192.168.147.128 
^C[root@centos6 ~]# 
[root@centos6 ~]# ssh-copy-id -i .ssh/id_rsa.pub 192.168.147.128 
root@192.168.147.128's password: 
Now try logging into the machine, with "ssh '192.168.147.128'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

二、把192.147.168.128主机上的authorized_keys文件复制到其他两台主机。
查看authorized_keys文件。

[root@centos6 ~]# cat .ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsVp9rEI9fbKRYXpERHT2hJA4gptvNRxWBAQf6gRJp25+nKNswGO8aiyW7MDA4xH3yHroPix8VeiPi4exLdlAfs3uzmlzUw3wgEuCYPF/i5GgMYVq5tzIRMdN2Cs5zzN+zCHJSw3mrEEZSyjdEntm1LZ5buOMKjLbkU8u3ES5LZAE32m+FcWxakJf3i18iXcKK9fg07dDcOIGNL4hL/XzHeL4wAfVlAQWsMoDp1PeByLuVIKlnIGalzhZE9oWlE/9K6pEjf4MsXq92y/4WnhDejzh7u7fsgVe+7d5j4YP+HgIL9VRvftgBQQDp+TCszaVx9czSuhMNzFgnbaCguyW0Q== rsa 2048-040219
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuNu8Ahn8uLjazCvoyLuWVHcHiaHcD9HvukUle64S/AqRNM0lHGhTq6Aw9bDDMt6g31bJCC/X/DahVnKC4rbkackyjahbKHCuYqTE6UVyCGjd+stXC0w2tuB6KsBbRF6xX7NuLSary7I3H3ORMY0DshKpes7ZPUDRiLzNcbNUdPj7QJkZbKQa7Z9op2mYRAjYIEWvf6ArceYUWHO/0UkeYWxcq9pfnHuEClMR3Mka1x+EftH+U5PPUHJrNd/EZVPxwlEVK/1MCV3+zlnSukH49L2UYB8JWOGe6z7Eh7JgKjXtuhCr7+H1q9I8C77orrmKzu4AF0XjD6KLckalSkSGQw== root@centos6.cwj.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPNxStuQRpBME6h/VS6kxwL6ERJJB5fK6NKnEBAgWHY2ktu29ksiXGK0cn9P5CNHZdPrkOksmuUhskPD5Zwein5GA0lPGqpGvpGe5inuz9g+MgF3e+2L5RwwaXpCtlGi1CZpt+b/JdkasayEPpbb+3209U7ZcnlBTTof/pdCX88EtjRm9/QiPkBsfq15Nsnzw9kHdblOvjoLFOUmNIKaxXIPB5pE6CechREWimtW58ruC1F+LotJKmsb5SQWo5m03iD5vZmDdr0Ienyr8urYxAkkhK5KFXObhZofiVS6wAOkv7cD+zHiItJTU5cHObr4y8vXNZoNxJO4c5qyhvRVI7 root@centos7.cwj.com
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvcqo1zAzlg1Ltntnc8njpZrhGMsmx0hC0Wn+kJIFDlJ4DmAI4mX1z5NQqq0xmoWNEHzRX5k7Wlf6gCFCxJ5oGfqgK4EJzcSQMrKRRMC7lJ4A7beTWcGPc/dDYgydpjWxHaQzcKl2RiKEn/FdMsAJtDRxeb74qDwQTnLrm+ZVRmwYRbyV188lwjaHeTAyxe5nRh3Nh82K0sGr2czoMmEwpn9mb73W+ugDenNr18HhGgs4E+h3Ly+8cjgCtRppsgV8+FmtxBXb/c+KNp34MAJ56yaKvK5jDEbVGXjLdIC4lOTfMjDrinFZ1l0h+tGCoWBNZ6ASn141GFbEMntfHCnzYQ== root@centos6.cwj.com

复制文件

[root@centos6 ~]# scp .ssh/authorized_keys 192.168.147.129:/root/.ssh/
root@192.168.147.129's password: 
authorized_keys                                                                                                                           100% 1603     1.6KB/s   00:00    
[root@centos6 ~]# scp .ssh/authorized_keys 192.168.147.130:/root/.ssh/
root@192.168.147.130's password: 
authorized_keys                                                                                                                           100% 1603     1.6KB/s   00:00

三、到这里就可以实现三台主机直接基于key验证了。接下来测试一下。
在128主机上ssh连接测试

[root@centos6 ~]# ssh 192.168.147.129
Last login: Thu Oct 17 08:21:37 2019 from 192.168.147.1
[root@centos7 ~]# exit
logout
Connection to 192.168.147.129 closed.
[root@centos6 ~]# ssh 192.168.147.130
Last login: Wed Oct 16 18:00:31 2019 from 192.168.147.1
[root@centos6 ~]# exit
logout
Connection to 192.168.147.130 closed.

在129主机上连接测试

[root@centos7 ~]# ssh 192.168.147.128
Last login: Wed Oct 16 16:49:13 2019 from 192.168.147.1
[root@centos6 ~]# exit
logout
Connection to 192.168.147.128 closed.
[root@centos7 ~]# ssh 192.168.147.130
Last login: Wed Oct 16 20:24:23 2019 from 192.168.147.128
[root@centos6 ~]# exit
logout
Connection to 192.168.147.130 closed.

方法二：所有主机共用一把钥匙。
在一台主机上执行
1、ssh-keygen生成秘钥对

[root@centos6 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a0:e0:8f:5f:59:a1:ea:69:bc:d6:d8:27:30:eb:72:b7 root@centos6.cwj.com
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|  .   . .        |
| . . . o .       |
|  . . . S        |
|   oo. o         |
|  ..oBo          |
|  .oBo= .        |
|   **oE+         |
+-----------------+

2、把公钥复制到自己：ssh-copy-id

[root@centos6 ~]# ssh-copy-id
Usage: /usr/bin/ssh-copy-id [-i [identity_file]] [user@]machine
[root@centos6 ~]# ssh-copy-id 192.168.147.128
root@192.168.147.128's password: 
Now try logging into the machine, with "ssh '192.168.147.128'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

3、把.ssh/整个目录复制到其他主机。注意保留权限。

[root@centos6 ~]# scp  -pr  .ssh  192.168.147.129
[root@centos6 ~]# scp  -pr  .ssh  192.168.147.130