实验环境:
三台centos主机
方法一:在各自主机上分别生成私钥公钥对,然后把所有公钥复制到其中一台主机上的authorized_keys文件中,最后把这个文件又分别复制到其他主机。
一、在三台主机上分别生成密钥对。
1、192.168.147.128主机
[root@centos6 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): ##不输,默认保存在/root/.ssh/id_rsa中
Enter passphrase (empty for no passphrase): ##不输入私钥密码
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a0:e0:8f:5f:59:a1:ea:69:bc:d6:d8:27:30:eb:72:b7 root@centos6.cwj.com
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . . . |
| . . . o . |
| . . . S |
| oo. o |
| ..oBo |
| .oBo= . |
| **oE+ |
+-----------------+
[root@centos6 ~]# ssh-copy-id 192.168.147.128 ##把公钥复制到自己的authorized_keys
文件中
root@192.168.147.128's password:
Now try logging into the machine, with "ssh '192.168.147.128'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
2、192.168.147.129主机
[root@centos7 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y ##覆盖已存在的私钥
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:OeveQND3blO4XVkH2Qc5Bm4ShAbhPIu6WFh7nr2pWWw root@centos7.cwj.com
The key's randomart image is:
+---[RSA 2048]----+
| oo oo ..o= |
| o .o o =.o|
| =.. o o. .+|
| . + o + . +|
| . . . S o ...|
| o o . . o . + . |
|. + . E o = . |
| o + * o o . . |
|. . =.+oo . |
+----[SHA256]-----+
[root@centos7 ~]# ssh-copy-id 192.168.147.128
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.147.128's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.147.128'"
and check to make sure that only the key(s) you wanted were added.
3、192.168.147.130主机
[root@centos6 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
ea:77:1a:c0:92:6a:04:c0:ee:92:2c:a8:53:f0:7d:18 root@centos6.cwj.com
The key's randomart image is:
+--[ RSA 2048]----+
|o |
|.. |
|o |
|.o Eo |
|++..ooo S |
|=+o.o..o |
|+.o .. . |
|o. . ... |
| . ...o |
+-----------------+
[root@centos6 ~]# ssh-copy-id -i .ssh/id_rsa 192.168.147.128
^C[root@centos6 ~]#
[root@centos6 ~]# ssh-copy-id -i .ssh/id_rsa.pub 192.168.147.128
root@192.168.147.128's password:
Now try logging into the machine, with "ssh '192.168.147.128'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
二、把192.147.168.128主机上的authorized_keys文件复制到其他两台主机。
查看authorized_keys文件。
[root@centos6 ~]# cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsVp9rEI9fbKRYXpERHT2hJA4gptvNRxWBAQf6gRJp25+nKNswGO8aiyW7MDA4xH3yHroPix8VeiPi4exLdlAfs3uzmlzUw3wgEuCYPF/i5GgMYVq5tzIRMdN2Cs5zzN+zCHJSw3mrEEZSyjdEntm1LZ5buOMKjLbkU8u3ES5LZAE32m+FcWxakJf3i18iXcKK9fg07dDcOIGNL4hL/XzHeL4wAfVlAQWsMoDp1PeByLuVIKlnIGalzhZE9oWlE/9K6pEjf4MsXq92y/4WnhDejzh7u7fsgVe+7d5j4YP+HgIL9VRvftgBQQDp+TCszaVx9czSuhMNzFgnbaCguyW0Q== rsa 2048-040219
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuNu8Ahn8uLjazCvoyLuWVHcHiaHcD9HvukUle64S/AqRNM0lHGhTq6Aw9bDDMt6g31bJCC/X/DahVnKC4rbkackyjahbKHCuYqTE6UVyCGjd+stXC0w2tuB6KsBbRF6xX7NuLSary7I3H3ORMY0DshKpes7ZPUDRiLzNcbNUdPj7QJkZbKQa7Z9op2mYRAjYIEWvf6ArceYUWHO/0UkeYWxcq9pfnHuEClMR3Mka1x+EftH+U5PPUHJrNd/EZVPxwlEVK/1MCV3+zlnSukH49L2UYB8JWOGe6z7Eh7JgKjXtuhCr7+H1q9I8C77orrmKzu4AF0XjD6KLckalSkSGQw== root@centos6.cwj.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPNxStuQRpBME6h/VS6kxwL6ERJJB5fK6NKnEBAgWHY2ktu29ksiXGK0cn9P5CNHZdPrkOksmuUhskPD5Zwein5GA0lPGqpGvpGe5inuz9g+MgF3e+2L5RwwaXpCtlGi1CZpt+b/JdkasayEPpbb+3209U7ZcnlBTTof/pdCX88EtjRm9/QiPkBsfq15Nsnzw9kHdblOvjoLFOUmNIKaxXIPB5pE6CechREWimtW58ruC1F+LotJKmsb5SQWo5m03iD5vZmDdr0Ienyr8urYxAkkhK5KFXObhZofiVS6wAOkv7cD+zHiItJTU5cHObr4y8vXNZoNxJO4c5qyhvRVI7 root@centos7.cwj.com
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvcqo1zAzlg1Ltntnc8njpZrhGMsmx0hC0Wn+kJIFDlJ4DmAI4mX1z5NQqq0xmoWNEHzRX5k7Wlf6gCFCxJ5oGfqgK4EJzcSQMrKRRMC7lJ4A7beTWcGPc/dDYgydpjWxHaQzcKl2RiKEn/FdMsAJtDRxeb74qDwQTnLrm+ZVRmwYRbyV188lwjaHeTAyxe5nRh3Nh82K0sGr2czoMmEwpn9mb73W+ugDenNr18HhGgs4E+h3Ly+8cjgCtRppsgV8+FmtxBXb/c+KNp34MAJ56yaKvK5jDEbVGXjLdIC4lOTfMjDrinFZ1l0h+tGCoWBNZ6ASn141GFbEMntfHCnzYQ== root@centos6.cwj.com
复制文件
[root@centos6 ~]# scp .ssh/authorized_keys 192.168.147.129:/root/.ssh/
root@192.168.147.129's password:
authorized_keys 100% 1603 1.6KB/s 00:00
[root@centos6 ~]# scp .ssh/authorized_keys 192.168.147.130:/root/.ssh/
root@192.168.147.130's password:
authorized_keys 100% 1603 1.6KB/s 00:00
三、到这里就可以实现三台主机直接基于key验证了。接下来测试一下。
在128主机上ssh连接测试
[root@centos6 ~]# ssh 192.168.147.129
Last login: Thu Oct 17 08:21:37 2019 from 192.168.147.1
[root@centos7 ~]# exit
logout
Connection to 192.168.147.129 closed.
[root@centos6 ~]# ssh 192.168.147.130
Last login: Wed Oct 16 18:00:31 2019 from 192.168.147.1
[root@centos6 ~]# exit
logout
Connection to 192.168.147.130 closed.
在129主机上连接测试
[root@centos7 ~]# ssh 192.168.147.128
Last login: Wed Oct 16 16:49:13 2019 from 192.168.147.1
[root@centos6 ~]# exit
logout
Connection to 192.168.147.128 closed.
[root@centos7 ~]# ssh 192.168.147.130
Last login: Wed Oct 16 20:24:23 2019 from 192.168.147.128
[root@centos6 ~]# exit
logout
Connection to 192.168.147.130 closed.
方法二:所有主机共用一把钥匙。
在一台主机上执行
1、ssh-keygen生成秘钥对
[root@centos6 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a0:e0:8f:5f:59:a1:ea:69:bc:d6:d8:27:30:eb:72:b7 root@centos6.cwj.com
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . . . |
| . . . o . |
| . . . S |
| oo. o |
| ..oBo |
| .oBo= . |
| **oE+ |
+-----------------+
2、把公钥复制到自己:ssh-copy-id
[root@centos6 ~]# ssh-copy-id
Usage: /usr/bin/ssh-copy-id [-i [identity_file]] [user@]machine
[root@centos6 ~]# ssh-copy-id 192.168.147.128
root@192.168.147.128's password:
Now try logging into the machine, with "ssh '192.168.147.128'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
3、把.ssh/整个目录复制到其他主机。注意保留权限。
[root@centos6 ~]# scp -pr .ssh 192.168.147.129
[root@centos6 ~]# scp -pr .ssh 192.168.147.130