请建立如下信任关系:
seekf09用户到uoakf09用户的信任关系擦
seekf09用户到devdata服务器擦用户的信任关系
uoakf09用户到ideploy服务器devdata用户的信任关系
以建立seekf09用户到uoakf09用户的信任关系为例:
1) 切换到seekf09用户,
生成rsa公钥私钥对,id_rsa是私钥,id_rsa.pub是公钥
su – seekf09
ssh-keygen –t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/seekf09/.ssh/id_rsa):<回车>
Created directonry '/home/seekf09/.ssh'.
Enter passphrase (empty for no passphrase): <回车>
Enter same passphrase again: <回车>
Your identification has been saved in /home/seekf09/.ssh/id_rsa.
Your public key has been saved in /home/seekf09/.ssh/id_rsa.pub.
The key fingerprint is:
91:15:58:d0:d6:a7:b3:36:ea:55:f8:fb:90:38:89:f5 seekf09@linux190
2)uoakf09用户通过ftp下载id_rsa.pub(公钥),并添加到~uoa/.ssh/authorized_keys文件
su – uoakf09
在用户home目录下新建.ssh目录,或确认这个目录存在
mkdir .ssh
使用ftp登录到seekf09用户,建立其他三个信任关系,需要从ideploy服务器登录到本安装目标单板,IP要换成本安装目标单板的IP
ftp>cd ~seekf09/.ssh
ftp>lcd ~uoakf09/.ssh
下载id_rsa.pub并改名为id_rsa.pub.see_190(格式不限,最好注明用户名和单板)
ftp>get id_rsa.pub id_rsa.pub.see_190
退出ftp
ftp>exit
切换到uoa用户home目录下的.ssh目录
cd ~/.ssh/
追加id_rsa.pub.see_190到authorized_keys文件,如果authorized_keys文件不存在,命令会自动创建这个文件。
注意:用两个连续的“>”,文件原来内容保留,新内容追加到文件末尾,
而如果使用一个“>”,文件原来内容会被覆盖
cat id_rsa.pub.see_190 >> authorized_keys
3)验证信任关系是否建立:
如果当前用户是see,以uoa用户登陆sftp不需要输入密码(sftp uoa@10.x.x.x),并且y不需要任何输入,直接连接,则信任关系建立成功
注意:
1.建立信任关系后至少用sftp登陆一次,接受RSA密钥并自动保存到~/ .ssh/known_hosts文件,以后不需要任何输入可直接登陆sftp
2.如果确认操作没有问题,但当前用户是seekf09以uoakf09用户登陆sftp仍需要输入密码,可以尝试反向连接,当前用户是uoa以see登陆sftp,然后再验证信任关系是否建立
su - seekf09
sftp uoakf09@127.0.0.1
Connecting to 127.0.0.1...
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is
2e:a4:34:f1:8f:36:af:36:5f:60:4a:85:3f:14:30:a6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
退出登录
sftp>exit
再次连接,不需要任何输入,信任关系建立成功
sftp uoakf09@127.0.0.1
Connecting to 127.0.0.1...
sftp>