第1章 环境安装配置
1.6 SSH免密登录
1、XShell的一个技巧
当多台虚拟机需要执行相同命令时,可以单击XShell右下角的“三条横杠”按钮,选择“全部会话”,这时XShell下方的输入框将显示提示“发送文本到当前XShell窗口的全部会话”
比如在XShell下方输入框输入data
命令
回车后,将该date命令同时发送到node1、node2和node3。这时可以看到其他两个会话标签多了个叹号提示符。
查看node2执行情况
查询node3执行情况
2、生成RSA秘钥对
在XShell下方输入框中输入命令ssh-keygen -t rsa
,然后回车执行。再回车3次,即可生成RSA秘钥对
查看密钥对文件
-
[root
@node1 ~]
# ls .ssh
-
id_rsa id_rsa.pub
- 1
- 2
- id_rsa:私钥
- id_rsa.pub:公钥-
3、将每个节点的公钥拷贝到authorized_keys
可以通过命令ssh-copy-id
,将本机公钥复制到其他节点的authorized_keys目录,这样本机即可免秘钥登录其他节点。
为了操作方便,我们通过XShell执行下方输入框执行命令即可:
ssh-copy-id node1
- 1
按照提示输入“yes”和密码,即可将node1的公钥复制到node1、node2和node3节点。(复制本机,可以实现免密登录本机)
然后再通过XShell分别执行:
-
ssh-
copy-
id node2
-
ssh-
copy-
id node3
- 1
- 2
通过XShell执行三条ssh-copy-id命令,实际上就是分别在node1、node2和node3节点执行。下面是命令执行信息:
(1)node1
ssh-copy-id node1
ssh-copy-id node2
ssh-copy-id node3
-
[root@node1 ~]
# ssh-copy-id node1
-
The authenticity
of host
'node1 (192.168.80.131)' can't be established.
-
ECDSA
key fingerprint
is e2:
9a:
7d:
70:
25:
24:
45:
11:
97:
12:
35:e0:
45:
4c:
64:
31.
-
Are you sure you want
to
continue connecting (yes/no)? yes
-
/usr/bin/ssh-copy-id: INFO: attempting
to log
in
with the
new
key(s),
to filter out any that are already installed
-
/usr/bin/ssh-copy-id: INFO:
1
key(s) remain
to be installed --
if you are prompted now it
is
to install the
new keys
-
root@node1
's password:
-
-
Number
of
key(s) added:
1
-
-
Now
try logging
into the machine,
with:
"ssh 'node1'"
-
and check
to make sure that only the
key(s) you wanted were added.
-
-
[root@node1 ~]
# ssh-copy-id node2
-
The authenticity
of host
'node2 (192.168.80.132)' can't be established.
-
ECDSA
key fingerprint
is e2:
9a:
7d:
70:
25:
24:
45:
11:
97:
12:
35:e0:
45:
4c:
64:
31.
-
Are you sure you want
to
continue connecting (yes/no)? yes
-
/usr/bin/ssh-copy-id: INFO: attempting
to log
in
with the
new
key(s),
to filter out any that are already installed
-
/usr/bin/ssh-copy-id: INFO:
1
key(s) remain
to be installed --
if you are prompted now it
is
to install the
new keys
-
root@node2
's password:
-
-
Number
of
key(s) added:
1
-
-
Now
try logging
into the machine,
with:
"ssh 'node2'"
-
and check
to make sure that only the
key(s) you wanted were added.
-
-
[root@node1 ~]
# ssh-copy-id node3
-
The authenticity
of host
'node3 (192.168.80.133)' can't be established.
-
ECDSA
key fingerprint
is e2:
9a:
7d:
70:
25:
24:
45:
11:
97:
12:
35:e0:
45:
4c:
64:
31.
-
Are you sure you want
to
continue connecting (yes/no)? yes
-
/usr/bin/ssh-copy-id: INFO: attempting
to log
in
with the
new
key(s),
to filter out any that are already installed
-
/usr/bin/ssh-copy-id: INFO:
1
key(s) remain
to be installed --
if you are prompted now it
is
to install the
new keys
-
root@node3
's password:
-
-
Number
of
key(s) added:
1
-
-
Now
try logging
into the machine,
with:
"ssh 'node3'"
-
and check
to make sure that only the
key(s) you wanted were added.
-
-
[root@node1 ~]
#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
(2)node2
ssh-copy-id node1
ssh-copy-id node2
ssh-copy-id node3
-
[root@node2 ~]
# ssh-copy-id node1
-
The authenticity
of host
'node1 (192.168.80.131)' can't be established.
-
ECDSA
key fingerprint
is e2:
9a:
7d:
70:
25:
24:
45:
11:
97:
12:
35:e0:
45:
4c:
64:
31.
-
Are you sure you want
to
continue connecting (yes/no)? yes
-
/usr/bin/ssh-copy-id: INFO: attempting
to log
in
with the
new
key(s),
to filter out any that are already installed
-
/usr/bin/ssh-copy-id: INFO:
1
key(s) remain
to be installed --
if you are prompted now it
is
to install the
new keys
-
root@node1
's password:
-
-
Number
of
key(s) added:
1
-
-
Now
try logging
into the machine,
with:
"ssh 'node1'"
-
and check
to make sure that only the
key(s) you wanted were added.
-
-
[root@node2 ~]
# ssh-copy-id node2
-
The authenticity
of host
'node2 (192.168.80.132)' can't be established.
-
ECDSA
key fingerprint
is e2:
9a:
7d:
70:
25:
24:
45:
11:
97:
12:
35:e0:
45:
4c:
64:
31.
-
Are you sure you want
to
continue connecting (yes/no)? yes
-
/usr/bin/ssh-copy-id: INFO: attempting
to log
in
with the
new
key(s),
to filter out any that are already installed
-
/usr/bin/ssh-copy-id: INFO:
1
key(s) remain
to be installed --
if you are prompted now it
is
to install the
new keys
-
root@node2
's password:
-
-
Number
of
key(s) added:
1
-
-
Now
try logging
into the machine,
with:
"ssh 'node2'"
-
and check
to make sure that only the
key(s) you wanted were added.
-
-
[root@node2 ~]
# ssh-copy-id node3
-
The authenticity
of host
'node3 (192.168.80.133)' can't be established.
-
ECDSA
key fingerprint
is e2:
9a:
7d:
70:
25:
24:
45:
11:
97:
12:
35:e0:
45:
4c:
64:
31.
-
Are you sure you want
to
continue connecting (yes/no)? yes
-
/usr/bin/ssh-copy-id: INFO: attempting
to log
in
with the
new
key(s),
to filter out any that are already installed
-
/usr/bin/ssh-copy-id: INFO:
1
key(s) remain
to be installed --
if you are prompted now it
is
to install the
new keys
-
root@node3
's password:
-
-
Number
of
key(s) added:
1
-
-
Now
try logging
into the machine,
with:
"ssh 'node3'"
-
and check
to make sure that only the
key(s) you wanted were added.
-
-
[root@node2 ~]
#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
(3)node3
ssh-copy-id node1
ssh-copy-id node2
ssh-copy-id node3
-
[root@node3 ~]
# ssh-copy-id node1
-
The authenticity
of host
'node1 (192.168.80.131)' can't be established.
-
ECDSA
key fingerprint
is e2:
9a:
7d:
70:
25:
24:
45:
11:
97:
12:
35:e0:
45:
4c:
64:
31.
-
Are you sure you want
to
continue connecting (yes/no)? yes
-
/usr/bin/ssh-copy-id: INFO: attempting
to log
in
with the
new
key(s),
to filter out any that are already installed
-
/usr/bin/ssh-copy-id: INFO:
1
key(s) remain
to be installed --
if you are prompted now it
is
to install the
new keys
-
root@node1
's password:
-
-
Number
of
key(s) added:
1
-
-
Now
try logging
into the machine,
with:
"ssh 'node1'"
-
and check
to make sure that only the
key(s) you wanted were added.
-
-
[root@node3 ~]
# ssh-copy-id node2
-
The authenticity
of host
'node2 (192.168.80.132)' can't be established.
-
ECDSA
key fingerprint
is e2:
9a:
7d:
70:
25:
24:
45:
11:
97:
12:
35:e0:
45:
4c:
64:
31.
-
Are you sure you want
to
continue connecting (yes/no)? yes
-
/usr/bin/ssh-copy-id: INFO: attempting
to log
in
with the
new
key(s),
to filter out any that are already installed
-
/usr/bin/ssh-copy-id: INFO:
1
key(s) remain
to be installed --
if you are prompted now it
is
to install the
new keys
-
root@node2
's password:
-
-
Number
of
key(s) added:
1
-
-
Now
try logging
into the machine,
with:
"ssh 'node2'"
-
and check
to make sure that only the
key(s) you wanted were added.
-
-
[root@node3 ~]
# ssh-copy-id node3
-
The authenticity
of host
'node3 (192.168.80.133)' can't be established.
-
ECDSA
key fingerprint
is e2:
9a:
7d:
70:
25:
24:
45:
11:
97:
12:
35:e0:
45:
4c:
64:
31.
-
Are you sure you want
to
continue connecting (yes/no)? yes
-
/usr/bin/ssh-copy-id: INFO: attempting
to log
in
with the
new
key(s),
to filter out any that are already installed
-
/usr/bin/ssh-copy-id: INFO:
1
key(s) remain
to be installed --
if you are prompted now it
is
to install the
new keys
-
root@node3
's password:
-
-
Number
of
key(s) added:
1
-
-
Now
try logging
into the machine,
with:
"ssh 'node3'"
-
and check
to make sure that only the
key(s) you wanted were added.
-
-
[root@node3 ~]
#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
4、测试免密登录
-
[root@node1 ~]#
ssh
node1
-
Last
login:
Fri
Jul 21 23
:13
:10 2017
from
node1
-
[root@node1 ~]#
ls
.ssh
-
authorized_keys
id_rsa
id_rsa
.pub
known_hosts
-
[root@node1 ~]#
ssh
node2
-
Last
login:
Fri
Jul 21 23
:13
:18 2017
from
node2
-
[root@node2 ~]#
ssh
node3
-
Last
login:
Fri
Jul 21 23
:16
:03 2017
from
node3
-
[root@node3 ~]#
ssh
node2
-
Last
login:
Fri
Jul 21 23
:31
:43 2017
from
node1
-
[root@node2 ~]#
ssh
node1
-
Last
login:
Fri
Jul 21 23
:16
:06 2017
from
node3
-
[root@node1 ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
-
[root@node1 ~]#
ll
.ssh
-
total 16
-
-
rw------- 1 root root 1176 Jul 21 23:14 authorized_keys
-
-
rw------- 1 root root 1679 Jul 21 23:14 id_rsa
-
-
rw-r--r-- 1 root root 392 Jul 21 23:14 id_rsa.pub
-
-
rw-r--r-- 1 root root 546 Jul 21 23:15 known_hosts
- 1
- 2
- 3
- 4
- 5
- 6
cat .ssh/authorized_keys
-
[root
@node1 ~]
# cat .ssh/authorized_keys
-
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQC6II3oKg4lI8LWTPBQXVmtRxO/
9t+
Fen1Ful2wpfAiJfv2ysUxI7hvVKedGdmgmzqhsbpyhC9wadS69WQPS4Kxi81ZbDbCzQtzMh7tlMe1TXsIkBzEMHlskNzwb0ZRdknnF6RXHnfwDBG2WBvs9r8WxmWtm/
RzAp0j03RFHmW6IevXu4xuwi1jDJftMjJfkXD9YKiPGlwBBzZ69AWT++
KlZe743Dt/
1JKGcxNgCMAtjpmFTPPBaKpYEb1GFP1A1StKABFk6QMoI1T442lc5C6W7V98kSWYZdutXoLtrymzQmrERJSjV/
31hs27FbzJ93kj42/
Nyfj8QlFpNfPZOI6l root
@node1
-
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQD1ZDljkN4isOzG90Iyv8yMomZFcfHYK2JghV3ZD5Fc/
RA10502V4PMpTSYcePAylFAnuFmzYkCKY6HHhM0hONL7rqTvwpsmRQ4llc2eaxj8GB/
87sYQQm+
GAe6/
QWDCh4G461pKo5CxhR5L7yAT2/
Q8ddFuGfaBUp8GN+zfpBBgPUnJid1F8YavJJTZPAMqZMcfAnbyb++
AZ6+
RtOzfbyehmYo2Q/a5maBtK4s80N8XT7yMcAzk+
B5DUOuxRXUtjcbbZqn94o4NUfWB3Qm+
OWWr+yL9fW2tQdD4iLR1lCS33IikyN1/q++jfNW6yzWlWZUSrqTst6pn+
JhxmFmMeId root
@node3
-
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDTtAK1vI6hXvucGd+
98Naqb8r/
LaAIOzbmRGP/yVma2R9LLZrPY+++
NkQHx9CGEEoJUABQVAOAerWepkxy65Rfn0i6KkcgPAS/
ItaxnVB7+fDraq0aOFrwh+
WYC3BK/
2ns+
3b0dweYuHTYpAhpbWuyAUQA4gSSiFyVuzk8ycQ1b7oe4hPrmamb4+
T1B8H4aDgg9shreH7i4OIXAQLPQlZmNdyiX+
HnxtuREEvhqGH+
JquIe/
I/
AfB9KiLaE3e/
52dOmBl5rzr8GcncqUese3L7dVwxBUNWFA/wmwuWRAQhY/
GwSAp/
67ZnwpNs1sBSK6D+
1d2XNgzmpfWK18Ilk6fb root
@node2
- 1
- 2
- 3
- 4
cat .ssh/known_hosts
-
[root
@node1 ~]
# cat .ssh/known_hosts
-
node1,
192.168.
80.131 ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA+
9ht7NXrQyz1cD2YY4w17BEMnM0yZjG2VeVFIztrmusVnFFqJNmvHsxVHWJNnhQeFQPJ0GvPL7I4WB34pmz5E=
-
node2,
192.168.
80.132 ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA+
9ht7NXrQyz1cD2YY4w17BEMnM0yZjG2VeVFIztrmusVnFFqJNmvHsxVHWJNnhQeFQPJ0GvPL7I4WB34pmz5E=
-
node3,
192.168.
80.133 ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA+
9ht7NXrQyz1cD2YY4w17BEMnM0yZjG2VeVFIztrmusVnFFqJNmvHsxVHWJNnhQeFQPJ0GvPL7I4WB34pmz5E=
-
[root
@node1 ~]
#
- 1
- 2
- 3
- 4
- 5
5、退出ssh登录
exit命令退出
-
[root
@node1 ~]
# exit
-
logout
-
Connection to node1 closed.
-
[root
@node2 ~]
#
- 1
- 2
- 3
- 4
快捷键ctl+d退出
-
[root
@node2 ~]
# logout
-
Connection to node2 closed.
-
[root
@node3 ~]
# logout
-
Connection to node3 closed.
-
[root
@node2 ~]
# logout
-
Connection to node2 closed.
-
[root
@node1 ~]
#
- 1
- 2
- 3
- 4
- 5
- 6
- 7