ssh密匙互信操作【原创】

1、简便ssh密匙信任方法

只在一台服务器上创建ssh-keygen

[root@SMSJKSRVBJ02 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
da:42:89:ed:58:13:10:8b:09:e6:60:ea:ab:65:bc:5f root@SMSJKSRVBJ02
The key's randomart image is:
+--[ RSA 2048]----+
|oo  o.           |
|*. o o           |
|..o . .          |
|.    o o         |
| .  . * S        |
| ..  = +         |
| .+ . E .        |
|.o . . .         |
|. ...            |
+-----------------+

[root@SMSJKSRVBJ02 ~]# cd .ssh/

[root@SMSJKSRVBJ02 .ssh]# ll -thr
total 12K
-rw-r--r-- 1 root root  394 Mar 13 11:41 known_hosts
-rw-r--r-- 1 root root  399 Mar 13 11:42 id_rsa.pub
-rw------- 1 root root 1.7K Mar 13 11:42 id_rsa

 

[root@SMSJKSRVBJ02 .ssh]# cat id_rsa.pub >> authorized_keys

将密匙传到别的服务器

[root@SMSJKSRVBJ02 .ssh]# scp * root@10.70.69.153:~/.ssh/
[root@SMSJKSRVBJ02 .ssh]# scp * root@10.70.69.152:~/.ssh/
[root@SMSJKSRVBJ02 .ssh]# scp * root@10.70.69.151:~/.ssh/

如果报错,

[root@SMSJKSRVBJ02 .ssh]# scp * root@10.70.69.152:~/.ssh/
The authenticity of host '10.70.69.152 (10.70.69.152)' can't be established.
RSA key fingerprint is 42:80:54:09:89:39:11:ad:da:aa:2f:9f:2c:8a:ea:55.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.70.69.152' (RSA) to the list of known hosts.
root@10.70.69.152's password:
scp: /root/.ssh/: No such file or directory

说明对方没有ssh-keygen生成.ssh目录,去登陆服务器执行ssh-keygen

因为使用密匙相同,这4台服务器之间就互相信任可以互相访问了。

 

2、标准的方法

配置SSH登录无密码验证(使用key登录,工作中常用,最好不要禁掉密码登录,如果禁了,可能会有问题)

在server02 192.168.2.131操作(Monitor):

192.168.2.131 [root ~]$ ssh-keygen -t rsa
192.168.2.131 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.128
192.168.2.131 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.129
192.168.2.131 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.130

在server02 192.168.2.128操作(Master):

192.168.2.128 [root ~]$ ssh-keygen -t rsa
192.168.2.128 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.129
192.168.2.128 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.130

在server03 192.168.2.129操作(slave):

192.168.2.129 [root ~]$ ssh-keygen -t rsa
192.168.2.129 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.128
192.168.2.129 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.130

在server04 192.168.2.130操作(slave):
192.168.2.130 [root ~]$ ssh-keygen -t rsa
192.168.2.130 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.128
192.168.2.130 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.129

 

 欢迎转载,请注明出处!

上一篇:mark ssh免密登录和传输


下一篇:BITED数学建模七日谈之四:数学模型分类浅谈