SSH免密登录,如下例子是用root。但实际上root从安全角度来说,存在风险。你也可以创建一个专有帐户。
user add mytestusr -d /home/mytestusr
passwd mytestusr。
[root@kafaka3 .ssh]# pwd
#生成SSH KEY
/root/.ssh
[root@kafaka .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a7:82:b2:ce:c2:e0:21:7d:4e:63:7c:03:d5:3c:98:25 root@kafaka
The key's randomart image is:
+--[ RSA 2048]----+
| E*. |
| +.+ |
| . . |
| . |
| . . . S . |
|o.. *.o o |
|= o=.o... |
|.+ o. . |
| o+ |
+-----------------+
[root@kafaka .ssh]# ls -l
total 8
-rw------- 1 root root 1675 Jul 13 20:12 id_rsa
-rw-r--r-- 1 root root 393 Jul 13 20:12 id_rsa.pub
#复制到另外两台机器上
[root@kafaka .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.56.152
The authenticity of host '192.168.56.152 (192.168.56.152)' can't be established.
ECDSA key fingerprint is e6:c4:48:fa:0d:76:3e:2c:3b:60:e7:61:90:ad:9a:ee.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.56.152's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.56.152'"
and check to make sure that only the key(s) you wanted were added.
[root@kafaka .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.56.153
The authenticity of host '192.168.56.153 (192.168.56.153)' can't be established.
ECDSA key fingerprint is e6:c4:48:fa:0d:76:3e:2c:3b:60:e7:61:90:ad:9a:ee.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.56.153's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.56.153'"
and check to make sure that only the key(s) you wanted were added.
#修改kafka2 & kafka3目录和文件的权限。如果不修改,可能无法正常免密登录成功
#kafka2文件权限修改
[root@kafaka2 .ssh]# chmod 700 ~/.ssh
[root@kafaka2 .ssh]# chmod 600 ~/.ssh/authorized_keys
#kafka3文件权限修改
[root@kafaka3 .ssh]# chmod 700 ~/.ssh
[root@kafaka3 .ssh]# chmod 600 ~/.ssh/authorized_keys
#免密登录测试
[root@kafaka .ssh]# ssh 192.168.56.152
Last login: Tue Jul 13 20:04:08 2021 from 192.168.56.1
[root@kafaka2 ~]# exit
logout
Connection to 192.168.56.152 closed.
#如果需要免密登录本机,则可以如下操作。操作完了记得测试一下(ssh user@localhost,ssh user@hostname。把主机加入认证列表)
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
