免密登陆
无密钥配置
(1)免密登录原理,如图所示
(2)生成公钥和私钥:
[root@hadoop003 .ssh]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:Ok8kToCeyjo30iYnrfUMMBbThPt4hgcMROobewzvgE4 root@hadoop003 The key's randomart image is: +---[RSA 2048]----+ |oo.. | |o.o. | |+oo.. | |.=o. . | |o=B o S | |+*B= o + | |oE*+ + . | |O.@+ + | |o@ oo . | +----[SHA256]-----+ [root@hadoop003 .ssh]#
然后敲(三个回车),就会生成两个文件id_rsa(私钥)、id_rsa.pub(公钥)
(3)将公钥拷贝到要免密登录的目标机器上
[root@hadoop003 .ssh]# ssh-copy-id hadoop002 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'hadoop002 (47.111.251.254)' can't be established. ECDSA key fingerprint is SHA256:YNsodxgiTBhRi6BaO1LqQrkOeudAVMaRisZJQdaJdAA. ECDSA key fingerprint is MD5:b5:82:88:93:92:6a:01:ed:4d:6f:80:bc:68:1a:e8:c9. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@hadoop002's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'hadoop002'" and check to make sure that only the key(s) you wanted were added. [root@hadoop003 .ssh]# ssh-copy-id hadoop003 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'hadoop003 (172.16.123.556)' can't be established. ECDSA key fingerprint is SHA256:YKGJjhv5Q/fneno2xR5HWQjFBkeZL09SF4RwtWI8tC4. ECDSA key fingerprint is MD5:30:ad:2b:59:1c:a8:37:d3:bf:69:6b:7d:8f:ee:3b:b8. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@hadoop003's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'hadoop003'" and check to make sure that only the key(s) you wanted were added. [root@hadoop003 .ssh]# ssh-copy-id hadoop004 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" ^Z [1]+ Stopped ssh-copy-id hadoop004 [root@hadoop003 .ssh]# vim /etc/hosts [root@hadoop003 .ssh]# ssh-copy-id hadoop004 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'hadoop004 (47.110.91.340)' can't be established. ECDSA key fingerprint is SHA256:y5y+JQhhdqAGOHgS9U7vvuqz0TrBjA6823skny8SYJE. ECDSA key fingerprint is MD5:62:5b:a0:d7:08:ad:0d:97:44:35:5b:61:f4:1d:5f:f3. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@hadoop004's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'hadoop004'" and check to make sure that only the key(s) you wanted were added.
[root@hadoop003 .ssh]# ssh hadoop002 Last login: Wed Jan 15 00:11:57 2020 from 172.16.25.74 Welcome to Alibaba Cloud Elastic Compute Service ! [root@hadoop002 ~]#
.ssh文件夹下(~/.ssh)的文件功能解释
表2-4
|
known_hosts |
记录ssh访问过计算机的公钥(public key) |
|
id_rsa |
生成的私钥 |
|
id_rsa.pub |
生成的公钥 |
|
authorized_keys |
存放授权过得无密登录服务器公钥 |
[root@hadoop003 .ssh]# ll total 16 -rw------- 1 root root 792 Jan 15 00:16 authorized_keys -rw------- 1 root root 1679 Jan 15 00:13 id_rsa -rw-r--r-- 1 root root 396 Jan 15 00:13 id_rsa.pub -rw-r--r-- 1 root root 557 Jan 15 00:16 known_hosts [root@hadoop003 .ssh]#
