linux修改主机名+免密认证+关闭防火墙

在很多软件安装的时候都有这些需求,因此在这里一起讲一下

 

修改主机名

简单的使用 hostnamectl 命令就好了

hostnamectl set-hostname NAME

 

免密认证

准备工作,修改主机文件 

/etc/hosts
[root@node1 .ssh]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.79.200    node1
192.168.79.202    node2
192.168.79.204    node3

在每个节点的/root/.ssh目录下执行(连按三次回车就好)

ssh-keygen -t rsa
[root@node1 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:EZ1TYD9Hu7qQO+lKsOPGGu2ym5pbMUWR0psjBW7XVwM root@node1
The key's randomart image is:
+---[RSA 2048]----+
|    .ooo..E=+ .  |
|   ...+. o+o o . |
|    ooooo ..o o  |
|   ..o+  o   o . |
|    o...S     .  |
|     + o   . .   |
|    o.+ . o..    |
|   o.=oo  oo .   |
|  +o=*o .oo..    |
+----[SHA256]-----+

然后在node1上执行

cat id_rsa.pub >> authorized_keys

登录其余主机,将公钥文件全部拷贝到node1的authorized_keys中,如node3节点:

[root@node3 .ssh]# ssh-copy-id -i node1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'node1 (192.168.79.200)' can't be established.
ECDSA key fingerprint is SHA256:AdOUf9OIf3q4Ks7q8nj0agFtFIFdB1BGtlk8SkYImmo.
ECDSA key fingerprint is MD5:91:b6:be:a0:bb:f3:7a:e5:2c:6b:4a:c0:a4:7f:01:55.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node1's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'node1'"
and check to make sure that only the key(s) you wanted were added.

此时查看node1节点的authorized_keys文件可以看到已经全部加进来了

[root@node1 .ssh]# cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3BQUX3qQJadEaBv8IGNh1aqIKIfT/9IkqZGCfx9UEFQ4kGOdpNay355YLKUOMNbjYtFSyVA0M2jkVopFPNlhEh7S/dIgYslgjEL7rtwl8evK9FI6cIkKbjWQWbpjdLgBrvvKhAPUBwhpfoUqUyzr+wtwSzgIJV8/C651OsRP4frtVruJj6qHBE+Rb++mUbs2sGj7h8NNrtWgIHJupFqrg35F7VcVGQe4LMdm3xTDXH0b/a15LosLtg7DQOngCXuJ4iL7qVIHHXqWv2Khv+Gw/PP6fvfPD29v8KCpjSq9Yk+O44LeM4mJE39TsHY+ASxSae4surdomcCCVQoeJ7tbF root@node1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC34kQ98T/x4ex1FvNnCEC1wquxJeaMTjzWuySP33CHXHK0QpvJMg5Y1t7v9sItuVCtJac0Z932Qd0E/QnBWCNuq548JmZeIWgzdXiI+G8MLSk32GJmXig9X4THUWpcRm+qmo9ZXTImqW0C1srRNr7cQ8AtViCooxFcF7s410D1XBLza7V+Key+GTrYZNQV+cXQMX643TJl/TQaOzJamDsPZnH9f9E4q1Ux0I47IiPJBMjLonox/Bqf8W+qDgQKFA6zWrebb7YWdMbS4x8hHN0+SIeoMpLYdUNy18XCREZEYd4aWJs4v8RRsrdBaKMA1LtELNktapFqVTWtc9fFN51f root@node2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1+6ZqI1mU2mns17pNWoPkmzSExYy14gJI5elUeM91LLjxlKMz7TWofJPJg/s2hSuu3v9db3PwzYhZenCEJ6k6R8e+iUlu65QEgvQWhsLzbQW5UAXdqKzhhC6DsaYLUZbnfaCIMNvzWo6rUcaRnKZFVAw+scxxFasHJnjQmiAZg0uL8iCT1Cghu9CwqAF2UFxCCSt6rso6l71YUZAsUMtiCS1wA/D5+9rYHkXijgTsMK3nlklQNJ9QPWz/AHgTs0N59STpWJ89KMxCRZfWgvkwzoajYMK4OeUV9HxSZuzwuIOR3Rek4YB2BN0VdfQZZxO07pgnPi/OawswojkxgRYX root@node3

修改权限后把authorized_keys文件拷贝到其余节点,此时所有节点免密认证成功

[root@node1 .ssh]# chmod 600 authorized_keys
[root@node1 .ssh]# scp authorized_keys node2:`pwd`
The authenticity of host 'node2 (192.168.79.202)' can't be established.
ECDSA key fingerprint is SHA256:AdOUf9OIf3q4Ks7q8nj0agFtFIFdB1BGtlk8SkYImmo.
ECDSA key fingerprint is MD5:91:b6:be:a0:bb:f3:7a:e5:2c:6b:4a:c0:a4:7f:01:55.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2,192.168.79.202' (ECDSA) to the list of known hosts.
root@node2's password: 
authorized_keys                                   100% 1176   622.8KB/s   00:00    
[root@node1 .ssh]# scp authorized_keys node3:`pwd`
The authenticity of host 'node3 (192.168.79.204)' can't be established.
ECDSA key fingerprint is SHA256:AdOUf9OIf3q4Ks7q8nj0agFtFIFdB1BGtlk8SkYImmo.
ECDSA key fingerprint is MD5:91:b6:be:a0:bb:f3:7a:e5:2c:6b:4a:c0:a4:7f:01:55.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node3,192.168.79.204' (ECDSA) to the list of known hosts.
root@node3's password: 
authorized_keys                                   100% 1176   519.8KB/s   00:00    
[root@node1 .ssh]# 

 

 

关闭防火墙

一般来说关闭firewalld服务和selinux

# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld

#关闭selinux
使用getenforce来查看是否开启,如果开启
使用setenforce 0关闭

# 永久关闭selinux
vim /etc/sysconfig/selinux
将SELINUX=enforcing改为disabled

 

posted @ 2018-11-12 21:28  陆小呆  阅读(1680)  评论(0编辑  收藏  举报