配置SSH互信

一共有两种方法，第一种方法配置SSH互信没有问题，ssh访问也没有问题。但是MHA环境检测ssh互信一直说101连接不到102.在使用第二种方法后没有这个问题。

 

 

第一种：

三台服务器做SSH互信

 

192.168.150.101

192.168.150.102

192.168.150.103

 

1、在101服务器执行

ssh-keygen -t rsa

一路默认回车，系统在/root/.ssh下生成id_rsa、id_rsa.pub

[root@host101 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:A1sPI0++eebjaumP8TlwgZZUGG1jsHahWpvHJkhGGUY root@host101
The key's randomart image is:
+---[RSA 2048]----+
|     .Eoo*o      |
|     o. oo=.     |
|      =.X=..     |
|     o &+O.      |
|      +.S =.     |
|        .B.      |
|        ++o      |
|        oBo.     |
|       o++*o     |
+----[SHA256]-----+

 

 

2.查看系统生成的公钥私钥对

命令：ls /root/.ssh

 

[root@host101 ~]# ls /root/.ssh
id_rsa  id_rsa.pub  known_hosts

 

 

 

3.将生成的公钥私钥对id_rsa.pub发送到其他的服务器上。

命令： ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.150.102

注：命令可简单记忆为 ssh-copy-id -i 公钥私钥对文件 服务器ip地址

[root@host101 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.150.102
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.150.102's password:    ---此处需要输入102服务器的密码

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.150.102'"
and check to make sure that only the key(s) you wanted were added.

 

可以看到成功将公钥私钥对发送到了其他服务器，

ssh 192.168.150.102   根据提示信息，只要执行这个命令就可以连接到102服务器了。


4.现在可以测试连接其他服务器是否不需要密码登录，可以看到确实成功了。

[root@host101 ~]# ssh 192.168.150.102
Last login: Mon Oct 19 09:16:59 2020 from gateway
[root@host102 ~]# exit
logout
Connection to 192.168.150.102 closed.

 

更多服务器上相同操作就可以了，每个服务器上都需要操作两遍，保证三台服务器之间可以SSH互信。

 

第二种：

# 每个节点都执行

ssh-keygen -t rsa # 一路回车

# 将公钥添加到认证文件中

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

# 并设置authorized_keys的访问权限

chmod 600 ~/.ssh/authorized_keys

 

# 只要在一个节点执行即可。这里在 192.168.150.101上执行

ssh 192.168.150.102 cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys

ssh 192.168.150.103 cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys

 

# 分发整合后的文件到其它节点

scp ~/.ssh/authorized_keys 192.168.150.102:~/.ssh/

scp ~/.ssh/authorized_keys 192.168.150.103:~/.ssh/