ssh免密登陆
ssh免密登陆
1. 首先查看是否已经安装ssh
[hadoop@master ~]$ ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:SiumMD5+p3Fib9tDfzKS+hT2SC0h48RRNxKBpLvlO4E.
ECDSA key fingerprint is MD5:74:5b:c0:bf:20:50:96:75:ed:96:bc:a9:fa:27:b5:04.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
hadoop@localhost's password:
Last login: Tue Oct 20 22:46:13 2020 from 172.16.46.1
出现以上输出,证明ssh已经安装,如果没有,通过yum安装ssh。
yum install openssh-server -y
2. 进入用户的home目录
[hadoop@master ~]$ cd .ssh/
[hadoop@master .ssh]$ ls
known_hosts
初始只有一个文件,这个文件保存ssh链接的公钥。
3. 生成公钥和私钥
[hadoop@master .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:v3IhD8uicfkwoZpH0aB/riesR1rOwQBPxyYdk6WYMB4 hadoop@master
The key's randomart image is:
+---[RSA 2048]----+
|oE oo+. |
|oo+oBo |
| =o=.o |
| + . . |
| + .. S |
| B..oo.. |
| Oo+=. =.. |
| .oBo+++ o. |
| ++o= ..o. |
+----[SHA256]-----+
一路回车,不需要任何输入。
出现上图显示的信息,再ls看一下目录下面的文件,可以看到生成了两个文件,分别存储公钥和私钥。
[hadoop@master .ssh]$ ls
id_rsa id_rsa.pub known_hosts
在需要免密登陆的所有机器上全部生成公钥和私钥。
4. 将公钥发送给其他机器
首先将本台机器的公钥放到authorized_keys文件中。
[hadoop@master .ssh]$ cat id_rsa.pub >> authorized_keys
[hadoop@master .ssh]$ ls
authorized_keys id_rsa id_rsa.pub known_hosts
然后将authorized_keys文件发送到下一台机器。
[hadoop@master .ssh]$ scp authorized_keys hadoop@slave1:~/.ssh/
The authenticity of host 'slave1 (172.16.46.158)' can't be established.
ECDSA key fingerprint is SHA256:CkPPCIlFCZ5ML7V1oYTUqFLrqDg2phWcahwvZMVyA18.
ECDSA key fingerprint is MD5:2d:1d:7f:b5:ca:f9:74:12:a8:7d:09:95:0d:99:aa:9f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave1,172.16.46.158' (ECDSA) to the list of known hosts.
hadoop@slave1's password:
authorized_keys 100% 395 395.3KB/s 00:00
机器接收到authorized_keys文件后,将自己的公钥添加到该文件中。
添加完成后发送到下一台机器。
所有机器执行完该操作,最终authorized_keys文件中保存的每台机器的公钥。
将最后生成的这一个文件替换掉每台机器的authorized_keys文件。
修改authorized_keys的权限为644:
chmod 644 authorized_keys
最终实现每台机器都可以免密登陆到其他的机器。
测试ssh免密登陆。
[hadoop@master ~]$ ssh hadoop@slave1
Last login: Tue Oct 20 23:44:53 2020 from master
[hadoop@slave1 ~]$
成功登陆到slave1机器。
ssh免密登陆设置成功