ssh免密访问对端服务
| 主机名 |
主机IP |
用途 |
| ssh01 |
192.168.200.30 |
节点一 |
| ssh02 |
192.168.200.31 |
节点二 |
1. root超级用户之前互相免密访问
#由节点一生产密匙
[root@ssh01 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #直接回车确认
Enter passphrase (empty for no passphrase): #直接回车确认
Enter same passphrase again: #直接回车确认
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is: #直接回车确认
SHA256:EtqTFNuA6RHt84GS6k3akEOCJddF+mIdfYLvoUustdc root@ssh01
The key's randomart image is: #直接回车确认
+---[RSA 2048]----+
| ..B= |
|. o =..B |
|.+ ..+*.+ . |
|o . +*+=.o |
| o o+.BoS. |
| =..o =.. |
| . B = .. |
| o o+ o. E |
| . o. |
+----[SHA256]-----+
#将节点一公钥id_rsa.pub文件复制到节点二的用户家目录下的.ssh目录下。如果对方没有.sh这个目录,就自己创建一个,但切记要把目录权限改成700
[root@ssh02 ~]# mkdir .ssh
[root@ssh02 ~]# chmod +700 .ssh
[root@ssh02 ~]# ll -la
#以上省略若干。。。
drwxr-xr-x 2 root root 6 3月 21 19:30 .ssh
#以下省略若干。。。
[root@ssh01 ~]# scp ./.ssh/id_rsa.pub root@192.168.200.58:~/.ssh/
ssh: connect to host 192.168.200.58 port 22: No route to host
lost connection
[root@ssh01 ~]# scp ./.ssh/id_rsa.pub root@192.168.200.31:~/.ssh/
root@192.168.200.31's password:
id_rsa.pub 100% 392 536.7KB/s 00:00
#将拷贝过去的id_rsa.pub文件里的内容追加到~/.ssh/authorized_keys文件当中
[root@ssh02 ~]# cd .ssh/
[root@ssh02 .ssh]# ll
总用量 4
-rw-r--r-- 1 root root 392 3月 21 19:31 id_rsa.pub
[root@ssh02 .ssh]# cat id_rsa.pub > authorized_keys
#实验测试
[root@ssh01 ~]# hostname -I
[root@ssh01 ~]# 192.168.200.30
[root@ssh01 ~]# ssh 192.168.200.31
Last login: Sat Mar 21 19:26:56 2020 from 192.168.200.1
[root@ssh02 ~]# hostname -I
[root@ssh02 ~]# 192.168.200.31
2. 非root普通用户之前互相免密访问
#由节点一生产密匙
[tomcat@ssh01 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/tomcat/.ssh/id_rsa): #直接回车确认
Enter passphrase (empty for no passphrase): #直接回车确认
Enter same passphrase again: #直接回车确认
Your identification has been saved in /home/tomcat/.ssh/id_rsa.
Your public key has been saved in /home/tomcat/.ssh/id_rsa.pub.
The key fingerprint is: #直接回车确认
SHA256:kiTqjtV8B+NS8WRwjj4fxk1BjexJpXd37K9LM6h0/2o tomcat@ssh01
The key's randomart image is: #直接回车确认
+---[RSA 2048]----+
| . .oo+. |
| = +o. . |
| . + +oo.. . +|
| . + B oo. . o.|
| . O S . .|
| . o o B . . .|
| o + o o . o + .|
| + o . . o oE+ |
|. . . .=+.|
+----[SHA256]-----+
#将节点一公钥id_rsa.pub文件复制到节点二的用户家目录下的.ssh目录下。
[tomcat@ssh01 ~]$ ssh-copy-id -i /home/tomcat/.ssh/id_rsa.pub tomcat@192.168.200.31
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/tomcat/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
tomcat@192.168.200.31's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'tomcat@192.168.200.31'"
and check to make sure that only the key(s) you wanted were added.
#实验测试
[tomcat@ssh01 ~]$ hostname -I
192.168.200.30
[tomcat@ssh01 ~]$ ssh 192.168.200.31
Last login: Sat Mar 21 19:43:40 2020 from 192.168.200.30
[tomcat@ssh02 ~]$ hostname -I
192.168.200.31
