SSH 无密码验证
注意:任务安装包统一在“/h3cu/”中。
| 编号 | 主机名 | 类型 | 用户 | 密码 |
|---|---|---|---|---|
| 1 | master | 主节点 | root | passwd |
| 2 | slave1 | 从节点 | root | passwd |
| 3 | slave1 | 从节点 | root | passwd |
准备工作(master,slave1,slave2):
//关闭防火墙
systemctl stop firewalld.service
systemctl disable firewalld.service
//查看防火墙状态
firewall-cmd --state
安装SSH服务(master,slave1,slave2):
先安装sudo dpkg -i openssh-sftp-server_7.2p2-4_amd64.deb
后安装sudo dpkg -i openssh-server_7.2p2-4_amd64.deb
配置文件/etc/ssh/sshd_config,根据个人需要配置,
开启ssh服务(master,slave1,slave2):
sudo service ssh start
重启命令:service sshd restart
创建 ssh 密钥(master,slave1,slave2):
ssh-keygen -t rsa
查看是否创建成功(master,slave1,slave2):
ls ~/.ssh
id_rsa(私钥),id_rsa.pub(公钥)
把 id_rsa.pub 追加到授权的 key 里(master,slave1,slave2):
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
修改文件"authorized_keys" 权限(master,slave1,slave2):
chmod 600 ~/.ssh/authorized_keys
把 master 节点的公钥 id_rsa_pub 复制到每个 slave 点 :
ssh-copy-id -i ~/.ssh/id_rsa.pub root@slave1
ssh-copy-id -i ~/.ssh/id_rsa.pub root@slave2
删除 id_rsa.pub 文件(master):
rm -rf ~/.ssh/id_rsa.pub
验证 master 到每个 slave 节点无密码验证(master 节点):
ssh slave1
ssh slave2
每一个 slave 节点的公钥复制到 master(slave1,slave2):
ssh-copy-id -i ~/.ssh/id_rsa.pub root@master
删除 id_rsa.pub 文件(slave1,slave2):
rm -rf ~/.ssh/id_rsa.pub
验证每个 slave 节点到 master 无密码验证(slave1,slave2):
ssh master
此时:
master可以无密码登录slave1、slave2,
slave1、slave2可以无密码登录master,
slave1、slave2 互相不能无密码登录。