JZTXT

Linux - 配置服务器之间SSH免密登录

发布时间 2023-06-01 14:54:28作者: HOUHUILIN

 

如果集群中服务器之间没有配置SSH免密,那么SSH访问其他服务器时

[root@node01 bin]# ssh node02
The authenticity of host 'node02 (192.168.56.122)' can't be established.
ECDSA key fingerprint is SHA256:iuntlxKiV34RaCDGi7UsV/Ng2oVwWgob9yX3wL+3zzo.
ECDSA key fingerprint is MD5:50:de:e1:50:40:20:a8:13:07:33:01:66:be:e3:ca:7b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node02' (ECDSA) to the list of known hosts.
root@node02's password:
Last login: Thu Jun  1 12:24:03 2023 from 192.168.56.1
[root@node02 ~]#

会让你输入密码,密码太过繁琐难记难写,就想配置一下SSH免密

?

?

?

?

?

?

ssh-keygen

# 生成秘钥
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
# 将公钥的内容写到authorized_keys文件中
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
# 修改文件权限
chmod 0600 ~/.ssh/authorized_keys

在所有节点执行相同操作,最后将所有节点的 authorized_keys文件的内容合并到一个文件中,然后分发给所有的节点,完成服务器之间的免密登录

 

示例

 

1、生成秘钥(公钥、私钥)

[root@node01 ~]# ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:UwqhvSy9JCSZ1suqVuIvRrgKipNIFEK+vrCQ+Hcgbqg root@node01
The key's randomart image is:
+---[RSA 2048]----+
|..    .          |
|o. + o .         |
|..* + o   .      |
| o.+ + o o       |
|o.  = = S        |
|+=.o.+ . .       |
|@*+. ..          |
|%O+ . .          |
|E++o .           |
+----[SHA256]-----+
[root@node01 ~]#
[root@node01 ~]# ll .ssh
total 12
-rw------- 1 root root 1679 Jun  1 14:32 id_rsa
-rw-r--r-- 1 root root  393 Jun  1 14:32 id_rsa.pub
-rw-r--r-- 1 root root  688 Jun  1 14:30 known_hosts
[root@node01 ~]#
[root@node01 ~]#
[root@node01 ~]# cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[root@node01 ~]#
[root@node01 ~]# ll .ssh
total 16
-rw-r--r-- 1 root root  393 Jun  1 14:34 authorized_keys
-rw------- 1 root root 1679 Jun  1 14:32 id_rsa
-rw-r--r-- 1 root root  393 Jun  1 14:32 id_rsa.pub
-rw-r--r-- 1 root root  688 Jun  1 14:30 known_hosts
[root@node01 ~]#
[root@node01 ~]#
[root@node01 ~]# chmod 0600 .ssh/authorized_keys
[root@node01 ~]# ll .ssh
total 16
-rw------- 1 root root  393 Jun  1 14:34 authorized_keys
-rw------- 1 root root 1679 Jun  1 14:32 id_rsa
-rw-r--r-- 1 root root  393 Jun  1 14:32 id_rsa.pub
-rw-r--r-- 1 root root  688 Jun  1 14:30 known_hosts
[root@node01 ~]#
[root@node01 ~]#

known_hosts 文件是我之前在node01上首次ssh访问node02、node03时生成的,并且有这个文件依然是不能免密登录,只是在ssh的时候会直接切入正题

[root@node01 .ssh]# ssh node02
root@node02's password:
Last login: Thu Jun  1 14:30:36 2023 from 192.168.56.105
[root@node02 ~]#

并非配置ssh免密生成的文件。

 

2、将所有节点的公钥合并到一个文件中,分发到所有的节点的 ~/.ssh/目录下

[root@node01 .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD9sXYRBqOw7e/m/Mt1ppYLkMTFmyJeEeKdJgwD9iaMFg4nviBtFK5ckCPezRwqEWr/6qJx9wIel+BxmJmea5gF8IlejqO6N4uHqS9yPpDwXuDjca4MjTYANoQjgRGdLfBqVguMtJQ5scOn8crlK34dk+DAhE9RQ6n5PW/LPdH6vgZBh5gIbPGsEzvk+YLpno44BmHZYxURxkrlgpFKAWu6uD2glFJ34zQkKfr4yqRtufRkpkJm6CEU7BwQtd8k4KrD59QBLPb39xplRZYZTefhqKWv/bWX5C9RZD3IsDIIkzRU0C5B9BpXy2DzpflYmxoYkNelkZzjZBI6JNqC1KGf root@node01

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3apVOsMxYvnSl0vRDuUSbbLArC6Edn3tKmsEzF89q9UNjCjT/Cm8x7M4WwxOmHqmkbWrArqxdGtkd2LZE49L/WR5MXijKQT0pHND7+XJuRAK4yW4eBKmR5CBgr6uYgWr8Be3rdBrE9LM18viap4D9q5EUN3+VSoF/ujV0QzQj6f4I/Gv1dwDGU3Y9+g9dTG2CXsz08J9t6/lgsONwd4xaQCxcuum1F4DviGHHDSL6LtAaS85Tgpm35XPro5XU/TXKwS61qqByZd/49wVIrtCkrWn0v9F+vMuCeACF7pCVXV+Vo0PSkfjZ7CLcjlGDvhQaGe5n6tPk40dbXMu9HIBL root@node02

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDeEl5X0YGkrjUT3081JcbLyFJUyYybmzsenDW2cIla6v7RV4QHq+mxaU35RyyTBIaqAHfgabJnknrsMioQFgv/rz4rG14pXNWu7JaKOJcLwBD+YlWNROOxJ2Oqu0t3gWXwi5XRn3XdDhdFbFx7YUM/iQc1haiker8Zzlgvlg4pfxG3hvvxw1qchREQ+wmrLUOWk6UT4PmwoW4XRCrFkhHj+5kIgIULRX2Nw90pYsD/oidNsQP2n7mtMVnozO++dwKPEBksyn9b9tMoEGiahDe+F92espNzYYwj9WBsA5uwHX+DLUXSr7eZYyKaGgwib+QpViQkmWP+4iRt8rxpl4nJ root@node03
[root@node01 .ssh]#

 3、第一次ssh的时候可能会是这样的(会生成 ~/.ssh/known_hosts文件),但是第二次就好了

[root@node02 .ssh]# ssh node01
The authenticity of host 'node01 (192.168.56.121)' can't be established.
ECDSA key fingerprint is SHA256:iuntlxKiV34RaCDGi7UsV/Ng2oVwWgob9yX3wL+3zzo.
ECDSA key fingerprint is MD5:50:de:e1:50:40:20:a8:13:07:33:01:66:be:e3:ca:7b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node01,192.168.56.121' (ECDSA) to the list of known hosts.
Last login: Thu Jun  1 09:42:00 2023 from 192.168.56.1
[root@node01 ~]#
[root@node01 ~]# exit
logout
Connection to node01 closed.
[root@node02 .ssh]#
[root@node02 .ssh]# ssh node01
Last login: Thu Jun  1 14:46:28 2023 from 192.168.56.106
[root@node01 ~]#
[root@node01 ~]#

 

 

 

 EOF