root賬號設備之間切換免密登錄:
以root賬號為例,我的三臺虛擬機,
| 虛擬機ip | 主機名 |
|---|---|
| 192.168.0.10 | Centos_01 |
| 192.168.0.11 | Centos_02 |
| 192.168.0.13 | Centos_03 |
- 準備作業,首先要確保三臺機器都安裝了ssh服務,且已經默認打開,不清楚的百度,
- 打開檔案/etc/ssh/sshd_config,確保以下配置已經添加(一般是被"#“注釋了,放開#):
- 三臺虛擬機的/etc/hostname檔案中的內容分別是Centos_01 、Centos_02 、Centos_03 ;
- 三臺虛擬機的/etc/hosts檔案尾部都添加以下三行內容(注意按照自己機器的ip地址來填寫)
192.168.0.10 Centos_01
192.168.0.11 Centos_02
192.168.0.13 Centos_03
接下來如果在192.168.0.10中嘗試去登錄192.168.0.11的root用戶
ssh root@Centos_02
正常情況下如果不進行配置,會出現下面操作,需要輸入密碼才可行,
[root@Centos_01 ~]$ ssh root@Centos_02
The authenticity of host 'Centos_02 (192.168.0.10)' can't be established.
ECDSA key fingerprint is SHA256:DJ8ZdacngzPjAszOZTpx1WudYX+u0aAUld7ZYSK9/4g.
ECDSA key fingerprint is MD5:86:78:2f:c7:c2:97:7f:79:dd:b7:d0:26:fd:bf:a6:9b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'Centos_02,192.168.0.10' (ECDSA) to the list of known hosts.
root@Centos_02's password:
Last login: Thu Feb 7 18:10:40 2019 from 192.168.119.1
[root@Centos_02 ~]$
接下來,開始進入正軌,
- 第一步生成秘鑰(三臺設備都要執行)
- 以root賬號為例, 輸入ssh-keygen -t rsa,然后一路回車,順利生成秘鑰檔案,如下:
[root@Centos_01 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/root/.ssh
/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /home/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Ct6HIbAfypJpr/VLzxOeWX4WngQPUaSrJTguPN23Eh4 root@Centos_01
The key's randomart image is:
+---[RSA 2048]----+
| oo |
| .. |
| . .. |
| o . o. |
| . +o..So+ |
| +.+o=oE+. + |
|+.o=o+*oX.o o |
|..o = oO...= |
| ... o.oo.o |
+----[SHA256]-----+
[root@Centos_01 ~]$
進入此目錄,我們可以看到剛剛生成的私鑰和公鑰
/root/.ssh
配置秘鑰授權檔案,以root賬號登錄Centos_01 設備來說;
- 生成一個空白檔案
touch ~/.ssh/authorized_keys
- 將Centos_01 自己的公鑰放入檔案authorized_keys中
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
- 以root賬號登錄Centos_02設備,執行以下命令,即可將Centos_02的公鑰傳輸到Centos_01機器,檔案名為Centos_02.id_rsa.pub:
scp ~/.ssh/id_rsa.pub root@Centos_01:~/.ssh/Centos_02.id_rsa.pub
上傳程序要輸入Centos_01的root賬號的密碼,輸入后傳輸完成,在Centos_01的/home/Centos_01 /.ssh目錄下,多了個名為Centos_02.id_rsa.pub的檔案;
- 在Centos_01機器執行以下命令,即可將Centos_02.id_rsa.pub的內容寫入authorized_keys檔案:
cat ~/.ssh/node1.id_rsa.pub >> ~/.ssh/authorized_keys
此時authorized_keys檔案中已經有了node0和node1的公鑰
- 以root賬號登錄Centos_03機器,執行以下命令,即可將Centos_03的公鑰傳輸到Centos_01機器,檔案名為Centos_03.id_rsa.pub:
scp ~/.ssh/id_rsa.pub root@Centos_01:~/.ssh/Centos_03.id_rsa.pub
- 在Centos_01機器執行以下命令,即可將Centos_03.id_rsa.pub的內容寫入authorized_keys檔案:
此時Centos_01的authorized_keys檔案中已經有了三臺設備的公鑰;
- 接下來我們需要將第一臺設備的authorized_keys檔案分發到,Centos_02,Centos_03機器上,
以Centos_01為例,執行下面命令,將authorized_keys分發到Centos_02上:
scp ~/.ssh/authorized_keys root@Centos_02:~/.ssh/
- 執行下面命令,將authorized_keys分發到Centos_03上:
scp ~/.ssh/authorized_keys root@Centos_03:~/.ssh/
至此,秘鑰授權檔案已經同步到所有機器,如果前面的所有操作用的是root賬號,此時已經可以免密碼登錄成功了,如下所示,不需要輸入密碼,就可以直接登錄了 ,
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/259039.html
標籤:其他