linux建立ssh信任关系

时间:2021-11-23 14:23:27

一、建立SSH信任
将A主机做为客户端(发起SSH请求 ip:192.168.200.170)
将B主机作为服务器端(接收ssh请求   ip:192.168.200.149)
以上以主动发起SSH登录请求的主机和接收请求的主机进行分类
<1>A主机生成公,私钥证书           

# ssh-keygen -t rsa     #rsa算法的证书
Generating public/private rsa key pair. (以下一路回车)
Enter file in which to save the key (/root/.ssh/id_rsa):    
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y                     (因为我的证书已存在,覆盖即可)
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa. (私钥)
Your public key has been saved in /root/.ssh/id_rsa.pub. (公钥)
The key fingerprint is:
c1:26:cc:88:2b:05:dd:c3:6b:1e:78:5d:da:9c:da:8a 
证书就生成了   id_rsa (私钥)|& id_rsa.pub (公钥) 

<2>将A主机生成的公钥传递给B主机

#scp /root/.ssh/id_rsa.pub  root@192.168.200.149:/root/.ssh/id_rsa.pub 

在B主机上将A的公钥更名为

#mv id_rsa.pub authorized_keys
scp /root/.ssh/id_rsa.pub root@192.168.200.149:/root/.ssh/authorized_keys

若B主机已添加其他服务器信任,则进行追加操作

scp /root/.ssh/id_rsa.pub root@192.168.200.149:/root/.ssh/authorized_keys.tmp
ssh root@192.168.200.149 "cat /root/.ssh/authorized_keys.tmp >> /root/.ssh/authorized_keys"

至此从A主机远程SSH B主机的工作即告完成

二、修改linux主机名

第一步:

#hostname myserver

第二步:

# vim /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=myserver
NETWORKING_IPV6=no
PEERNTP=no
GATEWAY=192.168.200.149

第三步:
修改/etc/hosts文件

192.168.200.170:

# vim /etc/hosts
127.0.0.1 myserver1
192.168.200.149 myserver2

ip:192.168.200.149:

# vim /etc/hosts
192.168.200.170 myserver1
127.0.0.1   myserver2

至此,在192.168.200.170上可以直接使用#ssh myserver2连接至192.168.200.149

 

 

 

配置ssh服务公钥登录(就是配置cmmaster服务器于slave服务器单向可以公钥登录)

在每台服务器上以root用户登录,更改ssh配置文件/etc/ssh/sshd_config

所有服务器执行这个命令:

sed -i 's/#RSAAuthentication yes/RSAAuthentication yes/' /etc/ssh/sshd_config

所有服务器执行这个命令:

sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
RSAAuthentication yes               #启用rsa认证
PubkeyAuthentication yes             #启用公钥私钥配对认证方式 
AuthorizedKeysFile .ssh/authorized_keys    #公钥文件路径

 

重启ssh服务

systemctl restart sshd   

在master服务器上产生公钥与私钥的命令

ssh-keygen -t rsa 

用这个命令传输公钥到每个服务器

ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.1.*

OK