一、建立SSH信任
将A主机做为客户端(发起SSH请求 ip:192.168.200.170)
将B主机作为服务器端(接收ssh请求 ip:192.168.200.149)
以上以主动发起SSH登录请求的主机和接收请求的主机进行分类
<1>A主机生成公,私钥证书
# ssh-keygen -t rsa #rsa算法的证书 Generating public/private rsa key pair. (以下一路回车) Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa already exists. Overwrite (y/n)? y (因为我的证书已存在,覆盖即可) Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. (私钥) Your public key has been saved in /root/.ssh/id_rsa.pub. (公钥) The key fingerprint is: c1:26:cc:88:2b:05:dd:c3:6b:1e:78:5d:da:9c:da:8a 证书就生成了 id_rsa (私钥)|& id_rsa.pub (公钥)
<2>将A主机生成的公钥传递给B主机
#scp /root/.ssh/id_rsa.pub root@192.168.200.149:/root/.ssh/id_rsa.pub
在B主机上将A的公钥更名为
#mv id_rsa.pub authorized_keys
scp /root/.ssh/id_rsa.pub root@192.168.200.149:/root/.ssh/authorized_keys
若B主机已添加其他服务器信任,则进行追加操作
scp /root/.ssh/id_rsa.pub root@192.168.200.149:/root/.ssh/authorized_keys.tmp
ssh root@192.168.200.149 "cat /root/.ssh/authorized_keys.tmp >> /root/.ssh/authorized_keys"
至此从A主机远程SSH B主机的工作即告完成
二、修改linux主机名
第一步:
#hostname myserver
第二步:
# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=myserver
NETWORKING_IPV6=no
PEERNTP=no
GATEWAY=192.168.200.149
第三步:
修改/etc/hosts文件
192.168.200.170:
# vim /etc/hosts
127.0.0.1 myserver1
192.168.200.149 myserver2
ip:192.168.200.149:
# vim /etc/hosts 192.168.200.170 myserver1 127.0.0.1 myserver2
至此,在192.168.200.170上可以直接使用#ssh myserver2连接至192.168.200.149
配置ssh服务公钥登录(就是配置cmmaster服务器于slave服务器单向可以公钥登录)
在每台服务器上以root用户登录,更改ssh配置文件/etc/ssh/sshd_config
所有服务器执行这个命令:
sed -i 's/#RSAAuthentication yes/RSAAuthentication yes/' /etc/ssh/sshd_config
所有服务器执行这个命令:
sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
RSAAuthentication yes #启用rsa认证 PubkeyAuthentication yes #启用公钥私钥配对认证方式 AuthorizedKeysFile .ssh/authorized_keys #公钥文件路径
重启ssh服务
systemctl restart sshd
在master服务器上产生公钥与私钥的命令
ssh-keygen -t rsa
用这个命令传输公钥到每个服务器
ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.1.*
OK