标签:pub 密匙 rsa 192.168 ssh root id 互信
1、简便ssh密匙信任方法
只在一台服务器上创建ssh-keygen
[root@SMSJKSRVBJ02 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: da:42:89:ed:58:13:10:8b:09:e6:60:ea:ab:65:bc:5f root@SMSJKSRVBJ02 The key's randomart image is: +--[ RSA 2048]----+ |oo o. | |*. o o | |..o . . | |. o o | | . . * S | | .. = + | | .+ . E . | |.o . . . | |. ... | +-----------------+ [root@SMSJKSRVBJ02 ~]# cd .ssh/ [root@SMSJKSRVBJ02 .ssh]# ll -thr total 12K -rw-r--r-- 1 root root 394 Mar 13 11:41 known_hosts -rw-r--r-- 1 root root 399 Mar 13 11:42 id_rsa.pub -rw------- 1 root root 1.7K Mar 13 11:42 id_rsa [root@SMSJKSRVBJ02 .ssh]# cat id_rsa.pub >> authorized_keys
将密匙传到别的服务器
[root@SMSJKSRVBJ02 .ssh]# scp * root@10.70.69.153:~/.ssh/ [root@SMSJKSRVBJ02 .ssh]# scp * root@10.70.69.152:~/.ssh/ [root@SMSJKSRVBJ02 .ssh]# scp * root@10.70.69.151:~/.ssh/
如果报错,
[root@SMSJKSRVBJ02 .ssh]# scp * root@10.70.69.152:~/.ssh/ The authenticity of host '10.70.69.152 (10.70.69.152)' can't be established. RSA key fingerprint is 42:80:54:09:89:39:11:ad:da:aa:2f:9f:2c:8a:ea:55. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.70.69.152' (RSA) to the list of known hosts. root@10.70.69.152's password: scp: /root/.ssh/: No such file or directory
说明对方没有ssh-keygen生成.ssh目录,去登陆服务器执行ssh-keygen
因为使用密匙相同,这4台服务器之间就互相信任可以互相访问了。
2、标准的方法
配置SSH登录无密码验证(使用key登录,工作中常用,最好不要禁掉密码登录,如果禁了,可能会有问题)
在server02 192.168.2.131操作(Monitor): 192.168.2.131 [root ~]$ ssh-keygen -t rsa 192.168.2.131 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.128 192.168.2.131 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.129 192.168.2.131 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.130 在server02 192.168.2.128操作(Master): 192.168.2.128 [root ~]$ ssh-keygen -t rsa 192.168.2.128 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.129 192.168.2.128 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.130 在server03 192.168.2.129操作(slave): 192.168.2.129 [root ~]$ ssh-keygen -t rsa 192.168.2.129 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.128 192.168.2.129 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.130 在server04 192.168.2.130操作(slave): 192.168.2.130 [root ~]$ ssh-keygen -t rsa 192.168.2.130 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.128 192.168.2.130 [root ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.2.129
欢迎转载,请注明出处!
标签:pub,密匙,rsa,192.168,ssh,root,id,互信 来源: https://www.cnblogs.com/paul8339/p/11435009.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。