配置 master, slave01, slave02 三个节点互相免密要登录
首先主节点: (所有操作都是在自己的用户下操作的, 不是在root用户下)
生成秘钥
[xiaoshami@master ~]$ ssh-keygen -t rsa
一路回车就行
-t 参数就是指定要生成的密钥类型,你这里指定的是rsa
查看 .ssh文件夹
[xiaoshami@master ~]$ ll .ssh/
-rw-------. 1 xiaoshami xiaoshami 1675 May 14 15:35 id_rsa
-rw-r--r--. 1 xiaoshami xiaoshami 397 May 14 15:35 id_rsa.pub
复制秘钥到公钥:
[xiaoshami@master ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
注意: authorized_keys 名字不能自己修改
查看 .ssh文件夹
[xiaoshami@master ~]$ ll .ssh/
total 16
-rw-------. 1 xiaoshami xiaoshami 1193 May 14 15:41 authorized_keys
-rw-------. 1 xiaoshami xiaoshami 1675 May 14 15:35 id_rsa
-rw-r--r--. 1 xiaoshami xiaoshami 397 May 14 15:35 id_rsa.pub
-rw-r--r--. 1 xiaoshami xiaoshami 810 May 14 15:37 known_hosts
修改 公钥权限
chmod 600 ~/.ssh/authorized_keys
将公钥发送到另外两个节点
scp ~/.ssh/authorized_keys xiaoshami@slave01:~/
scp ~/.ssh/authorized_keys xiaoshami@slave02:~/
注意: 不能直接发送到 ~/.ssh/authorized_keys, 这样的话会免密失败, 不知道啥原因, 只能先复制到家目录, 然后生成子节点的秘钥之后, 在移动到.ssh目录
然后到两个子节点执行 ssh-keygen -t rsa 命令, 同上, 一路回车
在两个子节点移动公钥到 .ssh 目录
cd ~
mv authorized_keys ~/.ssh/
验证:
在master节点输入:
ssh slave01
ssh slave02
都可以顺利进入
这样的话, 就实现了master到两个子节点的单向免密登录
想要实现双向免密登录, 则要将每个子节点的秘钥加入公钥中:
slave01节点执行:
[xiaoshami@slave01 ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
传到 slave02节点
[xiaoshami@slave01 ~]$ scp ~/.ssh/authorized_keys xiaoshami@slave02:~/authorized_keys
slave02同上, 继续添加自己的秘钥
[xiaoshami@slave02 ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
此时, 公钥中就有了三个秘钥
[xiaoshami@slave02 ~]$ cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAz6DwFktO6XfGP3RwbrRTKO8uRcFJNsM/1G2nNqE5J/95+YwaO/qJD2fVVtpBgBiqTqQVmMi0FIiEwkD0ap9rZH1KmW6G2yf715UyUxitlBDEqE9+ETfEgXzY7IK3EHHexRB5BJ3lwTdnTPH8/fy5Dle+5hvHI0GQZzdquW7zzcCYeqhFf60iyqYsJOJUSLNXlqM2DUr9rggwXUJfQjlhNvZtPEZ7jecV5BPDU3k2X+HYNDxXtAZb9szEdOhvXqkrQ7p0dCgD4mhofrQUjz9SVw/DyzHetOskDamn3umYiEKuVqLBDQFYo7cj14as/djLIXeDU6jIG+oqwZ2dXbaAzw== xiaoshami@master
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6bxGWH9C8cxGwFsVlCo/NeFrcyVBAtfQ/rOBki3TrGufTOnvW+RpPa93tAhwOxwzeF0XSwZdKLw8P2AQtZ+DD16rfU//Wyx9halMBMbO0p+Kv4hhiW23OnFhFQx4O1XSwqjrOefZl6QhSkT9po5p3w6LE1UjGwC7lW0q9ZU8Paa/lawHxX//mN3X59ZRW6arXq1Xzmf75bXn1FG886BrS0nRBOsNVWCESOce3YV5yy5V/XmEA16++tFWeZZRkGESAQJFdUzXzBs6i89IK4m/ugmpQyBmYibbIqOuXqUd85pagL1rOltJvgHWbbk7c5/lFvxylVU29k+aQ+HSn1Vhxw== xiaoshami@slave01
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0CoRN1HAkSeLQD2Kwmen4wCWjDYb6zTb/ONqZ9nWmJYNAgwuvE5SWQMZxKldu4z1MA5o/NmLua6uigJHpncbzsYywEKP8JxipLiaI8FmPanCSrljnF/R9uWIOb0R9W8RjKIahbOeR5Ul9UK7xNZkEarXDn1J5MfQ8bUL9ymkBSWq+Vu2MIi3cMPjpsf+BO5QQeXa2tbiuKrHTFxRICWmXQgjLLXZqSQw1rObzgy/UivHq1ss0X9c/13fkFblMwI6cvcE8njK2k6+f+q4npOztbfuv4YirgeuP6FO/yBc7NTwW4/TdWaV3vSnW13qKkND+zy02T3dromDptRoCRF85w== xiaoshami@slave02
可以很明显看到有三个秘钥, 然后将这个最终版公钥发送到其他节点
[xiaoshami@slave02 ~]$ scp ~/.ssh/authorized_keys xiaoshami@slave01:~/authorized_keys
[xiaoshami@slave02 ~]$ scp ~/.ssh/authorized_keys xiaoshami@master:~/authorized_keys
到此为止, 就实现了双向免密登录
切记一定要按照顺序来, 否则很可能会出现免密失败的情况, 一旦出现这种情况, 删除 .ssh 文件夹, 重新配置
rm -rf ~/.ssh/*
上面的命令, 每个节点都执行一遍, 然后从头开始