如上图所示,左边的三个服务器都向使用证书远程管理Web Server。如何实现呢?
其实,操作过程和单台服务器使用证书管理Web Server是一样的。
步骤一:在每个服务器上使用命令ssh-keygen -t rsa命令创建证书。
步骤二:使用ssh-copy-id命令,把公钥拷贝到Web Server(不要使用scp命令拷贝公钥到远程服务器上)。比如:
ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
步骤三:在左侧的三个服务器上使用ssh 192.168.0.1尝试登陆Web Server。
登陆到Web Server,查看authorized_keys文件,发现其中保存了三个服务器的公钥:
cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2is7steOsmEFSDV3OQS+UuXZJuoxL3+r3694LDAuI8T6YttvGfe7YLi+xuYZ6zA1D8u1O4rH76e4bRMtQu6Cff4mtWFSfRwNnY4GTc5dLT8rkK5G6qJ7Z4aEYAkPIPzJj6TMYGKN1gUCqJoYAav83qVmu/HHJ/SEi2tXAhUhk0Ds5c4W3gc1o0IqVMszdJLuDi7/v/FpzCCECnQMeRPrf97BI4aJwthqWu8whKGh4Xo5BKCZiq3MGxHgqlpSnYD+Kxtmj8HbMRGKdRPlScBnH5UvAkp6AFJjLVTNt9I6r8mAErLjYMnsfpbvMv7c++KCgw3OCVvgjZ8GDgEwnwkmAQ== root@ser1
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtN1jxHVJhMvQrf5HodPoBot/3+1QimEouK2XnrYMuk+O80eo7/cLVKMbPqyJHPlN/51FsLenErF3Gr3Tei2Y3/HPl/5dzwww7Rbg7/lzQfFleITLQKs7v0Arw/W8aK7K4VnHDoTt9NXoEkfwr4zoav6gXnmzcc0GaHaaawv4inLjr/whc5r0HeUQTS76jaP8AOslVajttPa53+63wPujytKQe3GBzD+l+DBDUFJDVawkDG82afSKoCd2Q+kVr/Hs5n4WYQXiJU9ukSVLaVQklW5SIgihJ8CCDosnpiLsIZxIzFEIsuadHBkqkSMzQiPpgyh2PeLC3OB1EZ7f5FST3Q== root@ser2
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyn4hJID66/NiRZBqz8r/izk5HnbWHKNPovrCtTfXSioicFlFDzmM16H3RQoIv1x3LVM1/OG4Hdf9LpPR2rP9FxfskSM70ZBfDE2UgMqmd3LDv7Yxl+nw2blI/dmYcEEoQpnmxP1tPc/zaAQYVrdBKVn4e67rkxgUG0Bebm0m39e2dba80z26cCxqtkOx8kC24BCxaW3nBJVywpi/4vyYE6desnH/W0Ll6ToSwsFLuv7nX7DBYz5Q0sKyEyxErxcGqDyzKUdAQQbtpP5n5pMlvkt7SxrHdo/loOyllYVc/5xrWKIxvlb3k9w9BkzHewbmuzl1SzWRkqsjq30VksXJtw== root@ser3