1. 两台机器之间免密码登陆配置
这里我拿自己的两台机器(node1,node2)为例,介绍如何配置免密码登陆,这里我配置用户wxyuan的免密码登陆
(1) 登陆node1机器,执行ssh-keygen -t rsa 命令生成公钥和私钥
[wxyuan@node1 ~]$ ssh-keygen -t rsa
# 连续三次回车,即在本地生成了公钥和私钥,不设置密码,默认存储在 ~/.ssh目录下
Generating public/private rsa key pair.
Enter file in which to save the key (/home/wxyuan/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/wxyuan/.ssh/id_rsa.
Your public key has been saved in /home/wxyuan/.ssh/id_rsa.pub.
The key fingerprint is:
45:ae:bf:00:5a:69:80:16:a9:34:b8:39:54:3a:ca:ee wxyuan@node1
The key's randomart image is:
+--[ RSA 2048]----+
|. oo . |
|.+oo o |
|o*+ . o |
|B.. . . o |
|.o = S |
|. + . . |
| . . . . |
|. . . |
| E . |
+-----------------+
[wxyuan@node1 .ssh]$ ll
总用量 12
-rw------- 1 wxyuan wxyuan 1675 5月 25 16:01 id_rsa
-rw-r--r-- 1 wxyuan wxyuan 394 5月 25 16:01 id_rsa.pub(2) 登陆node2机器,执行ssh-keygen -t rsa 命令生成公钥和私钥
[wxyuan@node2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/wxyuan/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/wxyuan/.ssh/id_rsa.
Your public key has been saved in /home/wxyuan/.ssh/id_rsa.pub.
The key fingerprint is:
56:c7:d5:df:be:ba:f4:09:74:e0:81:be:49:bb:29:2d wxyuan@node2
The key's randomart image is:
+--[ RSA 2048]----+
| .. |
| ... .|
| ..oo o|
| .... o o|
| S o o o |
| . . = . .|
| .+ o .|
| E .+ o..|
| oo ooo |
+-----------------+(3) 在node1的.ssh目录下创建authorized_keys文件,然后将node1和node2的id_rsa.pub文件内容保存到authorized_keys
[wxyuan@node2 .ssh]$ ll
总用量 12
-rw-r----- 1 wxyuan wxyuan 1182 5月 25 16:06 authorized_keys
-rw------- 1 wxyuan wxyuan 1675 5月 25 16:03 id_rsa
-rw-r--r-- 1 wxyuan wxyuan 394 5月 25 16:03 id_rsa.pub
[wxyuan@node2 .ssh]$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA38ylacLk4Pri8nN27yist2NkRCjQRKcflNPzkl9eOfx16M+HZ8gKQ+ZRvBzF9NUA5FLGpG9DmoYJ+EWmUHjfJaGt7mXIuOzYMyaHV5i/Lk28PkiZIzag5LIiR8bR6/0JnMXuZtCEvICdkzmGwIcQRmSLMbyAKhhirqFHiJDST8d3gDzIDM6B+NHG0ZWypNuj4GEIgy6xRFy3C895ZIp+4OzB4y0fDEbIxJdRWLkZGX6AD5fdQnNehCwrMtso9xZUIVPxztQWmkAPs+zjIqxXtEPFGNmtCvQPwwi0+aQn++ENoTYj2V6WWLlZw+T3KHkxawXbqpMf85al+k0Ce7DTIw== wxyuan@node1
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvzr7kzqcviS59yEsQemZakM2Qk94wWw42dVaEq1lQ8QGtBNerl9C4vVY5ZJbw20D7uHmCs13lZgV6OVfjJDoxwgsLmIjTDAxfR3L+sqnN+Tk90PFeCx9i5Rbb/as3lnNiZaISzFa8UjHRszIZsijgnGXgU1CLk1TijGq9L+4JDtHUPr8nvd+2apkeqZsU7I+pOhvXrR5RhkVbFpIgLpwPhNiGqIiG0YqBdUcKO8GmHZlM2rG2U5IAM0nlUmVHjSuTjrnjY3SL8ye1v8nl1CcLv5qNZEHtceH4LhibAYab+KcJsPzcja++2vyfY6VGLNIMZeETkA630K9VHWoYTei1w== wxyuan@node2(4) 同样地,在node2的.ssh目录下创建authorized_keys文件,然后将node1和node2的id_rsa.pub文件内容保存到authorized_keys
(5) 测试免密码登陆
[wxyuan@node1 .ssh]$ ssh node2
Last login: Fri May 25 16:22:53 2018 from node1
[wxyuan@node2 ~]$ ssh node1
Last login: Fri May 25 16:56:33 2018 from node2
[wxyuan@node1 ~]$ 2. 多台机器配置免密码登陆
当需要配置免密码的登陆的机器较多时,比如说几十台(A,B,C,D.....),如果安装上面的方法,是比较繁琐的,而且很容易出错。所以,这里介绍一种较省力的方法。
(1) 登陆A机器,执行ssh-keygen -t rsa 命令生成公钥和私钥;
(2) 在A机器的.ssh目录下创建authorized_keys文件,将id_rsa.pub文件内容保存到authorized_keys(cat id_rsa.pub > authorized_keys),然后把authorized_keys文件复制到B机器;
(3) 登陆B机器,执行ssh-keygen -t rsa 命令生成公钥和私钥,然后将id_rsa.pub文件内容追加保存到authorized_keys文件末尾(cat id_rsa.pub >> authorized_keys),同时把authorized_keys文件复制到C机器;
(4) 登陆C机器,执行ssh-keygen -t rsa 命令生成公钥和私钥,然后将id_rsa.pub文件内容追加保存到authorized_keys文件末尾(cat id_rsa.pub >> authorized_keys),同时把authorized_keys文件复制到D机器;
(5) 以此类推,直到最后一台机器的id_rsa.pub文件内容追加保存到authorized_keys文件末尾;
(6) 将authorized_keys文件复制到其它所有机器的.ssh目录下。
到此,所有机器之间的免密码登陆配置完成,接下来测试一下能否成功就可以了。
3. 配置完免密码登陆后不生效的问题
如果免密码登陆配置完成后,仍然不能实现免密登陆,很可能是权限问题造成的,这里说明几个文件和目录的权限,供参考。
(1) 修改id_rsa文件的权限为600
(2) 修改id_rsa.pub文件的权限为644
(3) 修改authorized_keys文件的权限为640或600
(4) 修改.ssh文件夹的权限为700
(5) 修改实现免密码登陆的用户目录权限(即用户家目录权限)为700或755
注意:上面说明的几个文件和目录的权限都要保证正确,如果上面的文件或目录权限都正确,但免密码登陆仍然不生效,你可以借助ssh -v命令打印登陆信息,查看失败的原因。