case1
Requirement: DB server needs password-free access to AP server
1. The creation of public key and private key (made in the access server (ap#1, ap#2) )
①su - batch
②$ ssh-keygen -t rsa -b 2048
※Press Enter directly during this process
③公钥做成authorized_keys
$ cd /home/batch/.ssh
$ cat id_rsa.pub >> authorized_keys
$ chmod 600 authorized_keys
④In order to distinguish a little, make the private keys to access ap#1 and ap#2 respectively. In fact, they are the same thing
$ mv id_rsa id_rsa_ap01 (ap#2:id_rsa_ap02)
④Add
the following content to the beginning of SSH login setting authorized_keys
no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="DB#1IP,DB#2IP", ssh-rsa ・・・
⑤Save the created private key to "/tmp" of the DB server
# tar cvf /tmp/key_ap01.tar id_rsa_ap01 (AP#2:key_ap02.tar)
2. Storage of the private key
Log in to the DB server
# cd /home/batch
# mkdir key
# chown batch:batch key
# chmod 700 key
# ls -ld key
# cd key
# tar xvf /tmp/key_ap01.tar(ap#2:key_ap02.tar)
# ls -l
3. Judging whether the configuration is complete through scp transfer file
①DB server
# su - batch
$ cd /tmp
$ touch scp_test.txt
$ scp -i /home/batch/key/id_rsa_ap01 /tmp/scp_test.txt batch@ap01:/tmp/ .
$ scp -i /home/batch/key/ id_rsa_ap02 /tmp/scp_test.txt batch@ap02:/tmp/ .
※When using for the first time, ask to log in to known_host
②Confirm whether the corresponding file is received in the ap server
# ls -l /tmp/scp_test.txt
case2
Access the meta server to operate, and then store the public key in the object server, so that you can log in to the object server without password.
1. Generate public and private keys
ssh-keygen -t rsa -N ""
2.cd /root/.ssh/
3. View the public key and private key just generated through ll
id_rsa
id_rsa.pub
4.ssh connect to object server
ssh 192.168.100.31
[email protected]'s password:
5. Copy the public key to the object server
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
6. When you ssh to the object server again, you no longer need to enter the password.
ssh 192.168.100.31
Summary: Put the public key in the machine being accessed, and put the private key in the machine that needs to be accessed