Article Directory
SSH to establish mutual trust
1. Host Name Introduction
Environment, more and more machines to distinguish the machine cost is too high, you need a property over IP and memory to distinguish it from other computers. The same people named, the computer also has an attribute called hostname hostname of.
** Check the machine's hostname: ** can directly enter the hostname command
Temporarily modify the machine's hostname , hostname restart after failure new machine name
Permanently modify the machine's hostname , the machine does not restart failure: hostname attribute to modify / etc / sysconfig / network in the new host name, and finally reboot to restart the machine to take effect
2./etc/hosts document presents
The DNS : Domain the Name System, the domain name system to resolve domain names to inquiries of correspondence between IP.
/ etc / hosts : That DNS on the unit, responsible for host names to IP correspondence between the query service.
View the default configuration, data format: IP address of the host address domain name
Configuring the local host name, the name of the machine can use foreign direct
3. The actual operation example
Goal : two hosts, without the need to enter a password to log in directly to the host name of the master and slave, respectively, can host via ssh landing slave master host. Which hosts the master IP: 192.168.1.10, the host slave's IP: 192.168.1.11.
And the operation of the process steps (default user root):
- Solve the problem of interoperability by host name, are set hostname name the two hosts. 1.10 host for the master, 1.11 host for the slave. Modify / etc / sysconfig / hostname of network attributes.
Set two hosts in the hosts, are in the / etc / hosts adding mappings. Wherein 192.168.1.10 corresponding to master, 192.168.1.11 the corresponding slave.
Master Slave ping and ping performed on each host master, to ensure the ping, determining i.e. front configuration is correct.
Hostnames based on the key generation and transmission completion
Generated on the host master of public and private: the implementation of ssh-keygen -t rsa, which uses rsa encryption, then all the way round, in accordance with the default option will be generated key is stored in /.ssh/id_rsa file generated public key stored in /.ssh/id_rsa.pub in. The host master slave public key transmitted to the host: Using scp ~ / .ssh / id_rsa.pub root @ slave: ~ /.
Will host public key in the slave added to the authorization list authorized_keys them. cat ~ / id_rsa.pub >> ~ / .ssh / authorized_keys. Because of ssh key management requirements, change the permissions of this file is 600, chmod 600 authorized_keys. In addition, also need to turn off selinux functionality, this is the linux kernel security management component, because it is more difficult to use, generally do not open, setenforce 0 to close.
Log verify the accuracy of key configuration by the end of direct landing slave master host side, see if you can log in without a password. ssh root @ slave.