ssh免密登陆设置

ssh免密登陆设置

现有3台主机，它们的IP及在集群中的角色如下：

172.17.0.2 //master
172.17.0.3 //slave1
172.17.0.4 //slave2

现在想让它们两两间可以通过ssh免密登陆，步骤如下：

创建公钥并进行相应配置
在3台机上分别执行如下4步操作：

（1）创建密钥文件：

root@540d1f9fc209:~# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:dxqbt5mrIHOrq8gbyz0R9FeqlLVAoIp/zQHfD7RyPs4 root@540d1f9fc209
The key's randomart image is:
+---[RSA 2048]----+
|    .o.          |
|   .. . . .      |
|  .... +.+       |
|..  .o+o+.       |
|o    o+oS o .    |
| .  .o.= + *     |
|  o ..= = = .    |
| o *.  * + . +   |
|  *.ooooE ..=.   |
+----[SHA256]-----+
root@540d1f9fc209:~# ll
total 108
drwx------ 1 root root  4096 Nov  7 09:16 ./
drwxr-xr-x 1 root root  4096 Nov  7 07:18 ../
-rw------- 1 root root 54424 Nov  5 08:47 .bash_history
-rw-r--r-- 1 root root  3560 Sep 21 12:44 .bashrc
drwx------ 2 root root  4096 Sep 21 07:22 .cache/
drwxr-xr-x 2 root root  4096 Sep 21 12:10 .oracle_jre_usage/
-rw-r--r-- 1 root root   148 Aug 17  2015 .profile
drwx------ 2 root root  4096 Nov  7 09:16 .ssh/
-rw------- 1 root root 18886 Nov  7 09:00 .viminfo
-rw-r--r-- 1 root root   170 Oct 13 06:59 .wget-hsts
root@540d1f9fc209:~# cd .ssh/
root@540d1f9fc209:~/.ssh# ll
total 16
drwx------ 2 root root 4096 Nov  7 09:16 ./
drwx------ 1 root root 4096 Nov  7 09:16 ../
-rw------- 1 root root 1675 Nov  7 09:16 id_rsa
-rw-r--r-- 1 root root  399 Nov  7 09:16 id_rsa.pub

（2）修改master下的/etc/ssh/ssh_config文件，添加下面两行：

StrictHostKeyChecking no
UserKnownHostsFile /dev/null

（3）运行如下命令重启ssh服务：

service ssh restart

（4）在~/.ssh目录下，创建autorized_keys文件，并将id_rsa.pub追加到authorized_keys中：

root@540d1f9fc209:~/.ssh# touch authorized_keys
root@540d1f9fc209:~/.ssh# chmod 600 authorized_keys 
root@540d1f9fc209:~/.ssh# cat id_rsa.pub >> authorized_keys 

拷贝公钥
（1）将master的id_rsa.pub分别拷贝到slave1和slave2上，并将其分别追加到slave1和slave2的~/.ssh/authorized_keys上；

（2）将slave1的id_rsa.pub分别拷贝到master和slave2上，并将其分别追加到master和slave2的~/.ssh/authorized_keys上;

（3）将slave2的id_rsa.pub分别拷贝到master和slave1上，并将其分别追加到master和slave1的~/.ssh/authorized_keys上。

重启ssh服务
在每台机上重启ssh服务：

service ssh restart

测试
简单测试一下，从master免密登陆slave2：

root@540d1f9fc209:~/.ssh# ssh 172.17.0.4
Warning: Permanently added '172.17.0.4' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 16.04.5 LTS (GNU/Linux 4.4.0-133-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
Last login: Wed Nov  7 10:28:29 2018 from 172.17.0.2
root@56ab96e7e138:~#