linux双机互信设置

公钥认证的基本思想:
对信息的加密和解密采用不同的key,这对key分别称作private key和public key,其中,
public key存放在欲登录的服务器上,而private key为特定的客户机所持有。当客户机
向服务器发出建立安全连接的请求时,首先发送自己的public key,如果这个public key
是被服务器所允许的,服务器就发送一个经过public key加密的随机数据给客户机,这个
数据只能通过private key解密,客户机将解密后的信息发还给服务器,服务器验证正确
后即确认客户机是可信任的,从而建立起一条安全的信息通道。通过这种方式,客户机
不需要向外发送自己的身份标志“private key”即可达到校验的目的,并且private key
是不能通过public key反向推断出来的。这避免了网络窃听可能造成的密码泄露。客户机
需要小心的保存自己的private key,以免被其他人窃取,一旦这样的事情发生,就需要
各服务器更换受信的public key列表。
配置ssh互信的步骤如下:
    1. 首先,在要配置互信的机器上,生成各自的经过认证的key文件;
    2. 其次,将所有的key文件汇总到一个总的认证文件中;
    3. 将这个包含了所有互信机器认证key的认证文件,分发到各个机器中去;
    4. 验证互信。
在主机名为node1,node2,node3上以相同的用户test创建ssh互信。
 
 
1.在每个节点上创建 RSA密钥和公钥
使用test用户登陆
mkdir ~/.ssh
chmod 700 ~/.ssh
cd ~/.ssh
ssh-keygen -t rsa
 
2.整合公钥文件
在node1上执行以下命令
ssh node1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh node2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh node3 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
 
3.分发整合后的公钥文件
在node1上执行以下命令
scp ~/.ssh/authorized_keys  node2:~/.ssh/
scp ~/.ssh/authorized_keys  node3:~/.ssh/
 
4.测试ssh互信
在各个节点上运行以下命令,若不需要输入密码就显示系统当前日期,就说明SSH互信已经配置成功了。
ssh node1 date
ssh node2 date
ssh node3 date




2016-8-15
以下是自己具体的验证过程
配置ssh互信的步骤如下:
    1. 首先,在要配置互信的机器上,生成各自的经过认证的key文件;
    2. 其次,将所有的key文件汇总到一个总的认证文件中;
    3. 将这个包含了所有互信机器认证key的认证文件,分发到各个机器中去;
    4. 验证互信。
在主机名为gpmaster,gpnode1,gpnode2上以相同的用户test创建ssh互信。
 
 
1.在每个节点上创建 RSA密钥和公钥
使用root用户登陆
mkdir ~/.ssh
chmod 700 ~/.ssh
cd ~/.ssh
ssh-keygen -t rsa
 
2.整合公钥文件
在gpmaster上执行以下命令
ssh gpmaster cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh gpnode1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh gpnode2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
 
3.分发整合后的公钥文件
在gpmaster上执行以下命令
scp ~/.ssh/authorized_keys  gpnode1:~/.ssh/
scp ~/.ssh/authorized_keys  gpnode2:~/.ssh/
 
4.测试ssh互信
在各个节点上运行以下命令,若不需要输入密码就显示系统当前日期,就说明SSH互信已经配置成功了。
ssh gpmaster date
ssh gpnode1 date
ssh gpnode2 date
 




具体过程是:
1.在每个节点上创建 RSA密钥和公钥
使用root用户登陆
mkdir ~/.ssh
chmod 700 ~/.ssh
cd ~/.ssh
ssh-keygen -t rsa(一路敲回车)
[root@gpmaster .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):  #回车      
Enter passphrase (empty for no passphrase): #回车
Enter same passphrase again: #回车
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
9f:62:ab:0e:8c:e4:7f:b1:8e:a7:61:db:89:74:de:36 root@gpmaster
[root@gpmaster .ssh]#
2.
整合公钥文件
在gpmaster上执行以下命令
ssh gpmaster cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh gpnode1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh gpnode2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
[root@gpmaster .ssh]# ssh gpmaster cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'gpmaster (192.168.66.110)' can't be established.
RSA key fingerprint is 69:ad:d3:6a:bf:ea:89:ab:6d:64:c4:1c:6f:b3:fe:9b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gpmaster,192.168.66.110' (RSA) to the list of known hosts.
root@gpmaster's password:
[root@gpmaster .ssh]# ssh gpnode1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'gpnode1 (192.168.66.111)' can't be established.
RSA key fingerprint is 69:ad:d3:6a:bf:ea:89:ab:6d:64:c4:1c:6f:b3:fe:9b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gpnode1,192.168.66.111' (RSA) to the list of known hosts.
root@gpnode1's password:
[root@gpmaster .ssh]# ssh gpnode2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'gpnode2 (192.168.66.112)' can't be established.
RSA key fingerprint is 69:ad:d3:6a:bf:ea:89:ab:6d:64:c4:1c:6f:b3:fe:9b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gpnode2,192.168.66.112' (RSA) to the list of known hosts.
root@gpnode2's password:
[root@gpmaster .ssh]# chmod 600 ~/.ssh/authorized_keys
3.
在gpmaster上执行以下命令
scp ~/.ssh/authorized_keys  gpnode1:~/.ssh/
scp ~/.ssh/authorized_keys  gpnode2:~/.ssh/
[root@gpmaster .ssh]# scp ~/.ssh/authorized_keys  gpnode1:~/.ssh/
root@gpnode1's password:
authorized_keys                                                                                   100% 1183     1.2KB/s   00:00   
[root@gpmaster .ssh]# scp ~/.ssh/authorized_keys  gpnode2:~/.ssh/
root@gpnode2's password:
authorized_keys      




4.    
测试ssh互信
在各个节点上运行以下命令,若不需要输入密码就显示系统当前日期,就说明SSH互信已经配置成功了。
ssh gpmaster date
ssh gpnode1 date
ssh gpnode2 date                                                                       100% 1183     1.2KB/s   00:00   
[root@gpmaster .ssh]# ssh gpmaster date
Thu Aug 15 10:35:27 CST 2016
[root@gpmaster .ssh]# ssh gpnode1 date
Thu Aug 15 10:35:33 CST 2016
[root@gpmaster .ssh]# ssh gpnode2 date
Thu Aug 15 10:35:42 CST 2016
[root@gpmaster .ssh]#
[root@gpmaster .ssh]#
[root@gpmaster .ssh]# ssh gpmaster date
ssh gpnode1 date
ssh gpnode2 dateThu Aug 15 10:35:52 CST 2016
[root@gpmaster .ssh]# ssh gpnode2 date
Thu Aug 15 10:35:53 CST 2016
[root@gpmaster .ssh]#
[root@gpmaster .ssh]#
[root@gpmaster .ssh]#
[root@gpmaster .ssh]# ssh gpmaster date
ssh gpnode1 date
ssh gpnode2 dateThu Aug 15 10:36:14 CST 2016
[root@gpmaster .ssh]# ssh gpnode2 date
Thu Aug 15 10:36:17 CST 2016
[root@gpmaster .ssh]#
[root@gpmaster .ssh]#
[root@gpmaster .ssh]#
[root@gpmaster .ssh]# ssh gpmaster date
ssh gpnode1 date
ssh gpnode2 date
ssh gpmaster dateThu Aug 15 10:36:32 CST 2016
[root@gpmaster .ssh]# ssh gpmaster date
Thu Aug 15 10:36:33 CST 2016
[root@gpmaster .ssh]#

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/24179204/viewspace-2126941/,如需转载,请注明出处,否则将追究法律责任。

转载于:http://blog.itpub.net/24179204/viewspace-2126941/

你可能感兴趣的:(linux双机互信设置)