配置机器 hostname
vi /etc/hostname 增加S1PA11
再执行# hostname
S1PA11 ---修改成功
打开hosts文件 并修改关联关系:
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
增加下面两行 (本地和另一台机器IP和hostname)
10.58.44.47 S1PA11
10.126.45.56 S1PA222
ping S1PA222
PING S1PA222 (10.126.45.56) 56(84) bytes of data.
64 bytes from S1PA222 (10.126.45.56): icmp_seq=1 ttl=62 time=0.235 ms
64 bytes from S1PA222 (10.126.45.56): icmp_seq=2 ttl=62 time=0.216 ms
64 bytes from S1PA222 (10.126.45.56): icmp_seq=3 ttl=62 time=0.276 ms
ping S1PA11
PING S1PA11 (10.58.44.47) 56(84) bytes of data.
64 bytes from S1PA11 (10.58.44.47): icmp_seq=1 ttl=62 time=0.268 ms
64 bytes from S1PA11 (10.58.44.47): icmp_seq=2 ttl=62 time=0.273 ms
目前 两台机器是可以通信的
ssh免密码验证配置
首先在S1PA11机器配置(该机器是master)
进去.ssh文件: [spark@S1PA11 sbin]$ cd ~/.ssh/
生成秘钥 ssh-keygen :ssh-keygen -t rsa ,一路狂按回车键就可以了
最终生成(id_rsa,id_rsa.pub两个文件)
生成authorized_keys文件:[spark@S1PA11 .ssh]$ cat id_rsa.pub >> authorized_keys
在另一台机器S1PA222(slave机器)也生成公钥和秘钥
步骤跟S1PA11是类似的
进去.ssh文件: [spark@S1PA11 sbin]$cd ~/.ssh/
生成秘钥 ssh-keygen :ssh-keygen -t rsa,一路狂按回车键就可以了
最终生成(id_rsa,id_rsa.pub两个文件)
将S1PA222机器的id_rsa.pub文件copy到S1PA11机器:[spark@S1PA222 .ssh]$ scp id_rsa.pub [email protected]:~/.ssh/id_rsa.pub_sl
此切换到机器S1PA11 合并authorized_keys;[spark@S1PA11 .ssh]$ cat id_rsa.pub_sl >> authorized_keys
将authorized_keyscopy到S1PA222机器(/home/spark/.ssh):[spark@S1PA11 .ssh]$ scp authorized_keys [email protected]:~/.ssh/
现在讲两台机器 .ssh/ 文件夹权限改为700,authorized_keys文件权限改为600(or 644)
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
OK 完成以上操作后 可以开始ssh验证了
S1PA11j机器sshS1PA222
[spark@S1PA11 .ssh]$ ssh S1PA222
Last login: Mon Jan 5 15:18:58 2015 from s1pa11
[spark@S1PA222 ~]$ exit
logout
Connection to S1PA222 closed.
[spark@S1PA11 .ssh]$ ssh S1PA222
Last login: Mon Jan 5 15:46:00 2015 from s1pa11
S1PA222机器sshS1PA11
Connection to S1PA11 closed.
[spark@S1PA222 .ssh]$ ssh S1PA11
Last login: Mon Jan 5 15:46:43 2015 from s1pa222
[spark@S1PA11 ~]$ exit
顺利完成ssh免密码验证
PS:异常问题处理
1、ssh localhost:publickey 授权失败
sudo vi /etc/ssh/sshd_config
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
service sshd restart
注:ssh可同时支持publickey和password两种授权方式,publickey默认不开启,需要配置为yes。
如果客户端不存在.ssh/id_rsa,则使用password授权;存在则使用publickey授权;
如果publickey授权失败,依然会继续使用password授权。
不要设置 PasswordAuthentication no ,它的意思是禁止密码登录,这样就只能本机登录了!
2、vi /etc/selinux/config
SELINUX=disabled
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
最后重启你的 linux 执行 ssh localhost
3、ssh ip 或 hostname 均提示:connection refused
目标主机的ssh server端程序是否安装、服务是否启动,是否在侦听22端口;
是否允许该用户登录;
本机是否设置了iptables规则,禁止了ssh的连入/连出;