环境:两台CentOS 5.4主机,分别为CentOSA(192.168.1.102)和CentOSB(192.168.1.104)
一、在A主机
1) 创建transport用户、密码;切换用户
[root@CentOSA ~]# adduser transport
[root@CentOSA ~]# passwd transport
Changing password for user transport.
New UNIX password:
BAD PASSWORD: it is too simplistic/systematic
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@CentOSA ~]# su - transport
[transport@ CentOSA ~]$
2) 创建密钥
[transport@CentOS ~]$ ssh-keygen
有的系统可能会输入ssh-keygen –t rsa,具体情况可以查看帮助:man ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/transport/.ssh/id_rsa):
指定路径,不用变,直接回车
/home/transport/.ssh/id_rsa already exists.
Enter passphrase (empty for no passphrase):
输入密码(无密码为空):
Enter same passphrase again:
再次输入相同的密码:
Your identification has been saved in /home/transport/.ssh/id_rsa.
Your public key has been saved in /home/transport/.ssh/id_rsa.pub.
The key fingerprint is:
7e:44:4e:ac:eb:1c:2b:68:94:1f:9e:fc:2f:7a:4c:73 transport@CentOSA
二、在B主机
3) 创建transport用户、密码;切换用户
[root@CentOSB ~]# adduser transport
[root@CentOSB ~]# su - transport
[transport@ CentOSB ~]$
4) 创建密钥
[transport@CentOSB ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/transport/.ssh/id_rsa):
指定路径,不用变,直接回车
/home/transport/.ssh/id_rsa already exists.
Enter passphrase (empty for no passphrase):
输入密码(无密码为空):
Enter same passphrase again:
再次输入相同的密码:
Your identification has been saved in /home/transport/.ssh/id_rsa.
Your public key has been saved in /home/transport/.ssh/id_rsa.pub.
The key fingerprint is:
7e:44:4e:ac:eb:1c:2b:68:94:1f:9e:fc:2f:7a:4c:73 transport@CentOSB
5) 创建authorized_keys
[transport@CentOSB ~]$ cd /.ssh
[transport@CentOSB .ssh]$ cat id_rsa.pub > authorized_keys
6) 修改authorized_keys的权限
[transport@CentOS .ssh]$ chmod 600 authorized_keys
7) 传输authorized_keys文件到A主机
[transport@CentOSB .ssh]$ rsync -av authorized_keys 192.168.1.102:/home/transport/.ssh/
……
[email protected]'s password:
输入密码
三、在主机A
8) 追加A的密钥到刚才从主机B传过来的authorized_keys
[transport@CentOSA .ssh]$ cat id_rsa.pub >> authorized_keys
9) 传输追加好的文件(注意权限600)到B主机
[transport@CentOSA .ssh]$ rsync -av authorized_keys 192.168.1.104:/home/transport/.ssh/
到此基于SSH信任就配置完成了。以后主机A、B之间可以用transport用户传输文件。传输工具可以选择rsync等,并配置crontab周期性的备份。