CentOS7虚拟机之间设置免密登录

1、目标

通过ssh方式登录各个主机，并且不需要输入密码，其中ssh命令的格式如下：

ssh [-l login_name] [-p port] [user@]hostname

2、前期准备

我这里的有几台CentOS7的虚拟机，虚拟机的主机名和IP地址如下所示：

192.168.223.131 hadoop-master
192.168.223.128 hadoop-slave1
192.168.223.129 hadoop-slave2
192.168.223.130 hadoop-slave3

如果以上内容还没有添加到hosts文件的需要先添加到hosts文件：

[root@hadoop-master ~]# vi /etc/hosts

192.168.223.131 hadoop-master
192.168.223.128 hadoop-slave1
192.168.223.129 hadoop-slave2
192.168.223.130 hadoop-slave3

3、生成公钥

首先使用

[root@hadoop-master hadoop]# ssh-keygen

然后连续回车就会出现下面内容：

[root@hadoop-master hadoop]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:XLxBYgPSJF0op8bKUYkRdCEHIjb4A2VczZsSsKXeUXU root@hadoop-master
The key's randomart image is:
+---[RSA 2048]----+
|+*XBOO+=* E      |
|=o+B=+B. *       |
| ooo.= o  +      |
| .+.=.o. . o     |
| ..=..  S .      |
|  o              |
|                 |
|                 |
|                 |
+----[SHA256]-----+

通过如下的命令查看生成的.ssh目录下文件

[root@hadoop-master ~]# cd ~
[root@hadoop-master ~]# ls -atrl|grep ssh
drwx------.  2 root root    57 8月   8 16:17 .ssh

4、复制公钥要其他节点

[root@hadoop-master ~]# cd ~
[root@hadoop-master ~]# ssh-copy-id -i .ssh/id_rsa.pub root@hadoop-slave1

然后输入密码会有如下内容：

[root@hadoop-master ~]# ssh-copy-id -i .ssh/id_rsa.pub root@hadoop-slave1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@hadoop-slave1's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@hadoop-slave1'"
and check to make sure that only the key(s) you wanted were added.

以上代表添加公钥成功了。测试一下：

[root@hadoop-master ~]# ssh root@hadoop-slave1
Last failed login: Sat Aug  8 16:00:11 CST 2020 from hadoop-master on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Sat Aug  8 15:53:42 2020 from 192.168.223.1
[root@hadoop-slave1 ~]# 

从如上日志，我们可以看出我们已经成功从hadoop-master主机登录到了hadoop-slave1同理，我们将公钥拷贝到其他服务器上

如果要几个服务器之间都能免密登录，需要将上面的步骤重复在几台主机上操作即可。

5、如何取消免密登录

有时候免密登录只是为了测试方便，测试完了还要恢复回去？如何操作？我们添加公钥的时候是将将A主机的公钥添加到B主机，如果A主机登录B主机要输入密码则需要在B主机上去掉A的公钥。比如下面的例子，我们在hadoop-slave1中去掉了hadoop-master的公钥。

[root@hadoop-slave1 ~]# cd ./ssh
[root@hadoop-slave1 ~]# vi authorized_keys 
[root@hadoop-slave1 ~]#$ cat authorized_keys 

#ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiUjCuy0zCFIwVkMRsHkn+SPk4oSAYIjmI9tRT1/7wS7nkaqhoK68fHosF07g6Hwl90Gx5yfXbz1qfQXhA8dVMJnNSkSsJHCSVbRcI5nqBZhVz3Ohj1YbGnPRSr23sIfPsZv2Ajvlfu/GQu0n7hkhWbbITxwxUabGU7UZ6QpiQnKPvFOvluSQWuZ296HkmxoeEhRGDedJGf2vHJyzKIypUZTe0R2eH1WOaaNNSXQa/OjBP/i4SnnU4oMaidPJt+KWHhvYatpuEF4RUhoR7FaGaysDw6lUATLfbhgYq86EmUzqEe+OwFwgYBDWQ80s9DfHp5OjsAxc8u3sBIGIuxgeP root@hadoop-master
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcR6rzK2wk/y01qmhErV3PDRzU5rMPjylfipQfuymSnRl1pKTqyQll1Aw3QOX1/npkMxajqCQFr9UOrtRaxd/gricdGSuTh3IOw905fdwAmllaaRm6kNuQ4G+fN8t/LNWG8qqmvxjCi6MafOOZFDkUXMIakXxMSbCy6fp0e4vA3j5Kjq+rUPCHnid6Tb96zKlgeBsDbUxpYWj7VsfmlG16X+GrEMZ19T+eLoPIdT9jGEuw6N54oC3UWuhcSY2+dUD7acDQ3Ig1mp9JVe9N8jCaPIwbEc5rUOEkHhj4+CTqwkuK9fnm11I6RTuRt3x6oNQS9t60Eg/WRSPjx4hoC88p root@hadoop-slave2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1ba/DQTS+rEeYsNQr+9C8WxbT2kWx9PSsOhEyR+dDCzKBlD0ssZJkQkXA9O9BBn8srrLTVSqiMs+A/DtkSasZCh7NO2QtNZzRP3UsVwPvqeeyYicKSIndo/FiKTEeCC3R/HkquAw2/d5YjDJkSHfrtlQxcJka755s/a5uXCL7CtYMU5kBG2J27dotm6uH11Sa9jihMGvAcllDTPBXQs3gENhU8nBXYEBof0lltvTmyiDRY4Onw+5z94fXG3n2S5aXNP8h7Ykkyjm20QbZqEYais62KMwv7bSIAQeBUZqpDjw5PMblHr9rNKTnpgLEE2Bx8CjRdZChAbM4kf9SpdzH root@hadoop-slave3

然后使用hadoop-master来远程登录hadoop-slave1的时候提示我们输入密码了

[root@hadoop-master ~]# ssh root@hadoop-slave1
root@hadoop-slave1's password: