实现背景:在集群集群服务中的节点管理,必须站在一个正常的节点上,去远程管理:启动和关闭某个节点的服务(第一个节点肯定自己启动的除外),所以集群中各节点之间必须建立ssh互信通信方式机制。 基于密钥认证方式无密码的ssh互信通信。
实现条件:node1:192.168.176.6 主机名称是node1.magedu.com;
node2:192.168.176.6 主机名称是node1.magedu.com;
实现目的:在节点node1上可以ssh 192.168.176.7 ssh node2 ;在节点node2上可以ssh 192.168.176.6 ssh node1
实现步骤:
(1)在node1 上使用ssh-keygen 工具生成公钥和私钥
[root@node1 ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): 回车 Enter passphrase (empty for no passphrase): 回车,设置空密码 Enter same passphrase again:回车 Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 77:7d:09:dc:9c:d5:dd:41:d3:66:3e:0b:e9:98:dc:32 [email protected] The key's randomart image is: +--[ RSA 2048]----+ | .+B| | . o @| | o.B | | +..o| | S o * o.+| | . E o o | | o | | | | | +-----------------+
(2)在node1上使用ssh-copy-id工具将/root/.ssh/id_rsa.pub.远程拷贝至node的~/.ssh/目录下
[root@node1 ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.176.7 The authenticity of host '192.168.176.7 (192.168.176.7)' can't be established. RSA key fingerprint is da:6d:09:5a:86:fa:17:6b:e4:1d:2d:57:1e:cc:32:1b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.176.7' (RSA) to the list of known hosts. root@192.168.176.7's password: Now try logging into the machine, with "ssh '[email protected]'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
(3)在node1验证ssh 192.168.176.7 ,然后在验证ssh node2
[root@node1 heartbeat]# ssh node2 The authenticity of host 'node2 (192.168.176.7)' can't be established. RSA key fingerprint is da:6d:09:5a:86:fa:17:6b:e4:1d:2d:57:1e:cc:32:1b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'node2' (RSA) to the list of known hosts. Last login: Fri Apr 22 10:29:40 2016 from node1
同样的方法在node2用工具ssh-keygen生密钥对,拷贝公钥至node1,然后在验证ssh node1