linux ssh 免密登录

概述

大数据测试环境搭建时,经常会用到 ssh 免密登录 ,方便机器之间分发文件,从一个机器上登录至其它机器也方便

如何配置 linuxssh 免密登录?

非免密登录

端口是22

[root@KS8P-Test-K8S06 ~]# ssh KS8P-Test-K8S06

端口非22

[root@KS8P-Test-K8S05 ~]# ssh KS8P-Test-K8S05
ssh: connect to host ks8p-test-k8s05 port 22: Connection refused
[root@KS8P-Test-K8S05 ~]# ssh -p 42222 KS8P-Test-K8S05
The authenticity of host '[ks8p-test-k8s05]:42222 ([10.32.36.135]:42222)' can't be established.
ECDSA key fingerprint is SHA256:3/rSIOAKmq3TJ7ITPY4GBMmXn6Vf+AoJs6o2XB4Rv1A.
ECDSA key fingerprint is MD5:51:32:d3:ac:f1:99:b2:4e:73:c9:66:47:21:b6:94:e7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[ks8p-test-k8s05]:42222,[10.32.36.135]:42222' (ECDSA) to the list of known hosts.
root@ks8p-test-k8s05's password: 
Last login: Wed Oct 14 15:01:05 2020 from 10.35.233.99

免密登录配置

生成密钥

连续回车一直到结束

[root@KS8P-Test-K8S05 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:0rtkCNXKmFhQ3PCMv1KHp7D6Bbw3lvbw+dvth4b/4bU root@KS8P-Test-K8S05
The key's randomart image is:
+---[RSA 2048]----+
|  .ooo           |
|   ..+..         |
|    o + .        |
|   + * +         |
|  . B B S        |
|     B O .       |
|    + % +    . o.|
|   . * B o ...+ =|
|  ...   =.o..++E.|
+----[SHA256]-----+

执行以后会在~/.ssh目录下产生对应的公钥密钥文件

[root@KS8P-Test-K8S05 ~]# ll ~/.ssh
总用量 16
-rw-------. 1 root root  399 1030 2019 authorized_keys
-rw-------  1 root root 1679 1014 15:28 id_rsa
-rw-r--r--  1 root root  402 1014 15:28 id_rsa.pub
-rw-r--r--  1 root root  206 1014 15:24 known_hosts

本机上登录自己

[root@KS8P-Test-K8S05 ~]# cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[root@KS8P-Test-K8S05 ~]# ssh -p 42222 KS8P-Test-K8S05 
Last login: Wed Oct 14 15:47:43 2020 from 10.35.233.99

配置/etc/hosts

先配置/etc/hosts
因为需要在主节点远程连接两个从节点,所以需要让主节点能够识别从节点主机名,使用主机名远程访问,默认情况下只能使用ip远程访问,想要使用主机名远程访问的话,需要在节点的/etc/hosts文件中配置对应机器的ip主机名信息

所以在这里需要在KS8P-Test-K8S06的/etc/hosts文件中配置下面信息,最好将当前节点信息也配置到里面,这样这个文件中的内容就通用了,可以直接拷贝到另外两个从节点

[root@bigdata01 ~]# vi /etc/hosts
10.32.45.147  KS8U-Test-K8S06 
10.32.36.135  KS8P-Test-K8S05 
10.32.36.134  KS8P-Test-K8S04 

有了以上配置,在KS8U-Test-K8S06 上执行下面命令,将公钥拷贝到两个节点
注意: 对于非22端口 要写成

scp -P 42222  ~/.ssh/authorized_keys KS8P-Test-K8S05:~/

分发,将公钥拷贝到需要免密登录的机器上

root@KS8U-Test-K8S06 hadoop-3.2.0]# scp -P 42222  ~/.ssh/authorized_keys KS8P-Test-K8S05:~/
The authenticity of host '[ks8p-test-k8s05]:42222 ([10.32.36.135]:42222)' can't be established.
ECDSA key fingerprint is SHA256:3/rSIOAKmq3TJ7ITPY4GBMmXn6Vf+AoJs6o2XB4Rv1A.
ECDSA key fingerprint is MD5:51:32:d3:ac:f1:99:b2:4e:73:c9:66:47:21:b6:94:e7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[ks8p-test-k8s05]:42222,[10.32.36.135]:42222' (ECDSA) to the list of known hosts.
root@ks8p-test-k8s05's password: 
authorized_keys  

后分别在KS8U-Test-K8S04KS8U-Test-K8S05上操作

[root@KS8P-Test-K8S05 ~]# cat ~/authorized_keys  >> ~/.ssh/authorized_keys

[root@KS8P-Test-K8S04 ~]# cat ~/authorized_keys  >> ~/.ssh/authorized_keys

测试

[root@KS8U-Test-K8S06 hadoop-3.2.0]# ssh -p 42222 KS8P-Test-K8S04
Last login: Thu Oct 15 00:19:08 2020 from 10.32.45.147
[root@KS8P-Test-K8S04 ~]# 

[root@KS8U-Test-K8S06 hadoop-3.2.0]# ssh -p 42222 KS8P-Test-K8S05
Last login: Wed Oct 14 15:49:49 2020 from 10.32.36.135
[root@KS8P-Test-K8S05 ~]# 

结束

ssh免密登录至此结束

你可能感兴趣的:(linux,ssh,运维)