多台linux无密码访问之方法一

一：实验环境：

1.四台SLES 11 SP2 X86_64 最小化安装

2.其中主机名和IP对应关系如下

manager     192.168.78.11

node1       192.168.78.12

node2       192.168.78.13

node3       192.168.78.14

 

 

二：配置过程如下：

1.在manager的/etc/hosts下添加内容如下

192.168.78.11   manager

192.168.78.12   node1

192.168.78.13   node2

192.168.78.14   node3

 

2.生成无私钥密码的密钥对

manager:~ # ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key(/root/.ssh/id_rsa):                //直接Enter键

Created directory '/root/.ssh'.

Enter passphrase (empty for no passphrase):                            //直接Enter键

Enter same passphrase again:                                           //直接Enter键

Your identification has been saved in/root/.ssh/id_rsa.

Your public key has been saved in/root/.ssh/id_rsa.pub.

The key fingerprint is:

c2:e9:a3:48:a5:57:3c:64:a8:b6:17:71:ff:93:4d:2froot@manager

The key's randomart image is:

+--[ RSA 2048]----+

|                 |

|    .           |

|   o +          |

|   .B o         |

|  oo B S   .    |

| . + + o . + .   |

|  +o o   + E .  |

| . + . .  . .   |

|  ..            |

+-----------------+

manager:~ #

 

3.生成认证文件authorized_keys并设置相应权限

manager:~ # cd .ssh/

manager:~/.ssh # ls

id_rsa id_rsa.pub

manager:~/.ssh # cp id_rsa.pub authorized_keys

manager:~/.ssh # chmod 600 authorized_keys

manager:~/.ssh # ls -l

total 12

-rw------- 1 root root  394 Dec 11 05:13 authorized_keys

-rw------- 1 root root 1675 Dec 11 05:12id_rsa

-rw-r--r-- 1 root root  394 Dec 11 05:12 id_rsa.pub

manager:~/.ssh #

 

4.复制/root/.ssh目录到node1,node2,node3的root目录下,复制可通过创建一个脚本，比如名为rep.sh,内容如下,并执行此脚本

#!/bin/bash

for i in `seq 1 3`                          //1和3根据实际情况调整

do

expect <<EOF

    set timeout -1

    spawn scp -r /root/.ssh node$i:/root/                

    expect "(yes/no)"

    send "yes\r"

    expect "Password:"

    send "111111\r"                   

    expect eof

EOF

done

 

注：第一次是基于口令的认证，所以要输入密码

 

5.复制/etc/hosts文件到node1,node2,node3的/etc目录下

manager:~ # for i in `seq 1 3`; do scp /etc/hosts node$i:/etc/ ; done

 

6.ssh访问本机（以便添加manager到.ssh/known_hosts文件下）

manager:~ # ssh manager

The authenticity of host 'manager(192.168.78.11)' can't be established.

RSA key fingerprint ise6:74:87:2c:5e:71:30:c8:ae:9d:87:d4:54:05:d0:22.

Are you sure you want to continueconnecting (yes/no)? yes

Warning: Permanently added'manager,192.168.78.11' (RSA) to the list of known hosts.

Last login: Thu Dec 11 05:06:27 2014 from192.168.78.1

manager:~ #

 

7.复制.ssh/known_hosts文件到node1,node2,node3的/root/.ssh/目录下

manager:~ # for i in `seq 1 3`; do scp /root/.ssh/known_hosts node$i:/root/.ssh/ ; done

 

至此配置完成

 

 

三：检验配置是否成功

1.随便选择一台机器比如node3,分别访问manager,node1,node2

node3:~ # ssh manager

Last login: Thu Dec 11 05:20:52 2014 frommanager              //无密码登录manager成功

manager:~ # exit                                              //退出到manager的连接

logout

Connection to manager closed.

node3:~ # ssh node1

Last login: Mon Sep 29 23:24:13 2014

linux-x4xj:~ # exit

logout

Connection to node1 closed.

node3:~ # ssh node2

Last login: Mon Sep 29 23:24:28 2014

linux-hmae:~ # exit

logout

Connection to node2 closed.

node3:~ #

 

由以上可知配置成功，node1,node2节点测试同上

 

#############################################################################

注意事项：

 

1.如果要重装某个节点比如重装node2，要按顺序执行下面4步

◆在重装node2之前需要先备份/etc/下的ssh目录

◆重装完成后，首先把/etc目录下的ssh目录替换为备份的ssh目录并重启ssh服务

◆然后从manager,node1或node3上复制.ssh目录到node2的/root目录下

◆最后复制hosts文件到node2的/etc目录下

 

2.普通用户的操作

◆生成无私钥密码的密钥对（操作同root）

◆生成认证文件authorized_keys并设置相应权限（操作同root）

◆ssh访问本机（以便添加manager到.ssh/known_hosts文件下）

◆创建一个脚本，比如名为test.sh,内容如下,并执行此脚本

#!/bin/bash

for i in `seq 1 3`                           //1和3根据实际情况调整

do

expect <<EOF

set timeout -1

spawn ssh node$i date                

expect "(yes/no)"

send "yes\r"

expect eof

EOF

done

至此普通用户配置完毕

#############################################################################

本文出自 “永不止步” 博客，谢绝转载！