SSH用户等价关系配置

最近装了两个linux虚拟机,准备搭建一个双机集群环境,由于两个机器需要经常的互相访问,今天配置双机的用户等价。所谓的用户等价,就是以一个用户从一台机器连接到另一个机器时不需要输入密码。其重要意义在于两边的程序可以直接访问另一台机器,不然每次都需要人工的交互,不能实现程序的自动化。

两台虚拟机使用的是red hat 5 enterprises操作系统,机器名为REDH5和REDH5-1。 两台机器的ssh都为ssh1.

1.在两台机器上分别执行下面的操作生成公钥和密钥对

=================================================================

[vince@REDH5 .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vince/.ssh/id_rsa):    (此处直接回车)
Enter passphrase (empty for no passphrase):                          (此处直接回车)
Enter same passphrase again:                                            ( 此处直接回车)
Your identification has been saved in /home/vince/.ssh/id_rsa.
Your public key has been saved in /home/vince/.ssh/id_rsa.pub.
The key fingerprint is:
97:b5:9f:d4:e6:b0:c9:9f:af:67:48:fd:fb:54:3b:8f vince@REDH5
[vince@REDH5 .ssh]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/vince/.ssh/id_dsa): (此处直接回车)
Enter passphrase (empty for no passphrase): (此处直接回车)
Enter same passphrase again: (此处直接回车)
Your identification has been saved in /home/vince/.ssh/id_dsa.
Your public key has been saved in /home/vince/.ssh/id_dsa.pub.
The key fingerprint is:
79:f6:43:d3:73:d8:1d:33:f8:5d:d2:c1:5e:db:64:77 vince@REDH5
[vince@REDH5 .ssh]$ cat *.pub > authorized_keys

[vince@REDH5 .ssh]$ cd $HOME
[vince@REDH5 ~]$ mkdir .ssh

[vince@REDH5 ~]$ chmod 700 .ssh

=====================================================================================

2.将两台机器上的authorized_keys合成一个文件

================================================================================

[vince@REDH5 .ssh]$ scp authorized_keys REDH5-1:/home/vince/.ssh/key_REDH5
The authenticity of host 'redh5-1 (192.168.2.117)' can't be established.
RSA key fingerprint is f7:58:b3:55:59:06:cb:92:4f:a9:87:64:c1:98:dc:f4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'redh5-1,192.168.2.117' (RSA) to the list of known hosts.
vince@redh5-1's password:
authorized_keys                               100%  994     1.0KB/s   00:00   

(下面在REDH5-1机器上)

[vince@REDH5-1 .ssh]$ cat key_REDH5 >> authorized_keys
[vince@REDH5-1 .ssh]$ scp authorized_keys REDH5:/home/vince/.ssh/authorized_keys
The authenticity of host 'redh5 (192.168.2.115)' can't be established.
RSA key fingerprint is f7:58:b3:55:59:06:cb:92:4f:a9:87:64:c1:98:dc:f4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'redh5,192.168.2.115' (RSA) to the list of known hosts.
vince@redh5's password:
authorized_keys                               100% 1992     2.0KB/s   00:00   
[vince@REDH5-1 .ssh]$ chmod 644 authorized_keys                 #一定不要忘记,我在操作的时候忘了修稿文件的权限,弄了好久,不修改权限是不能联通的

(下面在REDH5机器上)

[vince@REDH5 .ssh]$ chmod 644 authorized_keys

================================================================================

3. 测试联通

==================================================================================

[vince@REDH5 .ssh] ssh REDH5-1               #从REDH5登陆REDH5-1   

[vince@REDH5-1 .ssh] ssh REDH5               #从REDH5-1登陆REDH5

==================================================================================

附录:本次配置的两个机器系统的ssh版本是一样的,在实际的操作中又可能两个系统的ssh版本不一样,一个是ssh1另一个是ssh2。这个时候需要对公钥进行转换

SSH1--->SSH2:

首先按照上面第一点的方法先生成公钥密钥对,下面对公钥进行转换:

ssh-keygen  -e  -f  id_rsa.pub > id_rsa_177.pub                     #(id_rsa_177.pub这个名字可以随便起一个)

ssh ****                                                                                #登陆SSH版本是2的机器

echo “Key id_rsa_177.pub” >> authorization

SSH2--->SSH1:

首先像SSH1同样的方法生成公钥密钥对(此处以id_rsa_2048和id_rsa_2048.pub为例)

echo “idKey id_rsa”>>identification

ssh *****                                                                              #登陆SSH版本是1的机器

ssh-keygen   -i  -f  id_rsa_2048.pub > id_rsa_2048_1.pub

cat id_rsa_2048_42.pub >> authorized_keys

最后:要是前面操作感觉都没有什么问题,但是连接的时候还是需要输入密码,请注意检查authorized_keys文件的权限644!

你可能感兴趣的:(虚拟机,linux,list,集群,ssh,File)