SSH用户等价关系配置
最近装了两个linux虚拟机,准备搭建一个双机集群环境,由于两个机器需要经常的互相访问,今天配置双机的用户等价。所谓的用户等价,就是以一个用户从一台机器连接到另一个机器时不需要输入密码。其重要意义在于两边的程序可以直接访问另一台机器,不然每次都需要人工的交互,不能实现程序的自动化。
两台虚拟机使用的是red hat 5 enterprises操作系统,机器名为REDH5和REDH5-1。 两台机器的ssh都为ssh1.
1.在两台机器上分别执行下面的操作生成公钥和密钥对
=================================================================
[vince@REDH5 .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vince/.ssh/id_rsa): (此处直接回车)
Enter passphrase (empty for no passphrase): (此处直接回车)
Enter same passphrase again: ( 此处直接回车)
Your identification has been saved in /home/vince/.ssh/id_rsa.
Your public key has been saved in /home/vince/.ssh/id_rsa.pub.
The key fingerprint is:
97:b5:9f:d4:e6:b0:c9:9f:af:67:48:fd:fb:54:3b:8f vince@REDH5
[vince@REDH5 .ssh]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/vince/.ssh/id_dsa): (此处直接回车)
Enter passphrase (empty for no passphrase): (此处直接回车)
Enter same passphrase again: (此处直接回车)
Your identification has been saved in /home/vince/.ssh/id_dsa.
Your public key has been saved in /home/vince/.ssh/id_dsa.pub.
The key fingerprint is:
79:f6:43:d3:73:d8:1d:33:f8:5d:d2:c1:5e:db:64:77 vince@REDH5
[vince@REDH5 .ssh]$ cat *.pub > authorized_keys[vince@REDH5 .ssh]$ cd $HOME
[vince@REDH5 ~]$ mkdir .ssh[vince@REDH5 ~]$ chmod 700 .ssh
=====================================================================================
2.将两台机器上的authorized_keys合成一个文件
================================================================================
[vince@REDH5 .ssh]$ scp authorized_keys REDH5-1:/home/vince/.ssh/key_REDH5
The authenticity of host 'redh5-1 (192.168.2.117)' can't be established.
RSA key fingerprint is f7:58:b3:55:59:06:cb:92:4f:a9:87:64:c1:98:dc:f4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'redh5-1,192.168.2.117' (RSA) to the list of known hosts.
vince@redh5-1's password:
authorized_keys 100% 994 1.0KB/s 00:00(下面在REDH5-1机器上)
[vince@REDH5-1 .ssh]$ cat key_REDH5 >> authorized_keys
[vince@REDH5-1 .ssh]$ scp authorized_keys REDH5:/home/vince/.ssh/authorized_keys
The authenticity of host 'redh5 (192.168.2.115)' can't be established.
RSA key fingerprint is f7:58:b3:55:59:06:cb:92:4f:a9:87:64:c1:98:dc:f4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'redh5,192.168.2.115' (RSA) to the list of known hosts.
vince@redh5's password:
authorized_keys 100% 1992 2.0KB/s 00:00
[vince@REDH5-1 .ssh]$ chmod 644 authorized_keys #一定不要忘记,我在操作的时候忘了修稿文件的权限,弄了好久,不修改权限是不能联通的(下面在REDH5机器上)
[vince@REDH5 .ssh]$ chmod 644 authorized_keys
================================================================================
3. 测试联通
==================================================================================
[vince@REDH5 .ssh] ssh REDH5-1 #从REDH5登陆REDH5-1
[vince@REDH5-1 .ssh] ssh REDH5 #从REDH5-1登陆REDH5
==================================================================================
附录:本次配置的两个机器系统的ssh版本是一样的,在实际的操作中又可能两个系统的ssh版本不一样,一个是ssh1另一个是ssh2。这个时候需要对公钥进行转换
SSH1--->SSH2:
首先按照上面第一点的方法先生成公钥密钥对,下面对公钥进行转换:
ssh-keygen -e -f id_rsa.pub > id_rsa_177.pub #(id_rsa_177.pub这个名字可以随便起一个)
ssh **** #登陆SSH版本是2的机器
echo “Key id_rsa_177.pub” >> authorization
SSH2--->SSH1:
首先像SSH1同样的方法生成公钥密钥对(此处以id_rsa_2048和id_rsa_2048.pub为例)
echo “idKey id_rsa”>>identification
ssh ***** #登陆SSH版本是1的机器
ssh-keygen -i -f id_rsa_2048.pub > id_rsa_2048_1.pub
cat id_rsa_2048_42.pub >> authorized_keys
最后:要是前面操作感觉都没有什么问题,但是连接的时候还是需要输入密码,请注意检查authorized_keys文件的权限644!