Cenots 7.9 配置多台 SSH 互信登陆免密码

一、先决条件

环境四台主机 IP 还有 SSH 端口提前准备放行

192.168.70.18 MES01

192.168.70.19 MES02

192.168.74.14 MESDATA01

192.168.74.15 MESDATA02

二、1. 修改hosts信息 $root@localhost \~$ # vi /etc/host

注意：四台主机都要添加

192.168.70.18 node1

192.168.70.19 node2

192.168.71.14 node3

192.168.71.15 node4

三、在四台主机上分别生成秘钥 $root@localhost \~$ # ssh-keygen -t rsa

192.168.70.18

The key fingerprint is:

SHA256:UwXbMELZed1HV0IS1EoCs8qEVaGuMcR/MtCSvhOvayM root@localhost.localdomain

The key's randomart image is:

+--- $RSA 3072$ ----+

| .oB=++==oo=|

| o ..++*o.o.+|

| . o . o+.. .|

| . o + . . . |

| * + + S |

| ..= + . |

| .o= . |

|E +..+ |

| o+= |

+---- $SHA256$ -----+

192.168.70.19

The key fingerprint is:

SHA256:vOBBts4L68kfAouysgZuNkjUDw61ho3CT3VZrGbQznI root@localhost.localdomain

The key's randomart image is:

+--- $RSA 3072$ ----+

| ....+. |

| o ..o . |

|. * o * . |

|.* B + E |

|o * o O S |

|.o + = o . |

|B . o = . |

|+B . = o |

|B...=.o |

+---- $SHA256$ -----+

192.168.71.14

The key fingerprint is:

SHA256:WciF2IYFZx/Xg/HdVsnbbh/45SVZ941ioTYMtU8Ub9Q root@localhost.localdomain

The key's randomart image is:

+--- $RSA 3072$ ----+

| .*+.o o=. o|

| o+++.oo.E+o|

| .o o+ ..*|

| oo. + o+|

| .S= o ..=+|

| . * o.+.B|

| o + ..+=|

| . .o|

| |

+---- $SHA256$ -----+

192.168.71.15

The key fingerprint is:

SHA256:5m93MaIDML/NNrWWBI9kAJa6EvmU2N/HHSpOCOULapg root@localhost.localdomain

The key's randomart image is:

+--- $RSA 3072$ ----+

| oo |

| .. . . |

| + o + |

| + = o o = . |

| + = *SB O . |

| . E +o= O B o |

| . . .B = + o |

| ..O = . |

| o.= . |

+---- $SHA256$ -----+

四、四台linux 主机进行分发秘钥

192.168.70.18 node1

$root@localhost \~$ # ssh-copy-id -i /root/.ssh/id_rsa.pub node2

$root@localhost \~$ # ssh-copy-id -i /root/.ssh/id_rsa.pub node3

$root@localhost \~$ # ssh-copy-id -i /root/.ssh/id_rsa.pub node4

192.168.70.19 node2

$root@localhost \~$ # ssh-copy-id -i /root/.ssh/id_rsa.pub node1

$root@localhost \~$ # ssh-copy-id -i /root/.ssh/id_rsa.pub node3

$root@localhost \~$ # ssh-copy-id -i /root/.ssh/id_rsa.pub node4

192.168.71.14 node3

$root@localhost \~$ # ssh-copy-id -i /root/.ssh/id_rsa.pub node1

$root@localhost \~$ # ssh-copy-id -i /root/.ssh/id_rsa.pub node2

$root@localhost \~$ # ssh-copy-id -i /root/.ssh/id_rsa.pub node4

192.168.71.15 node4

$root@localhost \~$ # ssh-copy-id -i /root/.ssh/id_rsa.pub node1

$root@localhost \~$ # ssh-copy-id -i /root/.ssh/id_rsa.pub node2

$root@localhost \~$ # ssh-copy-id -i /root/.ssh/id_rsa.pub node3

出现这样就代表分配正常

$root@localhost \~$ # ssh-copy-id -i /root/.ssh/id_rsa.pub node4

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"

The authenticity of host 'node4 (10.105.70.19)' can't be established.

ED25519 key fingerprint is SHA256:GmU7LMq6+ayFTisN0UlmO6LV/xtkLsZ0GynnmG79Knw.

This key is not known by any other names

Are you sure you want to continue connecting (yes/no/ $fingerprint$ )? yes

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

root@node4's password: -----这里注意需要输入分配放 root 的密码，每个密码不一样

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'node4'"

and check to make sure that only the key(s) you wanted were added.

五、测试---结果是免输密码就正常了

在 192.168.70.18 MES01 ssh root@192.168.70.19/ 71.14/71.15

在 192.168.70.19 MES02 ssh root@192.168.70.18/ 71.14/71.15

在 192.168.71.14 MESDATA01 ssh root@192.168.70.18/19 /71.15

在 192.168.71.15 MESDATA02 ssh root@192.168.70.18/19 /71.14