Cenots 7.9 配置多台 SSH 互信登陆免密码

一、先决条件

环境四台主机 IP 还有 SSH 端口提前准备放行

192.168.70.18 MES01

192.168.70.19 MES02

192.168.74.14 MESDATA01

192.168.74.15 MESDATA02

二、1. 修改hosts信息 [root@localhost ~]# vi /etc/host

注意：四台主机都要添加

192.168.70.18 node1

192.168.70.19 node2

192.168.71.14 node3

192.168.71.15 node4

三、在四台主机上分别生成秘钥 [root@localhost ~]# ssh-keygen -t rsa

192.168.70.18

The key fingerprint is:

SHA256:UwXbMELZed1HV0IS1EoCs8qEVaGuMcR/MtCSvhOvayM root@localhost.localdomain

The key's randomart image is:

+---[RSA 3072]----+

| .oB=++==oo=|

| o ..++*o.o.+|

| . o . o+.. .|

| . o + . . . |

| * + + S |

| ..= + . |

| .o= . |

|E +..+ |

| o+= |

+----[SHA256]-----+

192.168.70.19

The key fingerprint is:

SHA256:vOBBts4L68kfAouysgZuNkjUDw61ho3CT3VZrGbQznI root@localhost.localdomain

The key's randomart image is:

+---[RSA 3072]----+

| ....+. |

| o ..o . |

|. * o * . |

|.* B + E |

|o * o O S |

|.o + = o . |

|B . o = . |

|+B . = o |

|B...=.o |

+----[SHA256]-----+

192.168.71.14

The key fingerprint is:

SHA256:WciF2IYFZx/Xg/HdVsnbbh/45SVZ941ioTYMtU8Ub9Q root@localhost.localdomain

The key's randomart image is:

+---[RSA 3072]----+

| .*+.o o=. o|

| o+++.oo.E+o|

| .o o+ ..*|

| oo. + o+|

| .S= o ..=+|

| . * o.+.B|

| o + ..+=|

| . .o|

| |

+----[SHA256]-----+

192.168.71.15

The key fingerprint is:

SHA256:5m93MaIDML/NNrWWBI9kAJa6EvmU2N/HHSpOCOULapg root@localhost.localdomain

The key's randomart image is:

+---[RSA 3072]----+

| oo |

| .. . . |

| + o + |

| + = o o = . |

| + = *SB O . |

| . E +o= O B o |

| . . .B = + o |

| ..O = . |

| o.= . |

+----[SHA256]-----+

四、四台linux 主机进行分发秘钥

192.168.70.18 node1

root@localhost \~\]# ssh-copy-id -i /root/.ssh/id_rsa.pub node2 \[root@localhost \~\]# ssh-copy-id -i /root/.ssh/id_rsa.pub node3 \[root@localhost \~\]# ssh-copy-id -i /root/.ssh/id_rsa.pub node4 192.168.70.19 node2 \[root@localhost \~\]# ssh-copy-id -i /root/.ssh/id_rsa.pub node1 \[root@localhost \~\]# ssh-copy-id -i /root/.ssh/id_rsa.pub node3 \[root@localhost \~\]# ssh-copy-id -i /root/.ssh/id_rsa.pub node4 192.168.71.14 node3 \[root@localhost \~\]# ssh-copy-id -i /root/.ssh/id_rsa.pub node1 \[root@localhost \~\]# ssh-copy-id -i /root/.ssh/id_rsa.pub node2 \[root@localhost \~\]# ssh-copy-id -i /root/.ssh/id_rsa.pub node4 192.168.71.15 node4 \[root@localhost \~\]# ssh-copy-id -i /root/.ssh/id_rsa.pub node1 \[root@localhost \~\]# ssh-copy-id -i /root/.ssh/id_rsa.pub node2 \[root@localhost \~\]# ssh-copy-id -i /root/.ssh/id_rsa.pub node3 出现这样就代表分配正常 ------------------------------------------------------------------------------------------------------------------------ \[root@localhost \~\]# ssh-copy-id -i /root/.ssh/id_rsa.pub node4 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'node4 (10.105.70.19)' can't be established. ED25519 key fingerprint is SHA256:GmU7LMq6+ayFTisN0UlmO6LV/xtkLsZ0GynnmG79Knw. This key is not known by any other names Are you sure you want to continue connecting (yes/no/\[fingerprint\])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@node4's password: -----这里注意需要输入分配放 root 的密码，每个密码不一样 ------------------------------------------------------------------------------------------------------------------------ Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'node4'" and check to make sure that only the key(s) you wanted were added. ------------------------------------------------------------------------------------------------------------------------ 五、测试---结果是免输密码就正常了 在 192.168.70.18 MES01 ssh root@192.168.70.19/ 71.14/71.15 在 192.168.70.19 MES02 ssh root@192.168.70.18/ 71.14/71.15 在 192.168.71.14 MESDATA01 ssh root@192.168.70.18/19 /71.15 在 192.168.71.15 MESDATA02 ssh root@192.168.70.18/19 /71.14