频道栏目
首页 > 系统 > Linux > 正文

Centos7免密码SSH双向登录教程

2018-04-16 11:29:20      个评论    来源:友人A的博客  
收藏   我要投稿

服务器:

MasterIP:192.168.2.66

Slave1IP:192.168.2.10

Slave2 IP:192.168.2.18

一、首先实现单向Master可以免密码ssh登录slave1和slave2

1、三台服务器都需要修改/etc/ssh/sshd_config配置文件
[root@master ~]# vim /etc/ssh/sshd_config
将以下的注释符号(#)删除,这三个配置主要是允许公钥文件的RSA授权,授权文件为:~/.ssh/authorized_keys
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
wq保存退出,然后重启ssh服务
[root@master ~]# systemctl restart sshd.service 
2、到三台服务器的用户家目录检查是否存在.ssh,如果没有则需要手动创建。这里使用root用户演示
[root@master ~]# ll -a
total 60
dr-xr-x---.  7 root root 4096 Mar 19 17:17 .
dr-xr-xr-x. 20 root root 4096 Mar 19 17:12 ..
-rw-------.  1 root root 1138 Sep 12  2017 anaconda-ks.cfg
-rw-------.  1 root root   52 Mar 19 17:11 .bash_history
-rw-r--r--.  1 root root   18 Dec 29  2013 .bash_logout
-rw-r--r--   1 root root  201 Jan 16 18:54 .bash_profile
-rw-r--r--.  1 root root  176 Dec 29  2013 .bashrc
drwxr-xr-x.  3 root root 4096 Sep 12  2017 .cache
drwxr-xr-x.  3 root root 4096 Sep 12  2017 .config
-rw-r--r--.  1 root root  100 Dec 29  2013 .cshrc
drwxr-xr-x   2 root root 4096 Nov 14 17:14 .oracle_jre_usage
drwxr-----.  3 root root 4096 Sep 13  2017 .pki
drwx------.  2 root root 4096 Mar 19 15:50 .ssh
-rw-r--r--.  1 root root  129 Dec 29  2013 .tcshrc
-rw-------   1 root root  850 Mar 19 17:17 .viminfo
3、生成ssh公钥、私钥文件
[root@master ~]# cd .ssh/
[root@master .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:UXhkXi1bx/a3jrSoHYhu6C+vD2cWnd67rBjpQEiSk3w root@master
The key's randomart image is:
+---[RSA 2048]----+
|     o+ .. . |
|. o   .+... o +|
| * E  ... + o.|
| = .  ... .  o|
|  . . .So   o|
|  .  = o . . |
|   o.B o oo + |
|   oO.o o.oo . |
|  .oBB oo=.  |
+----[SHA256]-----+
无需输入任何信息,一路回车即可,生成完成后会在用户根路径下的ssh目录(cd ~/.ssh)发现:id_rsa、id_rsa.pub两个文件;
[root@master .ssh]# ll
total 8
-rw------- 1 root root    0 Mar 19 15:50 authorized_keys
-rw------- 1 root root 1675 Mar 19 17:26 id_rsa
-rw-r--r-- 1 root root  393 Mar 19 17:26 id_rsa.pub
4、ssh公钥追加到本机ssh验证文件:
[root@master .ssh]# cat id_rsa.pub >> authorized_keys 
5、将master的公钥追加至slave1服务器authorized_keys文件,slave2同理拷贝master公钥到authorized_keys。
[root@master ~]# cd .ssh/
[root@master .ssh]# scp id_rsa.pub root@192.168.2.10:~/.ssh/authorized_keys 
The authenticity of host '192.168.2.10 (192.168.2.10)' can't be established.
ECDSA key fingerprint is SHA256:ZTtQLCTg21cYLQ5iJa5LkC51xN6lKGxVyLRAxjXPUOw.
ECDSA key fingerprint is MD5:6d:5b:e9:d9:bd:12:64:06:c5:cc:a2:07:a6:99:96:3d.
Are you sure you want to continue connecting (yes/no) yes
Warning: Permanently added '192.168.2.10' (ECDSA) to the list of known hosts.
root@192.168.2.10's password: 
id_rsa.pub                                                                                                 100%  393     1.2MB/s   00:00  
6、测试可以登录
[root@master .ssh]# ssh 192.168.2.10
Last login: Mon Mar 19 21:07:28 2018 from 59.42.207.235
[root@slave1 ~]# 
[root@master .ssh]# ssh 192.168.2.18
Last login: Mon Mar 19 21:07:33 2018 from 113.109.21.73
[root@slave2 ~]# 
7、如果不可以登录,就需要检查文件,文件夹权限
[root@master ~]# chmod 700 .ssh
[root@master ~]# chmod 600 .ssh/authorized_keys 

二、双向登录,slave服务器也能登录master服务器

1、基本步骤跟上面的一致,只是拷贝slave服务器的公钥到master的时候,先分开命名,要不第二个就会覆盖第一个导致第一个无法登录
[root@slave1 .ssh]# scp id_rsa.pub root@192.168.2.66:~/.ssh/authorized_keys_slave1
root@192.168.2.66's password: 
id_rsa.pub                                                                                                 100%  393     0.4KB/s   00:00   
[root@slave2 .ssh]# scp id_rsa.pub root@192.168.2.66:~/.ssh/authorized_keys_slave2
The authenticity of host '192.168.2.66 (192.168.2.66)' can't be established.
ECDSA key fingerprint is b8:0f:8c:d2:9f:10:65:22:73:ea:ea:02:75:89:5d:98.
Are you sure you want to continue connecting (yes/no) yes
Warning: Permanently added '192.168.2.66' (ECDSA) to the list of known hosts.
root@192.168.2.66's password: 
id_rsa.pub                                                                                                 100%  393     0.4KB/s   00:00 
2、回到master服务器把authorized.keys_(slave1和slave2)文件追加为一个authorized.keys文件
[root@master .ssh]# ll
total 24
-rw------- 1 root root  393 Mar 19 17:29 authorized_keys
-rw-r--r-- 1 root root  393 Mar 19 21:30 authorized_keys_slave1
-rw-r--r-- 1 root root  393 Mar 19 21:32 authorized_keys_slave2
-rw------- 1 root root 1675 Mar 19 17:26 id_rsa
-rw-r--r-- 1 root root  393 Mar 19 17:26 id_rsa.pub
-rw-r--r-- 1 root root  348 Mar 19 21:21 known_hosts
[root@master .ssh]# cat authorized_keys_slave1 >> authorized_keys
[root@master .ssh]# cat authorized_keys_slave2 >> authorized_keys
合并之后可以删除authorized_keys_*文件
3、slave1和slave2测试登录master成功
[root@slave1 .ssh]# ssh 192.168.2.66
Last failed login: Mon Mar 19 21:32:10 CST 2018 from 192.168.2.10 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Mon Mar 19 21:28:38 2018 from 113.109.21.73
[root@master ~]# 
[root@slave2 .ssh]# ssh 192.168.2.66
Last login: Mon Mar 19 21:36:32 2018 from 192.168.2.10
[root@master ~]# 
上一篇:CentOS7联网初始化步骤教程
下一篇:CentOS 7安装Tomcat 7.0教程
相关文章
图文推荐

关于我们 | 联系我们 | 广告服务 | 投资合作 | 版权申明 | 在线帮助 | 网站地图 | 作品发布 | Vip技术培训 | 举报中心

版权所有: 红黑联盟--致力于做实用的IT技术学习网站