ssh互信

一、以root用户登录，更改SSH的配置文件#vi /etc/ssh/sshd_config 

 RSAAuthentication yes # 启用 RSA 认证

 PubkeyAuthentication yes # 启用公钥私钥配对认证方式

 AuthorizedKeysFile .ssh/authorized_keys # 公钥文件路径

重启SSH服务： service sshd restart 

二、以无密码访问的用户执行如下命令建立公钥和私钥，提示输入时直接回车。

db1上的操作

[root@db1]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
72:bb:4f:1d:ef:57:d0:7f:5a:40:f2:63:cc:77:6c:86 root@db1

[root@db1]# scp 10.0.1.15:~/.ssh/id_rsa.pub ~/.ssh/15.pub

[root@db1]# cat ~/.ssh/15.pub >>~/.ssh/authorized_keys

db2上的操作

[root@db2 ~]# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa): 

Enter passphrase (empty for no passphrase): 

Enter same passphrase again: 

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

ef:03:60:28:17:70:cc:56:8d:0f:42:3c:53:b5:e2:af root@db2

[root@db2]# scp 10.0.1.14:~/.ssh/id_rsa.pub ~/.ssh/14.pub

[root@db2]# cat ~/.ssh/14.pub >>~/.ssh/authorized_keys

默认公钥文件/root/.ssh/id_rsa.pub
默认私钥文件/root/.ssh/id_rsa
.ssh文件夹如果不存在，需要手动创建，并将权限改为700

三、SSH无密码验证的原理：
Master作为客户端，要实现无密码公钥认证，连接到服务器Salve上时，需要在Master上生成一个密钥对，包括一个公钥和一个私钥，而后将公钥复制到所有的Salve上。当Master通过SSH链接到Salve上时，Salve会生成一个随机数并用Master的公钥对随机数进行加密，并发送给Master。Master收到加密数之后再用私钥解密，并将解密数回传给Salve，Salve确认解密数无误之后就允许Master进行连接了。这就是一个公钥认证过程，期间不需要手工输入密码，重要的过程是将Master上产生的公钥复制到Salve上。