先決條件
3 臺 CentOS 7
HOSTNAME | IP | ROLE |
---|---|---|
server1 | 10.8.26.197 | Master |
server2 | 10.8.26.196 | Slave1 |
server3 | 10.8.26.195 | Slave2 |
步驟
1. 用 root 用戶登錄。每臺服務器都生成公鑰,再合併到 authorized_keys。
2. CentOS 默認沒有啓動 ssh 無密登錄,去掉 /etc/ssh/sshd_config
其中 2 行的註釋,每臺服務器都要設置。
RSAAuthentication yes PubkeyAuthentication yes
3. 每臺服務器下都輸入命令 ssh-keygen -t rsa
,生成 key,一律不輸入密碼,直接回車,/root
就會生成 .ssh
文件夾。
4. 在 Master 服務器下,合併公鑰到 authorized_keys
文件,進入 /root/.ssh
目錄,通過 SSH 命令合併.
# cat id_rsa.pub>> authorized_keys # ssh [email protected] cat ~/.ssh/id_rsa.pub>> authorized_keys # ssh [email protected] cat ~/.ssh/id_rsa.pub>> authorized_keys
5. 把 Master 服務器的 authorized_keys
、known_hosts
複製到 Slave 服務器的
`/root/.ssh
目錄
# scp authorized_keys root@server2:/root/.ssh/ # scp authorized_keys root@server3:/root/.ssh/ # scp known_hosts root@server2:/root/.ssh/ # scp known_hosts root@server3:/root/.ssh/
6. 完成,ssh [email protected]
、ssh [email protected]
就不需要輸入密碼了。
7、如仍提示要輸入密碼,可能 是.ssh 目錄及其下文件權限問題:
出現下面命令
username@localhost ~ $ ssh localhost
The authenticity of host 'localhost
(::1)' can't be established.
RSA key fingerprint is 6e:6b:0f:2a:b8:91:3f:c8:f0:39:e4:df:b4:d8:16:6b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost
(::1)
' (RSA) to the list of known hosts.
username@localhost's password:
仍然讓我輸入密碼,這時應該修改一下.ssh的用戶和權限
- chown username: /home/username/.ssh
- chown username: /home/username/.ssh/*
- chmod 700 /home/username/.ssh
- chmod 600 /home/username/.ssh/*