互信免密登錄（免yes交互）

多臺主機之間建立互信

• 免yes交互設置

  [root@node2 ~]# grep -v '^#' /etc/ssh/ssh_config  | grep -v '^$'
     StrictHostKeyChecking no
  

• 互信免密登錄

ssh建立互信的方法，多臺機器時和兩臺機器性質是一樣的，只需要把所有機器上生成密鑰，將所有機器的公鑰追加到一臺機器的authorized_keys文件中，然後將該文件拷貝到每臺機器的/root/.ssh/目錄下。

1：首先查看下ssh對應的版本，/etc/hosts文件配置對應的解析關係
[root@node1 openssh]# rpm -qa|grep openssh
openssh-askpass-7.4p1-1.x86_64
openssh-debuginfo-7.4p1-1.x86_64
openssh-askpass-gnome-7.4p1-1.x86_64
openssh-server-7.4p1-1.x86_64
openssh-clients-7.4p1-1.x86_64
openssh-7.4p1-1.x86_64
---------------------------------------------
[root@node2 ~]# rpm -qa|grep openssh
openssh-debuginfo-7.4p1-1.x86_64
openssh-askpass-gnome-7.4p1-1.x86_64
openssh-askpass-7.4p1-1.x86_64
openssh-clients-7.4p1-1.x86_64
openssh-7.4p1-1.x86_64
openssh-server-7.4p1-1.x86_64
-------------------------------------
[root@node1 openssh]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.8.44	node1
192.168.8.66	node2
----------------------------------------
[root@node2 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.8.44	node1
192.168.8.66	node2

2：在兩臺機器上分別生成相應的公鑰私鑰，輸入ssh-keygen命令後，按3次回車生成
[root@node1 openssh]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xpJgImoMDGG1xvF17CsuIu...7WsAoGV0 root@node1
The key's randomart image is:
+---[RSA 2048]----+
|oo.oE  ...       |
|+...+ . ..       |
|+.o+o.  .        |
|+++o . o .       |
|++ o  o S .      |
|o   .. + .       |
|     .+.* .      |
| o .o= =++ .     |
|o.oo+.+..+=o     |
+----[SHA256]-----+
---------------------------------------------
[root@node2 ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:JIzEAU5aPBOwFLN3rAEYBdPhtzb6zom8iS14DOXT4/A root@node2
The key's randomart image is:
+---[RSA 2048]----+
|*%O=o.           |
|oOO.oo           |
|o.o=ooo .        |
|  o.+. o         |
| o o+   S        |
|. +oo.           |
|.o.= .           |
|o+o=E.           |
|.o*o=            |
+----[SHA256]-----+

3：將兩臺機器的公鑰存放到一個名爲authorized_keys的文件中，並保證兩臺文件對應的/root/.ssh目錄中都有該文件

在node1上操作
[root@node1 openssh]# cd /root/.ssh/

[root@node1 .ssh]# ls
id_rsa  id_rsa.pub  known_hosts

[root@node1 .ssh]# cat id_rsa.pub >> authorized_keys

[root@node1 .ssh]# scp authorized_keys node2:/root/.ssh/
The authenticity of host 'node2 (192.168.8.66)' can't be established.
ECDSA key fingerprint is SHA256:ALfsRPlzsxgkO13aVSB03VGxBxcEPS+TJ6Dg5aDYRT8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2,192.168.8.66' (ECDSA) to the list of known hosts.
root@node2's password: 
authorized_keys                                                       100%  392   304.2KB/s   00:00    
[root@node1 .ssh]#
---------------------------------------------
在node2上操作
[root@node2 ~]# cd .ssh/

[root@node2 .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub  known_hosts

[root@node2 .ssh]# cat id_rsa.pub >> authorized_keys 

[root@node2 .ssh]# scp authorized_keys node1:/root/.ssh/
root@node1's password: 
authorized_keys                                                                     100%  784   612.6KB/s   00:00    
[root@node2 .ssh]#

4：進行ssh免密登陸驗證
node2節點進行驗證
[root@node2 .ssh]# ssh node1
Last login: Sat Oct  1 23:52:10 2016 from ::1
[root@node1 ~]# logout
Connection to node1 closed.
[root@node2 .ssh]# ssh node2
The authenticity of host 'node2 (192.168.8.66)' can't be established.
ECDSA key fingerprint is SHA256:ALfsRPlzsxgkO13aVSB03VGxBxcEPS+TJ6Dg5aDYRT8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2,192.168.8.66' (ECDSA) to the list of known hosts.
Last login: Wed Nov 21 20:47:29 2018 from 192.168.8.1
[root@node2 ~]# logout
Connection to node2 closed.
[root@node2 .ssh]# ssh node1
Last login: Sat Oct  1 23:59:50 2016 from 192.168.8.66
[root@node1 ~]# logout
Connection to node1 closed.
[root@node2 .ssh]# ssh node2
Last login: Wed Nov 21 20:58:28 2018 from 192.168.8.66
[root@node2 ~]# logout
Connection to node2 closed.
----------------------------------------------------------
node1節點進行驗證
[root@node1 .ssh]# ssh node1
Last login: Sun Oct  2 00:01:08 2016 from 192.168.8.66
[root@node1 ~]# logout
Connection to node1 closed.
[root@node1 .ssh]# ssh node2
Last login: Wed Nov 21 20:59:41 2018 from 192.168.8.66
[root@node2 ~]# logout
Connection to node2 closed.
[root@node1 .ssh]#