集羣情況:talos112(192.169.100.112) ,talos113(192.169.100.113) ,talos114(192.169.100.114) 三臺機器
操作目的:實現talos112機器到talos113,talos114的免密登陸訪問
操作環境:VMWARE15、CentOS-7-x86_64-Minimal-1804
操作步驟:
- root用戶登陸talos112機器,創建RSA公鑰文件
[root@talos112 ~]# cd .ssh
[root@talos112 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ZwGuBNh2xfx1vKfrDG59JMlSIJ3vH4t9yJzTzbSuQuk root@talos112
The key's randomart image is:
+---[RSA 2048]----+
| o. +o . o |
| . o...o.. = o |
| . .. ...o + . |
| . . .. + .|
| . S o .+ + |
| o o. *.o|
| o .=o@=|
| E.+O+B|
| .oo=+.|
+----[SHA256]-----+
[root@talos112 .ssh]# ls
id_rsa id_rsa.pub known_hosts
[root@talos112 .ssh]#
注:a. 首次安裝完的Centos虛擬機,可能沒有.ssh的文件夾,只要執行ssh localhost命令就可以;
b. ssh-keygen -t rsa 命令後面直接三次回車就可以
2. 將id_rsa.pub文件拷貝到192.168.100.113,192.168.100.114兩臺機器上
[root@talos112 .ssh]# scp id_rsa.pub 192.168.100.113:/root/.ssh/
The authenticity of host '192.168.100.113 (192.168.100.113)' can't be established.
ECDSA key fingerprint is SHA256:YAvwTFRMgGdj+jpDIojRJVUK7v2Yzn/rl70uhQciKtg.
ECDSA key fingerprint is MD5:46:d8:34:5c:f2:e5:db:20:fc:7c:17:59:1d:22:0d:b8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.113' (ECDSA) to the list of known hosts.
[email protected]'s password:
id_rsa.pub 100% 395 569.4KB/s 00:00
[root@talos112 .ssh]# scp id_rsa.pub 192.168.100.114:/root/.ssh/
The authenticity of host '192.168.100.114 (192.168.100.114)' can't be established.
ECDSA key fingerprint is SHA256:YAvwTFRMgGdj+jpDIojRJVUK7v2Yzn/rl70uhQciKtg.
ECDSA key fingerprint is MD5:46:d8:34:5c:f2:e5:db:20:fc:7c:17:59:1d:22:0d:b8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.114' (ECDSA) to the list of known hosts.
[email protected]'s password:
id_rsa.pub 100% 395 406.0KB/s 00:00
[root@talos112 .ssh]#
3. 分別登陸talos113(192.168.100.113)、talos114(192.168.100.114)兩臺機器,使用id_rsa.pub生成授權文件authorized_keys
[root@talos114 ~]# cd .ssh
[root@talos114 .ssh]# ls
id_rsa.pub known_hosts
[root@talos114 .ssh]# cat id_rsa.pub >> authorized_keys
[root@talos114 .ssh]#
4. 在talos102(192.168.100.112)驗證是否可以免密登陸talos113(192.168.100.113)和talos114(192.168.100.114)
[root@talos112 .ssh]# ssh 192.168.100.113
Last login: Thu Mar 26 23:30:16 2020 from localhost
[root@talos113 ~]#