Linux SSH免密登录配置

本文遵循BY-SA版权协议,转载请附上原文出处链接。


本文作者: 黑伴白

本文链接: http://heibanbai.com.cn/posts/f72607af/

Linux SSH免密登录配置

当构建集群环境时,经常要将集群间服务器配置免密登录,那么如何进行配置呢?

其实步骤非常检查,主要就两步,下面将进行具体的说明

生成密钥

每台服务器均如此操作,生成自己的密钥信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 如下执行命令 ssh-keygen -t rsa 三次回车即可 将默认在用户主目录下生成.ssh目录 其下存储相应的密钥信息
[heibanbai@heibanbai01 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/heibanbai/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/heibanbai/.ssh/id_rsa
Your public key has been saved in /home/heibanbai/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:gZFK2+RHlP0ev0uCHB2Tv7Xgu7oHb8IYdJbiDcvAtB8 heibanbai@heibanbai01
The key's randomart image is:
+---[RSA 3072]----+
| .o.o |
| . o+o . . |
| . *+.o .= |
| o o+.E =o+ |
| .S X..+. .|
| B =o oo.|
| * +.oo |
| . o *o |
| o*oo. |
+----[SHA256]-----+

复制密钥至集群其他服务器

每台服务器均如此操作,将自己的公钥信息复制到其他服务器

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# 复制公共密钥至服务器heibanbai02
[heibanbai@heibanbai01 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub heibanbai02
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/heibanbai/.ssh/id_rsa.pub"
The authenticity of host 'heibanbai02 (199.188.166.112)' can't be established.
ECDSA key fingerprint is SHA256:Iyb3BAJ4dTOImbJ33f8YiBX+4CIrYPBcBCOsfaraDCg.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Authorized users only. All activities may be monitored and reported.
heibanbai@heibanbai02's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'heibanbai02'"
and check to make sure that only the key(s) you wanted were added.

# 复制公共密钥至服务器heibanbai03
[heibanbai@heibanbai01 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub heibanbai03
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/heibanbai/.ssh/id_rsa.pub"
The authenticity of host 'heibanbai03 (199.188.166.113)' can't be established.
ECDSA key fingerprint is SHA256:Iyb3BAJ4dTOImbJ33f8YiBX+4CIrYPBcBCOsfaraDCg.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Authorized users only. All activities may be monitored and reported.
heibanbai@heibanbai03's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'heibanbai03'"
and check to make sure that only the key(s) you wanted were added.

设置本机登录本机免密

搭建集群环境时,若登录本机不免密可能会出现错误

如搭建hadoop集群,启动时将出现如下错误

1
2
3
4
5
[heibanbai@heibanbai01 ~]$ start-dfs.sh
Starting namenodes on [heibanbai01]
heibanbai01:
heibanbai01: Authorized users only. All activities may be monitored and reported.
heibanbai01: heibanbai@heibanbai01: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
1
2
3
# 将公钥追加到authorized_keys文件中即可
cd ~/.ssh
cat id_rsa.pub >> authorized_keys

验证

ssh 主机名或ip地址 直接登录到对应服务器,无需输入密码,则配置成功

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# ssh 主机名 直接登录无需密码
[heibanbai@heibanbai01 ~]$ ssh heibanbai02

Authorized users only. All activities may be monitored and reported.

Authorized users only. All activities may be monitored and reported.
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Tue Mar 5 18:54:00 2024 from 199.188.166.1

# ssh ip地址 直接登录无需密码
[heibanbai@heibanbai02 ~]$ ssh 199.188.166.113

Authorized users only. All activities may be monitored and reported.

Authorized users only. All activities may be monitored and reported.
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Tue Mar 5 18:54:53 2024 from 199.188.166.1

# ssh本机免密无需密码
[heibanbai@heibanbai01 ~]$ ssh heibanbai01

Authorized users only. All activities may be monitored and reported.

Authorized users only. All activities may be monitored and reported.
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Wed Mar 6 12:06:59 2024 from 127.0.0.1

蚂蚁🐜再小也是肉🥩!


Linux SSH免密登录配置
http://heibanbai.com.cn/posts/f72607af/
作者
黑伴白
发布于
2024年3月6日
许可协议

“您的支持,我的动力!觉得不错的话,给点打赏吧 ୧(๑•̀⌄•́๑)૭”

微信二维码

微信支付

支付宝二维码

支付宝支付