有时候为了借助scp、rsync+crontab完成备份的自动化,需要配置ssh双机互信。
原理:在目标机器上,预先设置好经过认证的key文件,当需要访问目标机器时,目标机器通过key文件,对访问者进行自动认证,从而实现互信。
配置ssh互信的步骤如下,介绍要使用普通用户:
1.以要使用的用户登录,此操作在每个主机都要操作
[fengyan@node1 ~]$ mkdir .ssh
[fengyan@node1 ~]$ chmod 750 .ssh #此处需要属组具有的读、执行的权限,一半都认为配置城700权限(我之前也这样认为),但是root可以,普通用户不可以,至今未明白背后到底是什么样的机制
[fengyan@node1 ~]$ ssh-keygen -t rsa #不要密码
Generating public/private rsa key pair.
Enter file in which to save the key (/home/fengyan/.ssh/id_rsa): (回车)
Enter passphrase (empty for no passphrase): (回车)
Enter same passphrase again:(回车)
Your identification has been saved in /home/fengyan/.ssh/id_rsa.
Your public key has been saved in /home/fengyan/.ssh/id_rsa.pub.
The key fingerprint is:
89:56:d6:4a:b2:6c:4a:05:86:ae:cd:7d:80:dd:3c:f1 fengyan@node1
2.将各个主机的id_rsa.pub文件整合到一个文件authorized_keys
[fengyan@node1 ~]$cat /home/fengyan/.ssh/id_rsa.pub >> authorized_keys
[fengyan@node1 ~]$ssh 192.168.1.2 cat /home/fengyan/.ssh/id_rsa.pub >> authorized_keys
3.将authorized_keys文件分发到各个主机
[fengyan@node1 ~]$scp /home/fengyan/.ssh/authorized_keys fengyan@192.168.1.2:/home/fengyan/.ssh/
4.在设置authorized_keys权限为600
[fengyan@node1 ~]$chmod 600 ~/.ssh/authorized_keys
5.验证
[fengyan@node1 ~]$ssh 192.168.1.2 date
[fengyan@node2 ~]$ssh 192.168.1.1 date
如果不需要密码,直接可以看到结果,则配置成功。如果还未成功请参考博文ssh 信任关系建立以及排错思路,地址http://dadloveu.blog.51cto.com/715500/426337