我们这里会有两种配置ssh免密登录的设置,第一种较为简单,几行代码即可完成;第二行虽然较为复杂但是可以帮助理解ssh的原理,具体使用哪一个来作为配置,可以看自己的选择

准备工作

实现SSH登录需要opensshrsync两个服务

查看是否安装openssh

[root@master ~]# rpm -qa | grep openssh

openssh-7.4p1-11.el7.x86_64
openssh-server-7.4p1-11.el7.x86_64
openssh-clients-7.4p1-11.el7.x86_64

查看是否安装rsync

[root@master ~]# rpm -qa | grep rsync
rsync-3.1.2-10.el7.x86_64

如果没有下载,可使用下面命令来进行下载

rpm -i openssh-2.1.1p4-1.i386.rpm # 下载openssh

yum -y install rsync # 下载rsync
直接命令行设置

命令:ssh-keygen -t rsa,连续回车四次
【Linux】配置ssh免密登录_ssh

使用命令将公钥分发到本机节点上:ssh-copy-id localhost

使用命令将公钥分发到slave1节点:ssh-copy-id slave

注:三个节点的公钥需要交互分发

复制文件来设置

生成密钥

我们在此只示范一个节点的安装过程,其他节点都是重复操作就不示范了

生成密钥对

ssh-keygen -t rsa -P ''
[root@master ~]# ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:WiHS79X6u98d1WUR9FfJ5n3bbQC5ebvHK6zcj4X8Gzw root@master
The key's randomart image is:
+---[RSA 2048]----+
|             .o++|
|     .      o  ++|
|    . o .    +o *|
|     . o . .o oo*|
|        S . .. oB|
|       + . .. +.=|
|      . . . .o E |
|          ...o=.B|
|           o=*+*=|
+----[SHA256]-----+

不需要操作,回车即可

查看/root下是否有".ssh"文件夹,且".ssh"文件下是否有两个刚生产的无密码密钥对。,因为我是使用root用户来配置的,所以在这目录下,若你使用的时其他用户,则需要在/home/User目录下寻找.ssh目录

[root@master .ssh]# pwd
/root/.ssh
[root@master .ssh]# ll
total 8
-rw-------. 1 root root 1675 Mar 16 16:02 id_rsa
-rw-r--r--. 1 root root  393 Mar 16 16:02 id_rsa.pub

id_rsa.pub追加到授权key文件中

cat id_rsa.pub >> authorized_keys

修改文件权限,若使用的时管理员用户则不需要

chmod 600 authorized_keys 

修改SSH 配置文件"/etc/ssh/sshd_config"的下列内容,需要将该配置字段前面的#号删除,启用公钥私钥配对认证方式。

PubkeyAuthentication yes

重启服务

systemctl restart sshd

尝试本机嵌套登录,如能不输入密码就表示本机通过密钥登陆验证成功

[root@master .ssh]# ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:Hr69gEn5JbaH3pZPvyJ9qhzyCzPYIyleYQyqA+vPz3U.
ECDSA key fingerprint is MD5:f6:f4:9e:7d:c5:b1:8f:68:db:a3:49:66:05:6e:e4:c4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
Last login: Wed Mar 16 15:41:55 2022 from 192.168.0.1

交换密钥

Master 节点的公钥id_rsa.pub 复制到每个 Slave点,注意不要复制到相同目录下,否则会直接覆盖,建议放到前一个目录

scp id_rsa.pub root@slave1:/root/
[root@master .ssh]# scp id_rsa.pub root@slave1:/root/
The authenticity of host 'slave1 (192.168.0.163)' can't be established.
ECDSA key fingerprint is SHA256:HCyXDBNPToF3n/6WgB/Sj8M9z3IHaGy8CRVTJY6YqQs.
ECDSA key fingerprint is MD5:2e:16:4d:94:00:05:ff:c5:8e:13:08:6a:6a:a9:02:f8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave1,192.168.0.163' (ECDSA) to the list of known hosts.
root@slave1's password: 
id_rsa.pub                                                                                                                                                                     100%  393   314.0KB/s   00:00    

在每个Slave点把 Master 节点复制的公钥复制到 authorized_keys文件

cat id_rsa.pub >> .ssh/authorized_keys

删除文件

rm -fr id_rsa.pub

slave1的公钥发送到master

scp .ssh/id_rsa.pub root@master:/root/
The authenticity of host 'master (192.168.0.162)' can't be established.
ECDSA key fingerprint is SHA256:Hr69gEn5JbaH3pZPvyJ9qhzyCzPYIyleYQyqA+vPz3U.
ECDSA key fingerprint is MD5:f6:f4:9e:7d:c5:b1:8f:68:db:a3:49:66:05:6e:e4:c4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'master,192.168.0.162' (ECDSA) to the list of known hosts.
root@master's password: 
id_rsa.pub                                                                                                                                                                     100%  393   493.3KB/s   00:00    

Master 节点把从 Slave 节点复制的公钥复制到 authorized_keys文件

cat id_rsa.pub >> .ssh/authorized_keys

删除文件

rm -fr id_rsa.pub

查看master节点的authorized_keys文件,可以发现有两个公钥

[root@master ~]# cat .ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIgiraYbUS+wal7gSzx/kpuZ+ZPnE1Tc+u1QVi25i3ZgoBTOFqjTv973xy3ueExn1udYGmhDDB+vXFxNs2AIgXZEoEpgZAz2kcAEJBjkXT0p8sYXgaliMMFNP8dwiJTCs/YIDol+KIIkIwa3WbQoVEc1zQH1+Xr1Rto1IgLXPRgXO3IMfmX7nqc2ZMdBt0OaPDf2NtBI3e/QDEa59f6J+ge4r8MPuc9C51MeU6NPr20A99Psy1Jbvrr7/Fb2pLxnfne50+4DYjsGPztOgHuQFWoAQ+LDUW6Xhbs5Ig8bUEHt1AILwyNwagJvcsGIvp3wOQt+HRHxJCoAjgPeFsFwJF root@master
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoPA9uCf/PmUgbpmbPF13VvIwJiSHqAVIpffylbk2g+mEJQMnLxmYv4AVsdc3Wjul2rUMoQh4RPeMFFFincrYFN88DA6SF0F9ZNQOy+6p7CWxLd24hrsn7J69Pab0HxIlMAng8zKjAxZKAOBWyih1nJzqf3UHNdAeZkoe8MbNf6jTXM67vGa0V0FUFU/GvX6st8fLDbROKB8kh1N2X/qLNFiDgxY3Vm1rgN4cDGhs/UqugOHgwnvUScUkjoDQyGn/vYfgHxThHoF+Dv57Xa+bjyUbMmIQYgH7xR/V25F3iU6no3P0LmWsVc4uTTZwdcsPpxMcAfDFL+u5cnivtKrdj root@slave1

这时可以从master节点来登录slave

[root@master ~]# ssh slave1
Last login: Tue Mar 15 12:18:56 2022 from ::1
[root@slave1 ~]#