SSH无密码验证配置
SSH无密码验证配置
rpm –qa | grep openssh
rpm –qa | grep rsync
yum install ssh 安装SSH协议
yum install rsync (rsync是一个远程数据同步工具,可通过LAN/WAN快速同步多台主机间的文件)
service sshd restart 启动服务
yum install openssh-clients
(1)Master服务里面
mkdir ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa<附加>
cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys<附加>
chmod 600 ~/.ssh/authorized_keys
scp -r ~/.ssh/id_dsa.pub root@192.168.10.131:~/
(2)getenforce
(3) setenforce 0
setenforce是Linux的selinux防火墙配置命令 执行setenforce 0 表示关闭selinux防火墙。
(4) cat authorized_keys
查看密钥(公钥)文件
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvkjaXFbQ7BCLhvSvs3FQbEqy/kpDMATaeAgOReZY/rghgEZp5GphyjbEtUp2zdgDqCSjAaB1Ww0jUzn2v4IRpo+e92hCk+a
+oq6PoZsncS9nw1fOUQl6b5dsH5PpIJ37PnVOjUHXUzdrz1wcKiB/00PSZcihmUEoZ1Drh6Zgg31QT6sOWTKcL5hUpsmmYZTnz5TxYdOuw4D9PN/fEFsq7KvLefEPNsuoazjGQmZaklAnIEqSN9mB0LDzRjYz
DyD0OVb0Yc3IXCdteZxHCR6EbM1eHUIBBjQU//mNHBYe3LLSw4DpoHPTzedI2HfMIgYaPfUccJcmy85qdK8VZ9gUsw== root@hadoop1
(5) vi /etc/sysconfig/selinux
编辑selinux文件
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
为
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
(6)192.168.10.131 root/.ssh/authorized_keys
与 192.168.10.130 root/.ssh/authorized_keys
2个文件完全一致
[root@localhost ~]# systemctl start sshd.service
[root@localhost ~]# systemctl stop sshd.service
[root@localhost ~]# systemctl restart sshd.service
在 Salve1端执行
cat ~/id_dsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
systemctl restart sshd.service
(7)重启防火墙
/etc/init.d/iptables status
service iptables stop