本节内容
一、环境设置
系统环境:CentOS7
1、关闭防火墙和selinux
#关闭selinux [root@s35 ~]# vim /etc/selinux/config 找到SELINUX并修改为SELINUX=disabled [root@s35 ~]# setenforce 0 #临时关闭selinux #关闭防火墙iptables [root@s35 ~]# service iptables stop #服务器重启后会失效 [root@s35 ~]# chkconfig iptables off #重启自动关闭防火墙 #CentOS7默认安装的防火墙是firewall [root@s35 ~]# firewall-cmd --state not running
2、修改ssh配置文件
[root@s35 ~]# vim /etc/ssh/sshd_config HostKey /etc/ssh/ssh_host_rsa_key AuthorizedKeysFile .ssh/authorized_keys #重启ssh服务 [root@s35 ~]# systemctl restart sshd
二、配置SSH互信
1、配置hosts文件
[root@s35 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.30.121 s21 192.168.30.122 s22 192.168.30.123 s23 192.168.30.131 s31 192.168.30.132 s32 192.168.30.135 s35 #复制hosts文件到各个节点,如: [root@s35 ~]# scp /etc/hosts root@s23:/etc/
2、各节点生成公钥和私钥对
[root@s21 .ssh]# ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa Generating public/private rsa key pair. Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:EVvt0wUwdn+xH/ziP9+6GvT8kn8vkPOkYoUteUdE9Cg root@s21 The key's randomart image is: +---[RSA 2048]----+ | . ..++=o | | + ..oo++| | o .Eo.=+| | . o.o =| | S +.+. o| | +.B+o. | | +.B+. | | o ..=+o| | . ...o*%| +----[SHA256]-----+
3、公钥写入同一个文件
#各节点发送公钥到说s35主机,如: [root@s21 .ssh]# scp /root/.ssh/id_rsa.pub root@s35:/root/.ssh/id_rsa_s21.pub [root@s22 .ssh]# scp /root/.ssh/id_rsa.pub root@s35:/root/.ssh/id_rsa_s22.pub ... #公钥内容导入认证文件 [root@s35 ~]# cd .ssh/ [root@s35 .ssh]# ll total 36 -rw-r--r-- 1 root root 390 Dec 12 17:29 authorized_keys -rw------- 1 root root 1679 Apr 25 17:34 id_rsa -rw-r--r-- 1 root root 390 Apr 25 17:34 id_rsa.pub -rw-r--r-- 1 root root 390 Apr 25 17:31 id_rsa_s21.pub -rw-r--r-- 1 root root 390 Apr 25 17:36 id_rsa_s22.pub -rw-r--r-- 1 root root 390 Apr 25 17:36 id_rsa_s23.pub -rw-r--r-- 1 root root 390 Apr 25 17:36 id_rsa_s31.pub -rw-r--r-- 1 root root 390 Apr 25 17:36 id_rsa_s32.pub -rw-r--r-- 1 root root 1795 Apr 25 17:03 known_hosts [root@s35 .ssh]# cat *.pub > authorized_keys
4、发送文件到各个节点
[root@s35 .ssh]# scp authorized_keys root@s21:/root/.ssh/ [root@s35 .ssh]# scp authorized_keys root@s22:/root/.ssh/ ... #为了方便,也可以拷贝known_hosts到各个主机 [root@s35 .ssh]# ssh s35 [root@s35 .ssh]# scp known_hosts root@s21:/root/.ssh/ [root@s35 .ssh]# scp known_hosts root@s22:/root/.ssh/
5、修改权限(必要时)
[root@s35 .ssh]# chmod 700 ~/.ssh [root@s35 .ssh]# chmod 600 ~/.ssh/authorized_keys
浙公网安备 33010602011771号