ssh免密登陆

ssh免密登陆

1. 首先查看是否已经安装ssh

[hadoop@master ~]$ ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:SiumMD5+p3Fib9tDfzKS+hT2SC0h48RRNxKBpLvlO4E.
ECDSA key fingerprint is MD5:74:5b:c0:bf:20:50:96:75:ed:96:bc:a9:fa:27:b5:04.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
hadoop@localhost's password:
Last login: Tue Oct 20 22:46:13 2020 from 172.16.46.1

出现以上输出，证明ssh已经安装，如果没有，通过yum安装ssh。

yum install openssh-server -y

2. 进入用户的home目录

[hadoop@master ~]$ cd .ssh/
[hadoop@master .ssh]$ ls
known_hosts

初始只有一个文件，这个文件保存ssh链接的公钥。

3. 生成公钥和私钥

[hadoop@master .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:v3IhD8uicfkwoZpH0aB/riesR1rOwQBPxyYdk6WYMB4 hadoop@master
The key's randomart image is:
+---[RSA 2048]----+
|oE oo+.          |
|oo+oBo           |
| =o=.o           |
|  + . .          |
|   + .. S        |
|    B..oo..      |
|   Oo+=. =..     |
|  .oBo+++ o.     |
|  ++o= ..o.      |
+----[SHA256]-----+

一路回车，不需要任何输入。

出现上图显示的信息，再ls看一下目录下面的文件，可以看到生成了两个文件，分别存储公钥和私钥。

[hadoop@master .ssh]$ ls
id_rsa  id_rsa.pub  known_hosts

在需要免密登陆的所有机器上全部生成公钥和私钥。

4. 将公钥发送给其他机器

首先将本台机器的公钥放到authorized_keys文件中。

[hadoop@master .ssh]$ cat id_rsa.pub >>  authorized_keys
[hadoop@master .ssh]$ ls
authorized_keys  id_rsa  id_rsa.pub  known_hosts

然后将authorized_keys文件发送到下一台机器。

[hadoop@master .ssh]$ scp authorized_keys hadoop@slave1:~/.ssh/
The authenticity of host 'slave1 (172.16.46.158)' can't be established.
ECDSA key fingerprint is SHA256:CkPPCIlFCZ5ML7V1oYTUqFLrqDg2phWcahwvZMVyA18.
ECDSA key fingerprint is MD5:2d:1d:7f:b5:ca:f9:74:12:a8:7d:09:95:0d:99:aa:9f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave1,172.16.46.158' (ECDSA) to the list of known hosts.
hadoop@slave1's password:
authorized_keys                                                                      100%  395   395.3KB/s   00:00

机器接收到authorized_keys文件后，将自己的公钥添加到该文件中。

添加完成后发送到下一台机器。

所有机器执行完该操作，最终authorized_keys文件中保存的每台机器的公钥。

将最后生成的这一个文件替换掉每台机器的authorized_keys文件。

修改authorized_keys的权限为644:

chmod 644 authorized_keys

最终实现每台机器都可以免密登陆到其他的机器。

测试ssh免密登陆。

[hadoop@master ~]$ ssh hadoop@slave1
Last login: Tue Oct 20 23:44:53 2020 from master
[hadoop@slave1 ~]$

成功登陆到slave1机器。

ssh免密登陆设置成功