SSH 无密码验证配置
2.1. 实验目标
完成本实验,您应该能够:
掌握 SSH 无密钥登录配置
2.2. 实验要求
熟悉 SSH 无密钥登录配置
2.3. 实验环境
本实验所需之主要资源环境如表 1-1 所示。 表 1-1 资源环境 服务器集群 3 个以上节点,节点间网络互通,各节点最低配置:双核 CPU、8GB 内存、100G 硬盘
运行环境 CentOS 7.4
服务和组件 完成前面章节的实验,其他服务根据实验需求安装
2.4. 实验过程
2.4.1. 实验任务一:生成 SSH 密钥
2.4.1.1.安装和启动 SSH 协议
实现 SSH 登录需要 openssh 和 rsync 两个服务,一般情况下默认已经安装,可以通过
下面命令查看结果。
[root@client ~]# rpm -qa | grep openssh
openssh-clients-7.4p1-16.el7.x86_64
openssh-7.4p1-16.el7.x86_64
openssh-server-7.4p1-16.el7.x86_64
[root@client ~]# rpm -qa | grep rsync
rsync-3.0.9-17.el7.x86_64
2.4.1.2. 生成秘钥对
[root@master yum.repos.d]# ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:a/VU3ZnrscDZNBSBRYajw+0mQZ+vfMpqIQWFGg6x9v8 root@master
The key's randomart image is:
+---[RSA 2048]----+
| .. o. =Bo|
| ... o . +o.+|
| oo o + + +=o|
| . .o *.=+ o|
| .S o =+.+ |
| .+ = oo.o|
| o.. * .o |
| . ...o . |
| .E.oo |
+----[SHA256]-----+
[root@client ~]# ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
1e:d8:5d:fe:c6:21:80:ae:e7:09:68:76:93:67:24:f0 root@client
The key's randomart image is:
+--[ RSA 2048]----+
| |
| . |
| . . . . |
| o + . + |
| E S . o . |
| . * . + . |
| + * = + |
| o . B . . |
| o |
+-----------------+
[root@client ~]#
2.4.1.4. 查看"/home/hadoop/"下是否有".ssh"文件夹,且".ssh"文件下是否有两 个刚生产的无密码密钥对
[root@master yum.repos.d]# cd
[root@master ~]# cd .ssh/
[root@master .ssh]# ls
id_rsa id_rsa.pub
2.4.1.5. 将 id_rsa.pub 追加到授权 key 文件中
[root@master .ssh]# cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[root@master .ssh]# ls
authorized_keys id_rsa id_rsa.pub
2.4.2. 实验任务二:交换 SSH 密钥
2.4.2.1. 将 Master 节点的公钥 id_rsa.pub 复制到client
[root@master .ssh]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.120.23 (192.168.120.23)' can't be established.
ECDSA key fingerprint is SHA256:r6CLnT1LPWkWxqAqCgR7agXF/L7XU+lXCtwFRx/MSzA.
ECDSA key fingerprint is MD5:05:f2:9e:2d:58:c6:ee:7f:49:d8:a5:22:39:7a:fa:cb.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[root@master .ssh]#
将 client节点的公钥 id_rsa.pub 复制到Master
[root@client .ssh]# ssh-copy-id [email protected]
The authenticity of host '192.168.120.22 (192.168.120.22)' can't be established.
ECDSA key fingerprint is 69:35:d1:43:3b:9a:90:7b:27:d1:85:a5:33:0f:d5:3b.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[root@master .ssh]# ls
authorized_keys id_rsa id_rsa.pub known_hosts
[root@client .ssh]# ls
authorized_keys id_rsa id_rsa.pub known_hosts
远程登陆成功
[root@master .ssh]# ssh [email protected]
Last login: Fri Feb 24 10:12:52 2023 from 192.168.120.1
[root@client ~]#
[root@client .ssh]# ssh [email protected]
Last login: Fri Feb 24 10:12:05 2023 from 192.168.120.1
[root@master ~]#