实现条件:node1:192.168.176.6 主机名称是node1.magedu.com;
node2:192.168.176.6 主机名称是node1.magedu.com;
实现目的:在节点node1上可以ssh 192.168.176.7 ssh node2 ;在节点node2上可以ssh 192.168.176.6 ssh node1
实现步骤:
[root@node1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 回车
Enter passphrase (empty for no passphrase): 回车,设置空密码
Enter same passphrase again:回车
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
77:7d:09:dc:9c:d5:dd:41:d3:66:3e:0b:e9:98:dc:32 root@node1.magedu.com
The key's randomart image is:
+--[ RSA 2048]----+
| .+B|
| . o @|
| o.B |
| +..o|
| S o * o.+|
| . E o o |
| o |
| |
| |
+-----------------+
(2)在node1上使用ssh-copy-id工具将/root/.ssh/id_rsa.pub.远程拷贝至node的~/.ssh/目录下
[root@node1 ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.176.7(node2) The authenticity of host '192.168.176.7 (192.168.176.7)' can't be established. RSA key fingerprint is da:6d:09:5a:86:fa:17:6b:e4:1d:2d:57:1e:cc:32:1b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.176.7' (RSA) to the list of known hosts. root@192.168.176.7's password: Now try logging into the machine, with "ssh 'root@192.168.176.7'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
(3)在node1验证ssh 192.168.176.7 ,然后在验证ssh node2
[root@node1 heartbeat]# ssh 192.168.176.7(node2) The authenticity of host 'node2 (192.168.176.7)' can't be established. RSA key fingerprint is da:6d:09:5a:86:fa:17:6b:e4:1d:2d:57:1e:cc:32:1b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'node2' (RSA) to the list of known hosts. Last login: Fri Apr 22 10:29:40 2016 from node1
以上在用node1去ssh控制node2时就不用输入密码了!直接连接成功!
同样的方法在node2用工具ssh-keygen生密钥对,拷贝公钥至node1,然后在验证ssh node1