1、测试主机配置信息:
|
192.168.100.236 db06.chavin.king db06 192.168.100.237 db07.chavin.king db07 |
2、创建测试用户:
|
groupadd chavin useradd -g chavin chavin echo “chavin” | passwd --stdin chavin |
3、确认安装了ssh工具,否则安装ssh工具:
|
[root@db06 ~]# rpm -qa|grep ssh openssh-server-5.3p1-94.el6.x86_64 openssh-5.3p1-94.el6.x86_64 libssh2-1.4.2-1.el6.x86_64 openssh-clients-5.3p1-94.el6.x86_64 |
|
yum -y install openssh rsync |
3、SSH免密码登录原理:
我们在client端生成ssh公钥,并将client端公钥拷贝到server服务器上,就可以实现client无密码登录server。
SSH加密算法有rsa和dsa两种,任选一种进行配置即可。
/usr/bin/ssh-keygen -t [rsa|dsa] 生成公钥和私钥文件。
4、配置ssh互信:在chavin用户下db06(client)无密码登录db07(server)。
方式1:
|
--配置: $ ssh-keygen -t rsa $ ssh-copy-id db07.chavin.king (ssh-copy-id方式只能用于rsa加密秘钥配置,测试对于dsa加密配置无效) |
|
--验证: [chavin@db06 ~]$ ssh db07 date Wed Apr 19 09:57:34 CST 2017 |
方式2:
|
--配置: $ ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa $ cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys $ scp ~/.ssh/authorized_keys db07:~/.ssh/authorized_keys |
|
--验证: [chavin@db06 ~]$ ssh db06 date Wed Apr 19 10:06:50 CST 2017 [chavin@db06 ~]$ ssh db07 date Wed Apr 19 10:08:24 CST 2017 |
方式3:
|
--配置: $ ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa $ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys $ chmod 0600 ~/.ssh/authorized_keys $ scp ~/.ssh/authorized_keys db07:~/.ssh/authorized_keys |
|
--验证: [chavin@db06 ~]$ ssh db06 date Wed Apr 19 10:14:02 CST 2017 [chavin@db06 ~]$ ssh db07 date Wed Apr 19 10:15:50 CST 2017 |
方式4:以下测试都已db06远程db06自己为例测试。
|
$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa $ cp ~/.ssh/id_dsa.pub ~/.ssh/authorized_keys |
|
[chavin@db06 ~]$ ssh db06 date Wed Apr 19 10:24:22 CST 2017 |
方式5:
|
$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa $ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys $ chmod 0600 ~/.ssh/authorized_keys |
|
[chavin@db06 ~]$ ssh db06 date Wed Apr 19 10:27:00 CST 2017 |