1、在客户端生成一对密钥(公钥/私钥)
基于空口令生成一个新的ssh密钥,以实现无密码登录:
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
参数说明:
-t 加密算法类型,这里是使用rsa算法
-P 指定私钥的密码,不需要可以不指定
-f 指定生成秘钥对保持的位置
[root@node2 .ssh]# ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:FOojVcyVAoQyl/w9mv8vv1EkIJ1D8d8Csc5Vw1UOXts root@node2
The key's randomart image is:
+---[RSA 2048]----+
| . +o+++=+. o.B|
| o = o+o=o + *+|
| + .o... .= +.E|
| o..o o * . |
| . ooS. o + .|
| .o. . . |
| . . |
| . . . |
| ..++. |
+----[SHA256]-----+
[root@node2 .ssh]#
将秘钥文件拷贝到需要访问的节点上:
[root@node2 .ssh]# ssh-copy-id root@node1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@node1'"
and check to make sure that only the key(s) you wanted were added.
[root@node2 .ssh]#
这样的设置是单向的,需要在其他节点也进行同样的设置。
网友评论