centos 7 ssh 配置

[root@hd26 opt]# ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ''

ssh-copy-id -i ~/.ssh/id_rsa.pub bogon

以上就可以了

cat ~/.ssh/id_rsa.pub | ssh gbase@10.10.10.61 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys && echo "Key copied"'

/etc/ssh/sshd_config

RSAAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile .ssh/authorized_keys

[root@hd26 opt]# for i in $(cat dk.ip)  ; do  echo $i;    cat ~/.ssh/id_rsa.pub | sshpass -p111111 ssh -oStrictHostKeyChecking=no root@$i 'cat >> .ssh/authorized_keys && echo "Key copied"' ; done

10.10.10.66

Key copied

10.10.10.67

Key copied

10.10.10.68

Key copied

10.10.10.75

Key copied

mkdir ~/.ssh

chmod 700 ~/.ssh

touch .ssh/authorized_keys

chmod 600 .ssh/authorized_keys

1.生成密钥与公钥文件

ssh-keygen命令可以生成公钥(id_rsa.pub)与密钥(id_rsa)

ssh-keygen -t rsa -f /root/.ssh/id_rsa -N ''

2.将公钥文件加入主机的认证文件中

cat id_rsa.pub>>~/.ssh/authorized_keys(注意 .ssh目录权限为700, authorized_keys文件为600)

touch /root/.ssh/authorized_keys && chmod 600 /root/.ssh/authorized_keys

cat  sed.ip | while read line; do  cat  /root/.ssh/known_hosts | grep -q -w -i $line ; if [ $? == 0 ]; then sed -i "/^$line /d" /root/.ssh/known_hosts; fi done

5.      确保dbadmin用户从集群其他节点到故障节点的无口令ssh可用

  cd ~

  ssh-keygen -t rsa

  chmod 755 ~/.ssh

  cd ~/.ssh

  cp id_rsa.pub authorized_keys2

  chmod 600 ~/.ssh/*

  ssh-copy-id -i id_rsa.pub dbadmin@10.214.8.198

  ssh-copy-id -i id_rsa.pub dbadmin@10.214.8.197

  ssh-copy-id -i id_rsa.pub dbadmin@10.214.8.196

  ssh-copy-id -i id_rsa.pub dbadmin@10.214.8.199

cat /root/ip10.txt |while read line; do echo $line; cat ~/.ssh/id_rsa.pub | sshpass -p111111 ssh -oStrictHostKeyChecking=no root@$line 'cat > .ssh/authorized_keys && echo "Key copied"' ;done

10.10.55.90

bash: .ssh/authorized_keys: No such file or directory

[root@zx08 ~]# ll .ssh/authorized_keys

ls: cannot access .ssh/authorized_keys: No such file or directory

./sshtrust root@10.10.10.21 -p 111111

[root@gc66 ~]# diff sshd_config /etc/ssh/sshd_config

47,49c47,49

< #RSAAuthentication yes

< #PubkeyAuthentication yes

< #AuthorizedKeysFile  .ssh/authorized_keys

---

> RSAAuthentication yes

> PubkeyAuthentication yes

> AuthorizedKeysFile    .ssh/authorized_keys

[root@gc66 ~]# diff ssh_config /etc/ssh/ssh_config

60d59

< ServerAliveInterval 3600

cp sshd_config /etc/ssh/sshd_config

cp ssh_config /etc/ssh/ssh_config

执行下面的命令

ssh-copy-id -i id_rsa.pub 192.168.103.66

如果没有 id_rsa.pub 执行下面的命名产生

ssh-keygen -t rsa -f /root/.ssh/id_rsa -N ''

调试方法

ssh -vv 10.10.10.2