1.在master机器上生成公钥:
[root@master ~]# ssh-keygen -t rsa 注:一直按enter键就可以生成了
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
81:39:eb:23:2c:f9:75:af:93:cb:76:00:87:3e:cf:0f root@master
The key's randomart image is:
+--[ RSA 2048]----+
| |
| o |
| +.. |
| oo.. |
| ..oS |
| o .o . |
| o o ++Eo |
| o o +*o. |
| . .+*o |
+-----------------+
2..执行 cp id_rsa.pub authorized_keys
3.把master上面的authorized_keys文件复制到Slave机器上
scp authorized_keys slave:~/.ssh
4..slave1上的修改.ssh目录的权限以及authorized_keys 的权限(这个必须修改,要不然还是需要密码)
1、权限问题
.ssh目录,以及当前用户 需要相同的700权限,参考以下操作调整
sudo chmod 700 /root/.ssh
sudo chmod 700 /root
.ssh目录下的authorized_keys文件需要600或644权限,参考以下操作调整
sudo chmod 600 /root/.ssh/authorized_keys
2、StrictModes问题
编辑
sudo vi /etc/ssh/sshd_config
找到
#StrictModes yes (注:登陆用户目录/root 和 存放公钥目录/root/.ssh的权限要相同:如:chmod 700 /root 和 chmod 700 /root/.ssh)
改成
StrictModes no (注:登陆用户目录/root 和 存放公钥目录/root/.ssh的权限不需要相同:如:chmod 777 /root 和 chmod 700 /root/.ssh)
StrictModes解析:
StrictModes no #修改为no,默认为yes.如果不修改用key登陆是出现server refused our key(如果StrictModes为yes必需保证存放公钥的文件夹的拥有与登陆用户名是相同的.
“StrictModes”设置ssh在接收登录请求之前是否检查用户家目录和rhosts文件的权限和所有权。这通常是必要的,因为新手经常会把自己的目录和文件设成任何人都有写权限。
修改完/etc/ssh/sshd_config后需要重启ssh服务才能生效:service sshd restart 或者 service ssh restart
3.三台机器互相ssh免登陆密码登陆设置:master, slave1, slave2
1)首先分别在master,slave1,slave2上生成
id_rsa.pub, id_rsa
2)设置免密码登陆master:
a)在master上执行:cp d_rsa.pub authorized_keys
测试:在master上执行:ssh master 如免密码登陆,则成功!
b)在slave1上执行:scp d_rsa.pub master:/root/.ssh/d_rsa.pub_slave1
然后在master上执行:cat d_rsa.pub_slave1 >> authorized_keys
测试:在slave1上执行:ssh master 如免密码登陆,则成功!
c)在slave2上执行:scp d_rsa.pub master:/root/.ssh/d_rsa.pub_slave2
然后在master上执行:cat d_rsa.pub_slave12>> authorized_keys
测试:在slave2上执行:ssh master 如免密码登陆,则成功!
3)设置免密码登陆slave1:
a)在slave1上执行:cp d_rsa.pub authorized_keys
测试:在slave1上执行:ssh slave1 如免密码登陆,则成功!
b)在master上执行:scp d_rsa.pub slave1:/root/.ssh/d_rsa.pub_master
然后在slave1上执行:cat d_rsa.pub_master >> authorized_keys
测试:在master上执行:ssh slave1 如免密码登陆,则成功!
c)在slave2上执行:scp d_rsa.pub slave1:/root/.ssh/d_rsa.pub_slave2
然后在slave1上执行:cat d_rsa.pub_slave2 >> authorized_keys
测试:在slave2上执行:ssh slave1 如免密码登陆,则成功!
4)设置免密码登陆slave2:
a)在slave2上执行:cp d_rsa.pub authorized_keys
测试:在slave2上执行:ssh slave2 如免密码登陆,则成功!
b)在master上执行:scp d_rsa.pub slave2:/root/.ssh/d_rsa.pub_master
然后在slave2上执行:cat d_rsa.pub_master >> authorized_keys
测试:在master上执行:ssh slave2 如免密码登陆,则成功!
c)在slave1上执行:scp d_rsa.pub slave12/root/.ssh/d_rsa.pub_slave1
然后在slave2上执行:cat d_rsa.pub_slave1 >> authorized_keys
测试:在slave1上执行:ssh slave2 如免密码登陆,则成功!
5)如果测试都成功,则master,slave1,slave2相互之间就可以免密码登陆了,更多机器相互之间免密码登陆设置也如此设置!