說(shuō)明(機(jī)器B信任機(jī)器A涨薪,A可以免密登錄B)
ssh-keygen:創(chuàng)建公鑰和密鑰,會(huì)生成id_rsa和id_rsa.pub兩個(gè)文件
ssh-copy-id:把本地的公鑰復(fù)制到遠(yuǎn)程主機(jī)的authorized_keys文件(不會(huì)覆蓋文件,是追加到文件末尾)炫乓,并且會(huì)設(shè)置遠(yuǎn)程主機(jī)用戶(hù)目錄的.ssh和.ssh/authorized_keys權(quán)限
權(quán)限為:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
ssh-keygen 做多臺(tái)機(jī)器間 互相信任?
http://blog.itpub.net/30089851/viewspace-1992210/
文件夾: ~/.ssh
生成:
rm -rf ~/.ssh
[root@hadoop000 ~]# ssh-keygen
[root@hadoop001 ~]# ssh-keygen
選擇第一臺(tái)作為先完善的機(jī)器
[root@hadoop000 .ssh]# cat id_rsa.pub >> authorized_keys
其他機(jī)器將id_rsa.pub發(fā)送給第一臺(tái)
[root@hadoop001 .ssh]# scp id_rsa.pub 192.168.137.251:/root/.ssh/id_rsa.pub.hadoop001
[root@hadoop002 .ssh]# scp id_rsa.pub 192.168.137.251:/root/.ssh/id_rsa.pub.hadoop001
[root@hadoop003 .ssh]# scp id_rsa.pub 192.168.137.251:/root/.ssh/id_rsa.pub.hadoop001
[root@hadoop004 .ssh]# scp id_rsa.pub 192.168.137.251:/root/.ssh/id_rsa.pub.hadoop001
將其他機(jī)器的id_rsa.pub追加到authorized_keys
[root@hadoop000 .ssh]# cat id_rsa.pub.hadoop001 >> authorized_keys
[root@hadoop000 .ssh]# cat id_rsa.pub.hadoop002 >> authorized_keys
[root@hadoop000 .ssh]# cat id_rsa.pub.hadoop003 >> authorized_keys
[root@hadoop000 .ssh]# cat id_rsa.pub.hadoop004 >> authorized_keys
然后將該authorized_keys分發(fā)
[root@hadoop000 .ssh]# scp authorized_keys 192.168.137.141:/root/.ssh/
[root@hadoop000 .ssh]# scp authorized_keys 192.168.137.142:/root/.ssh/
[root@hadoop000 .ssh]# scp authorized_keys 192.168.137.143:/root/.ssh/
[root@hadoop000 .ssh]# scp authorized_keys 192.168.137.144:/root/.ssh/
每臺(tái)機(jī)器第一次要做: yes --> known_hosts
[root@hadoop000 .ssh]# ssh hadoop000 date
[root@hadoop000 .ssh]# ssh hadoop001 date
[root@hadoop000 .ssh]# ssh hadoop002 date
[root@hadoop000 .ssh]# ssh hadoop003 date
[root@hadoop000 .ssh]# ssh hadoop004 date