1

Linux SSH 互信配置

 1 month ago
source link: https://www.jansora.com/notebook/107532
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

共四台机器: 10.0.16.4(l1.inet.jansora.com). 10.0.4.10(l2.inet.jansora.com). 10.0.4.14(l3.inet.jansora.com). 10.0.4.12(l4.inet.jansora.com)
确保能互相 ping

配置互信共以下几步步

1. 生成互信 key

在四台机器上分别生成 ssh-key

[email protected]:~# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:1OULmKdwgL3gjWfyocJTAXiB03A6D60BX5gMVAq4r6s [email protected]
The key's randomart image is:
+---[RSA 3072]----+
|o*=+ o.     .    |
|B.+ + .. + o     |
|.=.. =..= + .    |
|.= o= *+ o . .   |
|+o=..* .S   .    |
| +=+  .          |
| .+o             |
|.  o             |
|E..              |
+----[SHA256]-----+

2. 将 SSH 互信 keys 集中到一起

将四台互信key集中到 l1.inet.jansora.com

ssh -p 22 l1.inet.jansora.com cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh -p 22 l2.inet.jansora.com cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh -p 22 l3.inet.jansora.com cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh -p 22 l4.inet.jansora.com cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

2. 将 SSH 互信 keys 分发到各台机器上

scp -P 22 ~/.ssh/authorized_keys l1.inet.jansora.com:~/.ssh/
scp -P 22 ~/.ssh/authorized_keys l2.inet.jansora.com:~/.ssh/
scp -P 22 ~/.ssh/authorized_keys l3.inet.jansora.com:~/.ssh/
scp -P 22 ~/.ssh/authorized_keys l4.inet.jansora.com:~/.ssh/

在各个机器上分别执行下述命令进行测试(同时如果没有添加互信的话会把互信节点添加到 ~/.ssh/known_hosts )

这个步骤是很有必要做的, 因为第一次执行远程 ssh 的话需要把对方节点添加到 ~/.ssh/known_hosts. 这一步骤是需要人工确认(输入yes)的, 第二次就不会了, 见下方测试记录

[email protected]:~# ssh -p 22 l1.inet.jansora.com date;ssh -p 22 l2.inet.jansora.com date;ssh -p 22 l3.inet.jansora.com date;ssh -p 22 l4.inet.jansora.com date;
The authenticity of host '[l1.inet.jansora.com]:22 ([10.0.16.4]:22)' can't be established.
ECDSA key fingerprint is SHA256:IRjRyhOGpV8t1TD11Lj6nchvMEtWOLyPJ0qvFG+shq8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[l1.inet.jansora.com]:22,[10.0.16.4]:22' (ECDSA) to the list of known hosts.
Sun 15 May 2022 01:48:49 PM CST
The authenticity of host '[l2.inet.jansora.com]:22 ([10.0.4.10]:22)' can't be established.
ECDSA key fingerprint is SHA256:IQOR/vXTKqdGsJLAQZVzVZYh9xt2qhf8S4pt0IqgukY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[l2.inet.jansora.com]:22,[10.0.4.10]:22' (ECDSA) to the list of known hosts.
Sun 15 May 2022 01:48:51 PM CST
The authenticity of host '[l3.inet.jansora.com]:22 ([10.0.4.14]:22)' can't be established.
ECDSA key fingerprint is SHA256:/0SLIO//nZAaIxXtzon7uCYsKxqrnEDti5Hkw6oXrGg.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[l3.inet.jansora.com]:22,[10.0.4.14]:22' (ECDSA) to the list of known hosts.
Sun 15 May 2022 01:48:52 PM CST
The authenticity of host '[l4.inet.jansora.com]:22 ([10.0.4.12]:22)' can't be established.
ECDSA key fingerprint is SHA256:uX9n1S+XS/fwlKo0wqHxL/6ubv1X8rcsE5bKq/qHjkc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[l4.inet.jansora.com]:22,[10.0.4.12]:22' (ECDSA) to the list of known hosts.
Sun 15 May 2022 01:48:53 PM CST

[email protected]:~# ssh -p 22 l1.inet.jansora.com date;ssh -p 22 l2.inet.jansora.com date;ssh -p 22 l3.inet.jansora.com date;ssh -p 22 l4.inet.jansora.com date;
Sun 15 May 2022 01:50:28 PM CST
Sun 15 May 2022 01:50:29 PM CST
Sun 15 May 2022 01:50:29 PM CST
Sun 15 May 2022 01:50:30 PM CST
[email protected]:~# 

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK