4
Linux SSH 互信配置
source link: https://www.jansora.com/notebook/107532
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
共四台机器:
10.0.16.4(l1.inet.jansora.com).10.0.4.10(l2.inet.jansora.com).10.0.4.14(l3.inet.jansora.com).10.0.4.12(l4.inet.jansora.com)
确保能互相ping通
配置互信共以下几步步
1. 生成互信 key
在四台机器上分别生成 ssh-key
root@l1:~# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:1OULmKdwgL3gjWfyocJTAXiB03A6D60BX5gMVAq4r6s root@l1
The key's randomart image is:
+---[RSA 3072]----+
|o*=+ o. . |
|B.+ + .. + o |
|.=.. =..= + . |
|.= o= *+ o . . |
|+o=..* .S . |
| +=+ . |
| .+o |
|. o |
|E.. |
+----[SHA256]-----+
2. 将 SSH 互信 keys 集中到一起
将四台互信key集中到 l1.inet.jansora.com
ssh -p 22 l1.inet.jansora.com cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh -p 22 l2.inet.jansora.com cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh -p 22 l3.inet.jansora.com cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh -p 22 l4.inet.jansora.com cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
2. 将 SSH 互信 keys 分发到各台机器上
scp -P 22 ~/.ssh/authorized_keys l1.inet.jansora.com:~/.ssh/
scp -P 22 ~/.ssh/authorized_keys l2.inet.jansora.com:~/.ssh/
scp -P 22 ~/.ssh/authorized_keys l3.inet.jansora.com:~/.ssh/
scp -P 22 ~/.ssh/authorized_keys l4.inet.jansora.com:~/.ssh/
在各个机器上分别执行下述命令进行测试(同时如果没有添加互信的话会把互信节点添加到 ~/.ssh/known_hosts )
这个步骤是很有必要做的, 因为第一次执行远程 ssh 的话需要把对方节点添加到
~/.ssh/known_hosts. 这一步骤是需要人工确认(输入yes)的, 第二次就不会了, 见下方测试记录
root@l4:~# ssh -p 22 l1.inet.jansora.com date;ssh -p 22 l2.inet.jansora.com date;ssh -p 22 l3.inet.jansora.com date;ssh -p 22 l4.inet.jansora.com date;
The authenticity of host '[l1.inet.jansora.com]:22 ([10.0.16.4]:22)' can't be established.
ECDSA key fingerprint is SHA256:IRjRyhOGpV8t1TD11Lj6nchvMEtWOLyPJ0qvFG+shq8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[l1.inet.jansora.com]:22,[10.0.16.4]:22' (ECDSA) to the list of known hosts.
Sun 15 May 2022 01:48:49 PM CST
The authenticity of host '[l2.inet.jansora.com]:22 ([10.0.4.10]:22)' can't be established.
ECDSA key fingerprint is SHA256:IQOR/vXTKqdGsJLAQZVzVZYh9xt2qhf8S4pt0IqgukY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[l2.inet.jansora.com]:22,[10.0.4.10]:22' (ECDSA) to the list of known hosts.
Sun 15 May 2022 01:48:51 PM CST
The authenticity of host '[l3.inet.jansora.com]:22 ([10.0.4.14]:22)' can't be established.
ECDSA key fingerprint is SHA256:/0SLIO//nZAaIxXtzon7uCYsKxqrnEDti5Hkw6oXrGg.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[l3.inet.jansora.com]:22,[10.0.4.14]:22' (ECDSA) to the list of known hosts.
Sun 15 May 2022 01:48:52 PM CST
The authenticity of host '[l4.inet.jansora.com]:22 ([10.0.4.12]:22)' can't be established.
ECDSA key fingerprint is SHA256:uX9n1S+XS/fwlKo0wqHxL/6ubv1X8rcsE5bKq/qHjkc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[l4.inet.jansora.com]:22,[10.0.4.12]:22' (ECDSA) to the list of known hosts.
Sun 15 May 2022 01:48:53 PM CST
root@l4:~# ssh -p 22 l1.inet.jansora.com date;ssh -p 22 l2.inet.jansora.com date;ssh -p 22 l3.inet.jansora.com date;ssh -p 22 l4.inet.jansora.com date;
Sun 15 May 2022 01:50:28 PM CST
Sun 15 May 2022 01:50:29 PM CST
Sun 15 May 2022 01:50:29 PM CST
Sun 15 May 2022 01:50:30 PM CST
root@l4:~#
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK