一、服务器配置
1、在每台服务器上都执行ssh-keygen -t rsa 生成密钥
[[email protected] .ssh]# ssh-keygen -t rsa
[[email protected] .ssh]# ssh-keygen -r rsa
[[email protected] .ssh]# ssh-keygen -t rsa
[[email protected] .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #回车代表无需密码登陆
Enter passphrase (empty for no passphrase): #回车
Enter same passphrase again: #回车
Your identification has been saved in /root/.ssh/id_rsa. #代表私钥
Your public key has been saved in /root/.ssh/id_rsa.pub. #代表公钥
The key fingerprint is:
04:45:0b:47:10:92:0c:b2:b9:d7:11:5b:49:05:e4:d9 [email protected]
2、在每台服务器上将公钥复制到无需登录的服务器上,如192.168.4.200
/244/232/2014台做相互无需密码登录,在每台服务器生成密钥后,在每一台服务器上执行ssh-copy-id的命令;以
192.168.4.200为例;其他三台服务器也是同样的操作;
例:192.168.4.200
[[email protected] ~]# cd ~/.ssh
[[email protected] .ssh]# ssh-copy-id -i id_rsa.pub "-p 22 [email protected]"
[[email protected] .ssh]# ssh-copy-id -i id_rsa.pub "-p 22 [email protected]"
[[email protected] .ssh]# ssh-copy-id -i id_rsa.pub "-p 22 [email protected]"
[email protected]‘s password: #输入密码
Now try logging into the machine, with "ssh ‘-p 22 [email protected]‘", and check in:
.ssh/authorized_keys
to make sure we haven‘t added extra keys that you weren‘t expecting.
以上信息出现就代表复制成功!
以上,可以自动将公钥添加到authorized_keys的文件中,在每台服务器都执行完以上的步骤就可以实现多台服务器无需密码相互访问了。
二、故障处理
1、如果ssh-copy-id 函数在远程服务器不存在;如下
[[email protected] .ssh]# ssh-copy-id -i id_rsa.pub "-p 22
[email protected]"
-bash: ssh-copy-id: command not found
可以尝试用一下命令解决,直接复制本地的pubkey内容到远程服务器;
[[email protected] .ssh]# cat ~/.ssh/id_*.pub | ssh [email protected] ‘cat > .ssh/authorized_keys‘
四、登录SSH
1、登录远程服务器就不需要密码:
[[email protected] .ssh]# ssh [email protected]
2、登录远程服务器有端口的需要添加端口-P
[[email protected] .ssh]# ssh [email protected] -p 511190
3、你依然被要求输入远程服务器密码, 那说明你的用户在远程服务器上面没有足够的权限;请查看一下你的远程登录的用户以及authorized_keys文件在哪个用户的目录下。