在很多时候,需要用到ssh登录到另外一台服务器上,而每次登录都需要输入密码,这里就可以使用双击互信来避免频繁的输入密码
node1:192.168.5.130
node2:192.168.5.131
在node1上生成公钥和私钥
[root@node1 ~]# ssh-keygen -t rsa -f ~/.ssh/id_rsa -P '' Generating public/private rsa key pair. Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: c2:17:32:d6:43:1b:40:18:05:73:29:75:31:7b:1a:9a root@node1 The key's randomart p_w_picpath is: +--[ RSA 2048]----+ | +B*o*. | | oo.+ = | | .+ B . | | o = * | | E S | | o | | | | | | | +-----------------+ [root@node1 ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node2 The authenticity of host 'node2 (192.168.5.131)' can't be established. RSA key fingerprint is 86:5f:78:00:03:3f:67:5b:78:3e:c4:ef:a7:b0:f5:69. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'node2,192.168.5.131' (RSA) to the list of known hosts. root@node2's password: Now try logging into the machine, with "ssh 'root@node2'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [root@node1 ~]# ssh node2 'hostname' node2 [root@node1 ~]#
在node2上生成公钥和私钥
[root@node2 ~]# ssh-keygen -t rsa -f ~/.ssh/id_rsa -P '' Generating public/private rsa key pair. Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 73:74:9e:ba:d5:7e:4b:69:7d:f1:62:cd:93:6a:af:99 root@node2 The key's randomart p_w_picpath is: +--[ RSA 2048]----+ | | | | | . . | | . o . | | S . o . | | o . . o*| | . . +**| | o +*.+| | . .E++.| +-----------------+ [root@node2 ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node1 The authenticity of host 'node1 (192.168.5.130)' can't be established. RSA key fingerprint is b2:c5:bc:d3:f4:e0:94:35:fd:79:91:8a:4c:2c:1e:4b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'node1,192.168.5.130' (RSA) to the list of known hosts. root@node1's password: Now try logging into the machine, with "ssh 'root@node1'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [root@node2 ~]# ssh node1 'hostname' node1 [root@node2 ~]#
有时候也会遇到本机登录本机的情况,也可使用这种方式来本机信任本机
[root@node1 ~]# ssh-copy-id localhost root@localhost's password: Now try logging into the machine, with "ssh 'localhost'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [root@node1 ~]# [root@node2 ~]# ssh-copy-id localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. RSA key fingerprint is 86:5f:78:00:03:3f:67:5b:78:3e:c4:ef:a7:b0:f5:69. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (RSA) to the list of known hosts. root@localhost's password: Now try logging into the machine, with "ssh 'localhost'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [root@node2 ~]#
注:若主机名无法解析,可将解析信息添加到/etc/hosts中或直接使用IP
