linux双机互信设置
公鑰認證的基本思想:
對信息的加密和解密采用不同的key,這對key分別稱作private key和public key,其中,
public key存放在欲登錄的服務器上,而private key為特定的客戶機所持有。當客戶機
向服務器發出建立安全連接的請求時,首先發送自己的public key,如果這個public key
是被服務器所允許的,服務器就發送一個經過public key加密的隨機數據給客戶機,這個
數據只能通過private key解密,客戶機將解密后的信息發還給服務器,服務器驗證正確
后即確認客戶機是可信任的,從而建立起一條安全的信息通道。通過這種方式,客戶機
不需要向外發送自己的身份標志“private key”即可達到校驗的目的,并且private key
是不能通過public key反向推斷出來的。這避免了網絡竊聽可能造成的密碼泄露。客戶機
需要小心的保存自己的private key,以免被其他人竊取,一旦這樣的事情發生,就需要
各服務器更換受信的public key列表。
配置ssh互信的步驟如下:
??? 1. 首先,在要配置互信的機器上,生成各自的經過認證的key文件;
??? 2. 其次,將所有的key文件匯總到一個總的認證文件中;
??? 3. 將這個包含了所有互信機器認證key的認證文件,分發到各個機器中去;
??? 4. 驗證互信。
在主機名為node1,node2,node3上以相同的用戶test創建ssh互信。
?
?
1.在每個節點上創建 RSA密鑰和公鑰
使用test用戶登陸
mkdir ~/.ssh
chmod 700 ~/.ssh
cd ~/.ssh
ssh-keygen -t rsa
?
2.整合公鑰文件
在node1上執行以下命令
ssh node1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh node2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh node3 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
?
3.分發整合后的公鑰文件
在node1上執行以下命令
scp ~/.ssh/authorized_keys? node2:~/.ssh/
scp ~/.ssh/authorized_keys? node3:~/.ssh/
?
4.測試ssh互信
在各個節點上運行以下命令,若不需要輸入密碼就顯示系統當前日期,就說明SSH互信已經配置成功了。
ssh node1 date
ssh node2 date
ssh node3 date
2013-8-15
以下是自己具體的驗證過程
配置ssh互信的步驟如下:
??? 1. 首先,在要配置互信的機器上,生成各自的經過認證的key文件;
??? 2. 其次,將所有的key文件匯總到一個總的認證文件中;
??? 3. 將這個包含了所有互信機器認證key的認證文件,分發到各個機器中去;
??? 4. 驗證互信。
在主機名為gpmaster,gpnode1,gpnode2上以相同的用戶test創建ssh互信。
?
?
1.在每個節點上創建 RSA密鑰和公鑰
使用root用戶登陸
mkdir ~/.ssh
chmod 700 ~/.ssh
cd ~/.ssh
ssh-keygen -t rsa
?
2.整合公鑰文件
在gpmaster上執行以下命令
ssh gpmaster cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh gpnode1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh gpnode2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
?
3.分發整合后的公鑰文件
在gpmaster上執行以下命令
scp ~/.ssh/authorized_keys? gpnode1:~/.ssh/
scp ~/.ssh/authorized_keys? gpnode2:~/.ssh/
?
4.測試ssh互信
在各個節點上運行以下命令,若不需要輸入密碼就顯示系統當前日期,就說明SSH互信已經配置成功了。
ssh gpmaster date
ssh gpnode1 date
ssh gpnode2 date
?
具體過程是:
1.在每個節點上創建 RSA密鑰和公鑰
使用root用戶登陸
mkdir ~/.ssh
chmod 700 ~/.ssh
cd ~/.ssh
ssh-keygen -t rsa(一路敲回車)
[root@gpmaster .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):? #回車??????
Enter passphrase (empty for no passphrase): #回車
Enter same passphrase again: #回車
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
9f:62:ab:0e:8c:e4:7f:b1:8e:a7:61:db:89:74:de:36 root@gpmaster
[root@gpmaster .ssh]#
2.
整合公鑰文件
在gpmaster上執行以下命令
ssh gpmaster cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh gpnode1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh gpnode2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
[root@gpmaster .ssh]# ssh gpmaster cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'gpmaster (192.168.66.110)' can't be established.
RSA key fingerprint is 69:ad:d3:6a:bf:ea:89:ab:6d:64:c4:1c:6f:b3:fe:9b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gpmaster,192.168.66.110' (RSA) to the list of known hosts.
root@gpmaster's password:
[root@gpmaster .ssh]# ssh gpnode1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'gpnode1 (192.168.66.111)' can't be established.
RSA key fingerprint is 69:ad:d3:6a:bf:ea:89:ab:6d:64:c4:1c:6f:b3:fe:9b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gpnode1,192.168.66.111' (RSA) to the list of known hosts.
root@gpnode1's password:
[root@gpmaster .ssh]# ssh gpnode2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'gpnode2 (192.168.66.112)' can't be established.
RSA key fingerprint is 69:ad:d3:6a:bf:ea:89:ab:6d:64:c4:1c:6f:b3:fe:9b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gpnode2,192.168.66.112' (RSA) to the list of known hosts.
root@gpnode2's password:
[root@gpmaster .ssh]# chmod 600 ~/.ssh/authorized_keys
3.
在gpmaster上執行以下命令
scp ~/.ssh/authorized_keys? gpnode1:~/.ssh/
scp ~/.ssh/authorized_keys? gpnode2:~/.ssh/
[root@gpmaster .ssh]# scp ~/.ssh/authorized_keys? gpnode1:~/.ssh/
root@gpnode1's password:
authorized_keys?????????????????????????????????????????????????????????????????????????????????? 100% 1183???? 1.2KB/s?? 00:00???
[root@gpmaster .ssh]# scp ~/.ssh/authorized_keys? gpnode2:~/.ssh/
root@gpnode2's password:
authorized_keys??????
4.????
測試ssh互信
在各個節點上運行以下命令,若不需要輸入密碼就顯示系統當前日期,就說明SSH互信已經配置成功了。
ssh gpmaster date
ssh gpnode1 date
ssh gpnode2 date?????????????????????????????????????????????????????????????????????? 100% 1183???? 1.2KB/s?? 00:00???
[root@gpmaster .ssh]# ssh gpmaster date
Thu Aug 15 10:35:27 CST 2013
[root@gpmaster .ssh]# ssh gpnode1 date
Thu Aug 15 10:35:33 CST 2013
[root@gpmaster .ssh]# ssh gpnode2 date
Thu Aug 15 10:35:42 CST 2013
[root@gpmaster .ssh]#
[root@gpmaster .ssh]#
[root@gpmaster .ssh]# ssh gpmaster date
ssh gpnode1 date
ssh gpnode2 dateThu Aug 15 10:35:52 CST 2013
[root@gpmaster .ssh]# ssh gpnode2 date
Thu Aug 15 10:35:53 CST 2013
[root@gpmaster .ssh]#
[root@gpmaster .ssh]#
[root@gpmaster .ssh]#
[root@gpmaster .ssh]# ssh gpmaster date
ssh gpnode1 date
ssh gpnode2 dateThu Aug 15 10:36:14 CST 2013
[root@gpmaster .ssh]# ssh gpnode2 date
Thu Aug 15 10:36:17 CST 2013
[root@gpmaster .ssh]#
[root@gpmaster .ssh]#
[root@gpmaster .ssh]#
[root@gpmaster .ssh]# ssh gpmaster date
ssh gpnode1 date
ssh gpnode2 date
ssh gpmaster dateThu Aug 15 10:36:32 CST 2013
[root@gpmaster .ssh]# ssh gpmaster date
Thu Aug 15 10:36:33 CST 2013
[root@gpmaster .ssh]#
總結
以上是生活随笔為你收集整理的linux双机互信设置的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: oracle财务软件 如何,如何做到Or
- 下一篇: ubuntu 生活之电视卡