Linux下实现双机互信

80 阅读 0 评论 53 点赞

我是靠谱客的博主清脆滑板，这篇文章主要介绍Linux下实现双机互信，现在分享给大家，希望可以做个参考。

一、双机互信实现背景

平时我们ssh一台机器的时候会要求输入密码，如果经常ssh某台机器，每次输入密码会比较麻烦，而且有些软件会要求机器之间添加互信，下面有很快捷的方法实现双机互信。
我们准备两台虚拟机

复制代码

1
2
3
4
192.168.50.131
masterserver
192.168.50.132
redhatclient

其中redhatclient与masterserver需要实现互信，我们现在redhatclient上操作。

二、实现步骤

1.生成密匙

复制代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
[root@redhatclient ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
28:05:b8:eb:b5:7a:96:c1:d4:f5:03:5f:a2:d6:d0:d4 root@redhatclient
The key's randomart image is:
+--[ RSA 2048]----+
|
..
o..
|
|
.
.
+ o E
|
|
. ... B o
|
|
. ....o =
|
|
+. ..S
.
|
|
. +.
|
| . . +
|
|
. =
|
|
.+
|
+-----------------+
[root@redhatclient ~]#

生成的密匙存放在home目录下面的.ssh文件夹中

复制代码

1
2
3
4
5
6
[root@redhatclient ~]# cd ~
[root@redhatclient ~]# cd .ssh
[root@redhatclient .ssh]# ls
id_rsa
id_rsa.pub
[root@redhatclient .ssh]#

其中，我们需要将id_rsa.pub中的内容发送到需要添加互信的系统中。

2.发送密匙

复制代码

1
2
3
4
5
6
7
8
9
10
[root@redhatclient .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.50.131
The authenticity of host '192.168.50.131 (192.168.50.131)' can't be established.
RSA key fingerprint is 6c:02:9d:01:cc:02:d6:7e:83:62:77:b2:b0:a1:4e:a2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.50.131' (RSA) to the list of known hosts.
root@192.168.50.131's password:
Now try logging into the machine, with "ssh 'root@192.168.50.131'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@redhatclient .ssh]#

ssh-copy-id命令会自动将id_rsa.pub文件的内容追加到远程主机root用户下.ssh/authorized_keys文件中，我们测试下：

复制代码

1
2
3
4
[root@redhatclient .ssh]# ssh 192.168.50.131
Last login: Wed Apr
4 03:45:39 2018 from redhatclient
[root@masterserver ~]#

可以看到直接访问成功

复制代码

1
2
3
4
5
6
[root@masterserver ~]# cd .ssh/
[root@masterserver .ssh]# ls
authorized_keys
[root@masterserver .ssh]# cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp9jJcLZGVAi3KHy8Hr1qordG80xcKmHLFqZEl4tbOnn/RoJgUVbNsUDwom71pcsW/EzD3x4p+Y1l2hCv8/mm3Wju3KJLb7zR2Z2LB9SCaCckpRaavxlVSjGJC/yXryO1KflwKE+EQcCI+QHEaztYazIVnsS222KbZxlsR0TTMSn3XzUrA72O66YkOLiv55D9e6+fZ7yUe9OVCRdt/wd/VRGi+xCa25FNFXvu3yME9vBrea7d6LtS7NNs98X9PrtEBpGYxZCXNiaY5Cb/JgkL0rneI5jGjAbfMqDWiqwAtV8AWCLaFF9uL79sH8ailOndRyESTR7VU3ev7XLDInh3AQ== root@redhatclient
[root@masterserver .ssh]#

在被访问的机器上，authorized_keys文件中，就有redhatclient这台机器的公匙。

复制代码

1
2
3
4
5
6
7
8
9
10
[root@masterserver .ssh]# exit
logout
Connection to 192.168.50.131 closed.
[root@redhatclient .ssh]# ls
id_rsa
id_rsa.pub
known_hosts
[root@redhatclient .ssh]# cat known_hosts 
192.168.50.131 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwT19j4SuNunNIDocrAqAav/ejvIX8bTDdPe9kzwqMMxHCfxp27Zs486PzV96HyxIPN2rq7tMzEb+KeA0RlHNfRHBjEzSxZVg2ONe/GUxRFhsVx0phpjyiryYeFK2n3WqCVFYAgfqGd0+o28yjb3jmLSJRROOhzTIIaCHvGm19w58LgmU6kthsJwtOTM7sbQx1QnIIGGDKflBbhj48xh1GJduGXJZ/1SkEelRVq5bHM/sIfPGVpmvW5iZRUUD8AyxlEVvIKY+vdr0j7CinwHRiuaRaP4szFuG/0ZX17/39awNQ8fFh3eAQ+W/oMLIq3rSbM4TkzZp0gPBHVYzsmlOeQ==
[root@redhatclient .ssh]#

再次回到redhatclient上，可以发现.ssh目录中多了一个known_hosts文件，里面的内容是添加到互信列表的masterserver。

三、小问题

我们来看以下两种方式：

复制代码

1
2
3
[root@redhatclient .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.50.131
[root@redhatclient .ssh]# ssh-copy-id -i id_rsa.pub root@masterserver
[root@redhatclient .ssh]#

我们定义的是masterserver和192.168.50.131是一回事，但是两种做法做出来的效果却不一样。

复制代码

[root@redhatclient .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.50.131
The authenticity of host '192.168.50.131 (192.168.50.131)' can't be established.
RSA key fingerprint is 6c:02:9d:01:cc:02:d6:7e:83:62:77:b2:b0:a1:4e:a2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.50.131' (RSA) to the list of known hosts.
root@192.168.50.131's password: 
Now try logging into the machine, with "ssh 'root@192.168.50.131'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@redhatclient .ssh]# ssh 192.168.50.131
Last login: Wed Apr 25 09:14:57 2018 from redhatclient
[root@masterserver ~]# exit
logout
Connection to 192.168.50.131 closed.
[root@redhatclient .ssh]# ssh masterserver
The authenticity of host 'masterserver (192.168.50.131)' can't be established.
RSA key fingerprint is 6c:02:9d:01:cc:02:d6:7e:83:62:77:b2:b0:a1:4e:a2.
Are you sure you want to continue connecting (yes/no)? ^C
[root@redhatclient .ssh]# 
[root@redhatclient .ssh]# cat known_hosts 
192.168.50.131 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwT19j4SuNunNIDocrAqAav/ejvIX8bTDdPe9kzwqMMxHCfxp27Zs486PzV96HyxIPN2rq7tMzEb+KeA0RlHNfRHBjEzSxZVg2ONe/GUxRFhsVx0phpjyiryYeFK2n3WqCVFYAgfqGd0+o28yjb3jmLSJRROOhzTIIaCHvGm19w58LgmU6kthsJwtOTM7sbQx1QnIIGGDKflBbhj48xh1GJduGXJZ/1SkEelRVq5bHM/sIfPGVpmvW5iZRUUD8AyxlEVvIKY+vdr0j7CinwHRiuaRaP4szFuG/0ZX17/39awNQ8fFh3eAQ+W/oMLIq3rSbM4TkzZp0gPBHVYzsmlOeQ==

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[root@redhatclient .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.50.131
The authenticity of host '192.168.50.131 (192.168.50.131)' can't be established.
RSA key fingerprint is 6c:02:9d:01:cc:02:d6:7e:83:62:77:b2:b0:a1:4e:a2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.50.131' (RSA) to the list of known hosts.
root@192.168.50.131's password: 
Now try logging into the machine, with "ssh 'root@192.168.50.131'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@redhatclient .ssh]# ssh 192.168.50.131
Last login: Wed Apr 25 09:14:57 2018 from redhatclient
[root@masterserver ~]# exit
logout
Connection to 192.168.50.131 closed.
[root@redhatclient .ssh]# ssh masterserver
The authenticity of host 'masterserver (192.168.50.131)' can't be established.
RSA key fingerprint is 6c:02:9d:01:cc:02:d6:7e:83:62:77:b2:b0:a1:4e:a2.
Are you sure you want to continue connecting (yes/no)? ^C
[root@redhatclient .ssh]# 
[root@redhatclient .ssh]# cat known_hosts 
192.168.50.131 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwT19j4SuNunNIDocrAqAav/ejvIX8bTDdPe9kzwqMMxHCfxp27Zs486PzV96HyxIPN2rq7tMzEb+KeA0RlHNfRHBjEzSxZVg2ONe/GUxRFhsVx0phpjyiryYeFK2n3WqCVFYAgfqGd0+o28yjb3jmLSJRROOhzTIIaCHvGm19w58LgmU6kthsJwtOTM7sbQx1QnIIGGDKflBbhj48xh1GJduGXJZ/1SkEelRVq5bHM/sIfPGVpmvW5iZRUUD8AyxlEVvIKY+vdr0j7CinwHRiuaRaP4szFuG/0ZX17/39awNQ8fFh3eAQ+W/oMLIq3rSbM4TkzZp0gPBHVYzsmlOeQ==

可以看到如果通过IP来传送公匙，只能通过IP来访问，通过主机名来访问就需要输入密码。而第二种方法则不需要。

复制代码

[root@redhatclient .ssh]# ssh-copy-id -i id_rsa.pub root@masterserver
The authenticity of host 'masterserver (192.168.50.131)' can't be established.
RSA key fingerprint is 6c:02:9d:01:cc:02:d6:7e:83:62:77:b2:b0:a1:4e:a2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'masterserver,192.168.50.131' (RSA) to the list of known hosts.
root@masterserver's password:
Now try logging into the machine, with "ssh 'root@masterserver'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@redhatclient .ssh]# ssh masterserver
Last login: Wed Apr 25 09:23:29 2018 from redhatclient
[root@masterserver ~]# exit
logout
Connection to masterserver closed.
[root@redhatclient .ssh]# ssh 192.168.50.131
Last login: Wed Apr 25 09:26:02 2018 from redhatclient
[root@masterserver ~]# exit
logout
Connection to 192.168.50.131 closed.
[root@redhatclient .ssh]# cat known_hosts 
masterserver,192.168.50.131 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwT19j4SuNunNIDocrAqAav/ejvIX8bTDdPe9kzwqMMxHCfxp27Zs486PzV96HyxIPN2rq7tMzEb+KeA0RlHNfRHBjEzSxZVg2ONe/GUxRFhsVx0phpjyiryYeFK2n3WqCVFYAgfqGd0+o28yjb3jmLSJRROOhzTIIaCHvGm19w58LgmU6kthsJwtOTM7sbQx1QnIIGGDKflBbhj48xh1GJduGXJZ/1SkEelRVq5bHM/sIfPGVpmvW5iZRUUD8AyxlEVvIKY+vdr0j7CinwHRiuaRaP4szFuG/0ZX17/39awNQ8fFh3eAQ+W/oMLIq3rSbM4TkzZp0gPBHVYzsmlOeQ==
[root@redhatclient .ssh]#

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[root@redhatclient .ssh]# ssh-copy-id -i id_rsa.pub root@masterserver
The authenticity of host 'masterserver (192.168.50.131)' can't be established.
RSA key fingerprint is 6c:02:9d:01:cc:02:d6:7e:83:62:77:b2:b0:a1:4e:a2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'masterserver,192.168.50.131' (RSA) to the list of known hosts.
root@masterserver's password:
Now try logging into the machine, with "ssh 'root@masterserver'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@redhatclient .ssh]# ssh masterserver
Last login: Wed Apr 25 09:23:29 2018 from redhatclient
[root@masterserver ~]# exit
logout
Connection to masterserver closed.
[root@redhatclient .ssh]# ssh 192.168.50.131
Last login: Wed Apr 25 09:26:02 2018 from redhatclient
[root@masterserver ~]# exit
logout
Connection to 192.168.50.131 closed.
[root@redhatclient .ssh]# cat known_hosts 
masterserver,192.168.50.131 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwT19j4SuNunNIDocrAqAav/ejvIX8bTDdPe9kzwqMMxHCfxp27Zs486PzV96HyxIPN2rq7tMzEb+KeA0RlHNfRHBjEzSxZVg2ONe/GUxRFhsVx0phpjyiryYeFK2n3WqCVFYAgfqGd0+o28yjb3jmLSJRROOhzTIIaCHvGm19w58LgmU6kthsJwtOTM7sbQx1QnIIGGDKflBbhj48xh1GJduGXJZ/1SkEelRVq5bHM/sIfPGVpmvW5iZRUUD8AyxlEVvIKY+vdr0j7CinwHRiuaRaP4szFuG/0ZX17/39awNQ8fFh3eAQ+W/oMLIq3rSbM4TkzZp0gPBHVYzsmlOeQ==
[root@redhatclient .ssh]#