1. 首页
  2. 文章中心
  3. Linux实例

Linux下实现双机互信

60 阅读 0 评论
我是靠谱客的博主 清脆滑板,最近开发中收集的这篇文章主要介绍Linux下实现双机互信,觉得挺不错的,现在分享给大家,希望可以做个参考。

概述

一、双机互信实现背景

平时我们ssh一台机器的时候会要求输入密码,如果经常ssh某台机器,每次输入密码会比较麻烦,而且有些软件会要求机器之间添加互信,下面有很快捷的方法实现双机互信。
我们准备两台虚拟机

192.168.50.131
masterserver
192.168.50.132
redhatclient

其中redhatclient与masterserver需要实现互信,我们现在redhatclient上操作。

二、实现步骤

1.生成密匙

[root@redhatclient ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
28:05:b8:eb:b5:7a:96:c1:d4:f5:03:5f:a2:d6:d0:d4 root@redhatclient
The key's randomart image is:
+--[ RSA 2048]----+
|
..
o..
|
|
.
.
+ o E
|
|
. ... B o
|
|
. ....o =
|
|
+. ..S
.
|
|
. +.
|
| . . +
|
|
. =
|
|
.+
|
+-----------------+
[root@redhatclient ~]#

生成的密匙存放在home目录下面的.ssh文件夹中

[root@redhatclient ~]# cd ~
[root@redhatclient ~]# cd .ssh
[root@redhatclient .ssh]# ls
id_rsa
id_rsa.pub
[root@redhatclient .ssh]#

其中,我们需要将id_rsa.pub中的内容发送到需要添加互信的系统中。

2.发送密匙

[root@redhatclient .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.50.131
The authenticity of host '192.168.50.131 (192.168.50.131)' can't be established.
RSA key fingerprint is 6c:02:9d:01:cc:02:d6:7e:83:62:77:b2:b0:a1:4e:a2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.50.131' (RSA) to the list of known hosts.
root@192.168.50.131's password:
Now try logging into the machine, with "ssh 'root@192.168.50.131'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@redhatclient .ssh]#

ssh-copy-id命令会自动将id_rsa.pub文件的内容追加到远程主机root用户下.ssh/authorized_keys文件中,我们测试下:

[root@redhatclient .ssh]# ssh 192.168.50.131
Last login: Wed Apr
4 03:45:39 2018 from redhatclient
[root@masterserver ~]#

可以看到直接访问成功

[root@masterserver ~]# cd .ssh/
[root@masterserver .ssh]# ls
authorized_keys
[root@masterserver .ssh]# cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp9jJcLZGVAi3KHy8Hr1qordG80xcKmHLFqZEl4tbOnn/RoJgUVbNsUDwom71pcsW/EzD3x4p+Y1l2hCv8/mm3Wju3KJLb7zR2Z2LB9SCaCckpRaavxlVSjGJC/yXryO1KflwKE+EQcCI+QHEaztYazIVnsS222KbZxlsR0TTMSn3XzUrA72O66YkOLiv55D9e6+fZ7yUe9OVCRdt/wd/VRGi+xCa25FNFXvu3yME9vBrea7d6LtS7NNs98X9PrtEBpGYxZCXNiaY5Cb/JgkL0rneI5jGjAbfMqDWiqwAtV8AWCLaFF9uL79sH8ailOndRyESTR7VU3ev7XLDInh3AQ== root@redhatclient
[root@masterserver .ssh]#

在被访问的机器上,authorized_keys文件中,就有redhatclient这台机器的公匙。

[root@masterserver .ssh]# exit
logout
Connection to 192.168.50.131 closed.
[root@redhatclient .ssh]# ls
id_rsa
id_rsa.pub
known_hosts
[root@redhatclient .ssh]# cat known_hosts 
192.168.50.131 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwT19j4SuNunNIDocrAqAav/ejvIX8bTDdPe9kzwqMMxHCfxp27Zs486PzV96HyxIPN2rq7tMzEb+KeA0RlHNfRHBjEzSxZVg2ONe/GUxRFhsVx0phpjyiryYeFK2n3WqCVFYAgfqGd0+o28yjb3jmLSJRROOhzTIIaCHvGm19w58LgmU6kthsJwtOTM7sbQx1QnIIGGDKflBbhj48xh1GJduGXJZ/1SkEelRVq5bHM/sIfPGVpmvW5iZRUUD8AyxlEVvIKY+vdr0j7CinwHRiuaRaP4szFuG/0ZX17/39awNQ8fFh3eAQ+W/oMLIq3rSbM4TkzZp0gPBHVYzsmlOeQ==
[root@redhatclient .ssh]#

再次回到redhatclient上,可以发现.ssh目录中多了一个known_hosts文件,里面的内容是添加到互信列表的masterserver。

三、小问题

我们来看以下两种方式:

[root@redhatclient .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.50.131
[root@redhatclient .ssh]# ssh-copy-id -i id_rsa.pub root@masterserver
[root@redhatclient .ssh]#

我们定义的是masterserver和192.168.50.131是一回事,但是两种做法做出来的效果却不一样。

[root@redhatclient .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.50.131
The authenticity of host '192.168.50.131 (192.168.50.131)' can't be established.
RSA key fingerprint is 6c:02:9d:01:cc:02:d6:7e:83:62:77:b2:b0:a1:4e:a2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.50.131' (RSA) to the list of known hosts.
root@192.168.50.131's password: 
Now try logging into the machine, with "ssh 'root@192.168.50.131'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@redhatclient .ssh]# ssh 192.168.50.131
Last login: Wed Apr 25 09:14:57 2018 from redhatclient
[root@masterserver ~]# exit
logout
Connection to 192.168.50.131 closed.
[root@redhatclient .ssh]# ssh masterserver
The authenticity of host 'masterserver (192.168.50.131)' can't be established.
RSA key fingerprint is 6c:02:9d:01:cc:02:d6:7e:83:62:77:b2:b0:a1:4e:a2.
Are you sure you want to continue connecting (yes/no)? ^C
[root@redhatclient .ssh]# 
[root@redhatclient .ssh]# cat known_hosts 
192.168.50.131 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwT19j4SuNunNIDocrAqAav/ejvIX8bTDdPe9kzwqMMxHCfxp27Zs486PzV96HyxIPN2rq7tMzEb+KeA0RlHNfRHBjEzSxZVg2ONe/GUxRFhsVx0phpjyiryYeFK2n3WqCVFYAgfqGd0+o28yjb3jmLSJRROOhzTIIaCHvGm19w58LgmU6kthsJwtOTM7sbQx1QnIIGGDKflBbhj48xh1GJduGXJZ/1SkEelRVq5bHM/sIfPGVpmvW5iZRUUD8AyxlEVvIKY+vdr0j7CinwHRiuaRaP4szFuG/0ZX17/39awNQ8fFh3eAQ+W/oMLIq3rSbM4TkzZp0gPBHVYzsmlOeQ==

可以看到如果通过IP来传送公匙,只能通过IP来访问,通过主机名来访问就需要输入密码。而第二种方法则不需要。

[root@redhatclient .ssh]# ssh-copy-id -i id_rsa.pub root@masterserver
The authenticity of host 'masterserver (192.168.50.131)' can't be established.
RSA key fingerprint is 6c:02:9d:01:cc:02:d6:7e:83:62:77:b2:b0:a1:4e:a2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'masterserver,192.168.50.131' (RSA) to the list of known hosts.
root@masterserver's password:
Now try logging into the machine, with "ssh 'root@masterserver'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@redhatclient .ssh]# ssh masterserver
Last login: Wed Apr 25 09:23:29 2018 from redhatclient
[root@masterserver ~]# exit
logout
Connection to masterserver closed.
[root@redhatclient .ssh]# ssh 192.168.50.131
Last login: Wed Apr 25 09:26:02 2018 from redhatclient
[root@masterserver ~]# exit
logout
Connection to 192.168.50.131 closed.
[root@redhatclient .ssh]# cat known_hosts 
masterserver,192.168.50.131 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwT19j4SuNunNIDocrAqAav/ejvIX8bTDdPe9kzwqMMxHCfxp27Zs486PzV96HyxIPN2rq7tMzEb+KeA0RlHNfRHBjEzSxZVg2ONe/GUxRFhsVx0phpjyiryYeFK2n3WqCVFYAgfqGd0+o28yjb3jmLSJRROOhzTIIaCHvGm19w58LgmU6kthsJwtOTM7sbQx1QnIIGGDKflBbhj48xh1GJduGXJZ/1SkEelRVq5bHM/sIfPGVpmvW5iZRUUD8AyxlEVvIKY+vdr0j7CinwHRiuaRaP4szFuG/0ZX17/39awNQ8fFh3eAQ+W/oMLIq3rSbM4TkzZp0gPBHVYzsmlOeQ==
[root@redhatclient .ssh]#

通过观察know_hosts文件,我们发现第二种方法比第一种方法多了主机名在前面。经过测试,如果手动添加主机名到第一种方法的know_hosts文件中,效果同第二种方法相同。

最后

以上就是清脆滑板为你收集整理的Linux下实现双机互信的全部内容,希望文章能够帮你解决Linux下实现双机互信所遇到的程序开发问题。

如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。

本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
点赞(40)

相关文章

SSH无法连接:Permissions 0777 for '/etc/ssh/ssh_host_rsa_key' are too open.
SSH无法连接:Permissions 0777 for '/etc/ssh/ssh_host_rsa_key' are too open.
Linux 查看双节点是否做了SSH信任
Linux 查看双节点是否做了SSH信任
linux机器之间建立互信ssh登录
linux机器之间建立互信ssh登录
linux 免密码免yes用户名 ssh互信建立
linux 免密码免yes用户名 ssh互信建立
Linux下实现双机互信
Linux下实现双机互信
互信 计算机培训,ssh   sshd   scp   基于密钥认证登陆 双机互信
互信 计算机培训,ssh   sshd   scp   基于密钥认证登陆 双机互信
expect脚本实现批量ssh互信
expect脚本实现批量ssh互信
Linux 配置双机SSH信任实现免密远程登录
Linux 配置双机SSH信任实现免密远程登录

评论列表共有 0 条评论

立即
投稿
返回
顶部