配置SSH
基本语法:
ssh 另一台电脑的IP地址
SSH连接时出现Host key verification failed的解决方法
ssh hadoop103
如果出现以下内容,
Are you sure you want to continue connecting (yes/no)
输入 yes ,并回车
退回到hadoop102
exit
无秘钥配置
无密登录原理
生成公钥和私钥
因为之前使用过无秘钥登录,所以know_hosts文件中包含有登录过的主机信息
[muyi@hadoop102 .ssh]$ cat known_hosts
hadoop103,192.168.10.103 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBLLwcxcuI/N2vjMdQeWYNSW6iK6V4XPR1N2H8CknhcQbfY92BUKBrn21j6m9k8FZvITmWCChjziqk14JN8qukM=
hadoop104,192.168.10.104 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBLLwcxcuI/N2vjMdQeWYNSW6iK6V4XPR1N2H8CknhcQbfY92BUKBrn21j6m9k8FZvITmWCChjziqk14JN8qukM=
hadoop102,192.168.10.102 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBLLwcxcuI/N2vjMdQeWYNSW6iK6V4XPR1N2H8CknhcQbfY92BUKBrn21j6m9k8FZvITmWCChjziqk14JN8qukM=
[muyi@hadoop102 .ssh]$ pwd
/home/muyi/.ssh
[muyi@hadoop102 .ssh]$
[muyi@hadoop102 .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/muyi/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/muyi/.ssh/id_rsa.
Your public key has been saved in /home/muyi/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:XPp8KfVCNcnLO3PZzOuHXpFAryQQZuGUpBSZzfse/mA muyi@hadoop102
The key's randomart image is:
+---[RSA 2048]----+
| oBO+ . |
| .o*+. .... |
| . .o. o=. |
| . + oooo.|
| S . o.oo |
| o = o ++|
| *E= =o*|
| .=...=o|
| .ooo.|
+----[SHA256]-----+
[muyi@hadoop102 .ssh]$
查看生成的公钥和私钥
[muyi@hadoop102 .ssh]$ ll
总用量 12
-rw-------. 1 muyi muyi 1679 11月 11 09:43 id_rsa
-rw-r--r--. 1 muyi muyi 396 11月 11 09:43 id_rsa.pub
-rw-r--r--. 1 muyi muyi 558 11月 10 10:37 known_hosts
[muyi@hadoop102 .ssh]$ cat id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA52zhmsaN6xCO+LwucgZ6W57QZQiZXR/FwX2KBzO7S36tQnl3
N/VrPbCNMMqQVfNrYT00caQvMGKMrxNW9tPVELIpvSb1u92FvOho59LVmByn0Hwr
WSjJsyLubhH2UsUiazs5IHLvTZoP4AYh84kNtNns06LbHja7jn7XBCJRsqPJDbMV
0SgsqaQST1i9t4xrd3FLA9icstJRpIUW961x3f9nnrfRnpZFObttZLWtP/BSoJMD
ikneplJfaVl3TuVVQcGfBzxQBFhHgvWNNiDSCJAVYY1YU2q3xygj41YgUSEfDwe+
XLQRG5a0AFbnojJOEU17pwoKatMQKsddZn0iFQIDAQABAoIBAQCljdOaqH3v8gmF
UQGc2pt/nY4RKOSlpMwQjiFG47AR4s5JZqFtq6iLGhj3FYHJqvhfOKyiu0RyxZ1E
xX4J1yJt7jZDtXJHccJxkIUzijT4u08lqx5Liw03lD6jCUCAl7v2oAhO+UnN5u+C
YIC7OolOnjN4duFvrNHhr0VcFL0DICFpKY/LNWhKPDMYiQwY4eM4MR367wr4fhLZ
JFHFZzlAO5X2/+7paMYVTh4aXxwA4AYuKqGVSViOUJTa2QvXcBEFv2HVK3VcYJPI
umtn1kuPzickW3H+ctFapgLvV5uKsS/EKv/DUx2drt9/eMQDIGS9E9slGyPaHOEd
u6AYYMBBAoGBAP40BW/gAGVcMCFN87uuJCIELPDNjg83ohsGDdWKxMmqqaijmTyf
nginfkTp8LXwrJ2mI0255ZA+prptXCzYud6dtFRTPq++Vgyp8gQmsjP2EMfv9r5j
IB0IJ/n286TXF6nmAdcaEKAWaM8BKSdCjtVYE2TVMbsSIOeDgvW2/F8xAoGBAOkP
pMOuPLBrgn3Y1uGUnAYOu9SbUGEiZYFIikC2LS/cmOycPXYIm+dr20zPdusiDV1e
3BFaRzxnZClTY57YEHnCfc+mYb6+UAde7zuelWfujCxHp5eYwbrLzaQU4EY0EZ+4
3iFTDvwCqMvWvjWN7JZLZKVzeKY/VBBct777IWAlAoGBALtTTJpn4QLQz6sLTcyF
hJ0IpLGDWOd/4Na3PGSb0W6ndEUQ4jCZk5TfER7pongA9sNqFeQGVNRaRvVk96MY
xsf1QVlOywgpZDIK3o0Okw3VjAI6pIMiexzJ0OPUhzF3TDnohHyl+ZBvUycQvOnw
k19Ge2w362Dm+BaDhHNcOFhRAoGBAJ8lX41/3VFbGLB28cT4hdJdHUYBCNJLeqTd
tAqcXB7itEpeJloDZvKQZB//S2Uky5uGux/eVeaZc3wExXIieJ2sgdzZ8MUfj+Z4
nURI9h0SeAWEqJyMYz37DWGOH9fQlnhK9OQso37TEhCfgyNu1q+KrB+OykQ72luR
9KclNZVBAoGAeGC+S/W6N5eTm4/sInYdbwMFBSSfcIekbGTN9FsGhIM1r2u6Piii
dZRjpKOnF0CmgJylFSMXFURncAxmpCpepKyfSpVmAQCDE6t+dd/tv7CHoMRzlPOI
cF8CQsvKkClzs02EHGCmlGINxxcm3JV61JojUEOqDo+vXKOmZVTQOEE=
-----END RSA PRIVATE KEY-----
[muyi@hadoop102 .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnbOGaxo3rEI74vC5yBnpbntBlCJldH8XBfYoHM7tLfq1CeXc39Ws9sI0wypBV82thPTRxpC8wYoyvE1b209UQsim9JvW73YW86Gjn0tWYHKfQfCtZKMmzIu5uEfZSxSJrOzkgcu9Nmg/gBiHziQ202ezTotseNruOftcEIlGyo8kNsxXRKCyppBJPWL23jGt3cUsD2Jyy0lGkhRb3rXHd/2eet9GelkU5u21kta0/8FKgkwOKSd6mUl9pWXdO5VVBwZ8HPFAEWEeC9Y02INIIkBVhjVhTarfHKCPjViBRIR8PB75ctBEblrQAVueiMk4RTXunCgpq0xAqx11mfSIV muyi@hadoop102
[muyi@hadoop102 .ssh]$
id_rsa.pub就是公钥,id_rsa是私钥
将公钥拷贝到要免密登录的目标机器上
[muyi@hadoop102 .ssh]$ ssh-copy-id hadoop103
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/muyi/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
muyi@hadoop103's password:
[muyi@hadoop102 .ssh]$ ssh hadoop103
Last login: Mon Nov 11 09:38:49 2024 from hadoop102
[muyi@hadoop103 ~]$
这样就配置成功了
那在hadoop102下还可以无密登录hadoop102吗?
[muyi@hadoop102 .ssh]$ ssh hadoop102
muyi@hadoop102's password:
Last login: Mon Nov 11 08:52:57 2024 from 192.168.10.1
[muyi@hadoop102 ~]$
很明显,需要密码,那我们也可以对hadoop102也进行配置
[muyi@hadoop102 ~]$ ssh-copy-id hadoop102
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/muyi/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
muyi@hadoop102's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'hadoop102'"
and check to make sure that only the key(s) you wanted were added.
[muyi@hadoop102 ~]$ ssh hadoop102
Last login: Mon Nov 11 09:51:29 2024 from hadoop102
[muyi@hadoop102 ~]$
查看authorized_keys文件允许哪些主机进行无密登录访问
[muyi@hadoop102 .ssh]$ ll
总用量 16
-rw-------. 1 muyi muyi 396 11月 11 09:52 authorized_keys
-rw-------. 1 muyi muyi 1679 11月 11 09:43 id_rsa
-rw-r--r--. 1 muyi muyi 396 11月 11 09:43 id_rsa.pub
-rw-r--r--. 1 muyi muyi 558 11月 10 10:37 known_hosts
[muyi@hadoop102 .ssh]$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnbOGaxo3rEI74vC5yBnpbntBlCJldH8XBfYoHM7tLfq1CeXc39Ws9sI0wypBV82thPTRxpC8wYoyvE1b209UQsim9JvW73YW86Gjn0tWYHKfQfCtZKMmzIu5uEfZSxSJrOzkgcu9Nmg/gBiHziQ202ezTotseNruOftcEIlGyo8kNsxXRKCyppBJPWL23jGt3cUsD2Jyy0lGkhRb3rXHd/2eet9GelkU5u21kta0/8FKgkwOKSd6mUl9pWXdO5VVBwZ8HPFAEWEeC9Y02INIIkBVhjVhTarfHKCPjViBRIR8PB75ctBEblrQAVueiMk4RTXunCgpq0xAqx11mfSIV muyi@hadoop102
[muyi@hadoop102 .ssh]$
root用户无密登录
那么如果是root用户进行以上配置后还能够无密登录吗
[muyi@hadoop102 .ssh]$ su
密码:
[root@hadoop102 .ssh]# ssh hadoop103
root@hadoop103's password:
Last login: Sun Nov 10 00:08:47 2024
[root@hadoop103 ~]#
很明显,需要输入密码才能够进行无密登录
当然,配置方法同上.
