实现背景:在集群集群服务中的节点管理,必须站在一个正常的节点上,去远程管理:启动和关闭某个节点的服务(第一个节点肯定自己启动的除外),所以集群中各节点之间必须建立ssh互信通信方式机制。 基于密钥认证方式无密码的ssh互信通信。
实现条件:node1:192.168.176.6 主机名称是node1.magedu.com;
node2:192.168.176.6 主机名称是node1.magedu.com;
实现目的:在节点node1上可以ssh 192.168.176.7 ssh node2 ;在节点node2上可以ssh 192.168.176.6 ssh node1
实现步骤:
(1)在node1 上使用ssh-keygen 工具生成公钥和私钥
[root@node1 ~]# ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): 回车Enter passphrase (empty for no passphrase): 回车,设置空密码Enter same passphrase again:回车Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:77:7d:09:dc:9c:d5:dd:41:d3:66:3e:0b:e9:98:dc:32 root@node1.magedu.comThe key's randomart image is:+--[ RSA 2048]----+| .+B|| . o @|| o.B || +..o|| S o * o.+|| . E o o || o || || |+-----------------+
(2)在node1上使用ssh-copy-id工具将/root/.ssh/id_rsa.pub.远程拷贝至node的~/.ssh/目录下
[root@node1 ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.176.7The authenticity of host '192.168.176.7 (192.168.176.7)' can't be established.RSA key fingerprint is da:6d:09:5a:86:fa:17:6b:e4:1d:2d:57:1e:cc:32:1b.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.176.7' (RSA) to the list of known hosts.root@192.168.176.7's password:Now try logging into the machine, with "ssh 'root@192.168.176.7'", and check in: .ssh/authorized_keysto make sure we haven't added extra keys that you weren't expecting.
(3)在node1验证ssh 192.168.176.7 ,然后在验证ssh node2
[root@node1 heartbeat]# ssh node2The authenticity of host 'node2 (192.168.176.7)' can't be established.RSA key fingerprint is da:6d:09:5a:86:fa:17:6b:e4:1d:2d:57:1e:cc:32:1b.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'node2' (RSA) to the list of known hosts.Last login: Fri Apr 22 10:29:40 2016 from node1