引用连接:
免密登录
克隆前
- 修改静态ip
vi /etc/sysconfig/network-scripts/ifcfg-ens33
保存退出后重启网络服务使修改生效
systemctl restart network.service
- 编写
vi /etc/hosts
主机名和ip的映射192.168.202.200 three
- 关闭防火墙的开机启动
systemctl disable firewalld
systemctl list-unit-files | grep firewalld
- 安装时间同步服务: ntp
yum -y install ntp
设置ntpd 开机启动
systemctl enable ntpd
systemctl list-unit-files | grep ntpd
关闭seliunx的设置
cd /etc/selinux/ vi config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
克隆
右键点击刚刚创建的虚拟机,选择快照——-》拍摄快照
点击下图按钮,管理此虚拟机的快照
选择克隆
克隆完成
按照以上方法继续克隆两个虚拟机,来准备虚拟机之间免密登录
克隆后:
- 修改静态ip
此处需要修改克隆的三台虚拟机的静态IP,方法相同,但要自己记好对应的IP地址
vi /etc/sysconfig/network-scripts/ifcfg-ens33
保存退出后重启网络服务使修改生效
systemctl restart network.service
以nodeone示例
- 修改主机名
vi /etc/hostname
输入对应的虚拟机名称
- 免密登录 One —> Two
ssh localhost
cd .ssh
生成密钥对
ssh-keygen
五个回车
将公钥拷贝到要免密登录的目标机器上
ssh-copy-id nodethree
ssh-copy-id nodeone
示例
以拷贝公钥到nodeone虚拟机并免密连接示例,输入密码处为12345
[root@nodetwo .ssh]# ssh-copy-id nodeone
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodeone's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'nodeone'"
and check to make sure that only the key(s) you wanted were added.
[root@nodetwo .ssh]# ssh nodeone
Last login: Mon Nov 2 20:56:44 2020 from 192.168.202.131
[root@nodeone ~]# exit
登出
Connection to nodeone closed.
[root@nodetwo .ssh]#
本机免密需要提前登录输入yes
查看公钥
[root@nodetwo ~]# ll -a
总用量 32
dr-xr-x---. 3 root root 163 11月 2 19:45 .
dr-xr-xr-x. 17 root root 284 11月 2 20:12 ..
-rw-------. 1 root root 1516 11月 2 17:17 anaconda-ks.cfg
-rw-------. 1 root root 617 11月 2 20:38 .bash_history
-rw-r--r--. 1 root root 18 12月 29 2013 .bash_logout
-rw-r--r--. 1 root root 176 12月 29 2013 .bash_profile
-rw-r--r--. 1 root root 176 12月 29 2013 .bashrc
-rw-r--r--. 1 root root 100 12月 29 2013 .cshrc
drwx------ 2 root root 80 11月 2 20:21 .ssh
-rw-r--r--. 1 root root 129 12月 29 2013 .tcshrc
-rw-------. 1 root root 3833 11月 2 18:23 .viminfo
[root@nodetwo ~]# cd .ssh
[root@nodetwo .ssh]# ll
总用量 16
-rw------- 1 root root 391 11月 2 20:20 authorized_keys
-rw------- 1 root root 1679 11月 2 19:45 id_rsa
-rw-r--r-- 1 root root 391 11月 2 19:45 id_rsa.pub
-rw-r--r-- 1 root root 698 11月 2 20:22 known_hosts
nodetwo操作演示:
[root@temp ~]# cd .ssh
-bash: cd: .ssh: 没有那个文件或目录
[root@temp ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Dj0q8RAJgyKCufIH/6RcsAFb+ufzjK9XpgA0wykqkOk root@temp
The key's randomart image is: +---[RSA 2048]----+ |.=o. . | |@ ooB. | |*o Boo | |=E+ +. . | |o. +o=. S | | . =+=+ .o | | o.Bo..+ | | o.+oo | | o*+ | +----[SHA256]-----+ [root@temp ~]# [root@temp ~]# [root@temp ~]# ssh-copy-id nodethree /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: ERROR: ssh: Could not resolve hostname nodethree: Name or service not known [root@temp ~]# ssh-copy-id nodeone /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: ERROR: ssh: Could not resolve hostname nodeone: Name or service not known [root@temp ~]# vi /etc/hosts [root@temp ~]# vi /etc/hosts [root@temp ~]# cd .ssh [root@temp .ssh]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): ^Z [1]+ 已停止 ssh-keygen [root@temp .ssh]# ssh localhost The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:sdhc4a4WICwhXIzDOxI1yT38dfATBjk8Onli90l0/p8.
ECDSA key fingerprint is MD5:6d:5d:ba:42:4e:31:07:6f:99:6a:b8:0e:79:79:d8:53.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
root@localhost's password: Last login: Mon Nov 2 19:44:59 2020 from 192.168.202.1 [root@temp ~]# cd .ssh [root@temp .ssh]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa already exists. Overwrite (y/n)? n [root@temp .ssh]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /r ^H^H^H^H^H^H^H^H Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /r. Your public key has been saved i.pub. The key fingerprint is: SHA256:kPeJUVCUWfAhgcHUdCTSAhj4jFq3hzf3tdzFoNFPJkc root@temp The key's randomart image is:
+---[RSA 2048]----+
| ..o.+=XXB= |
| . . .+o== . E|
| + o o. .. . |
| o + o + .. + +|
| o . o S o o O |
|. o + . o +|
| o o . o o . |
| . o . |
| |
+----[SHA256]-----+
[root@temp .ssh]# ll
总用量 12
-rw------- 1 root root 1679 11月 2 19:45 id_rsa
-rw-r--r-- 1 root root 391 11月 2 19:45 id_rsa.pub
-rw-r--r-- 1 root root 171 11月 2 20:03 known_hosts
[root@temp .ssh]# ssh-copy-id nodethree
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'nodethree (192.168.202.202)' can't be established. ECDSA key fingerprint is SHA256:sdhc4a4WICwhXIzDOxI1yT38dfATBjk8Onli90l0/p8. ECDSA key fingerprint is MD5:6d:5d:ba:42:4e:31:07:6f:99:6a:b8:0e:79:79:d8:53. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@nodethree's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'nodethree'"
and check to make sure that only the key(s) you wanted were added.
[root@temp .ssh]# ssh nodethree
Last login: Mon Nov 2 20:14:38 2020 from localhost
[root@temp ~]# exit
登出
Connection to nodethree closed.
[root@temp .ssh]# ssh nodethree
Last login: Mon Nov 2 20:17:17 2020 from 192.168.202.131
[root@temp ~]# ssh localhost
root@localhost's password: Last login: Mon Nov 2 20:18:57 2020 from 192.168.202.131 [root@temp ~]# exit 登出 Connection to localhost closed. [root@temp ~]# exit 登出 Connection to nodethree closed. [root@temp .ssh]# ssh-copy-id localhost /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@localhost's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'localhost'"
and check to make sure that only the key(s) you wanted were added.
[root@temp .ssh]# ssh localhost
Last login: Mon Nov 2 20:03:18 2020 from localhost
[root@temp ~]# ssh-copy-id 127.0.0.1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:sdhc4a4WICwhXIzDOxI1yT38dfATBjk8Onli90l0/p8. ECDSA key fingerprint is MD5:6d:5d:ba:42:4e:31:07:6f:99:6a:b8:0e:79:79:d8:53. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system. (if you think this is a mistake, you may want to use -f option) [root@temp ~]# ssh localhost Last login: Mon Nov 2 20:20:47 2020 from localhost [root@temp ~]# ssh 127.0.0.1 Last login: Mon Nov 2 20:21:40 2020 from localhost [root@temp ~]# ssh 0.0.0.0 The authenticity of host '0.0.0.0 (0.0.0.0)' can't be established.
ECDSA key fingerprint is SHA256:sdhc4a4WICwhXIzDOxI1yT38dfATBjk8Onli90l0/p8.
ECDSA key fingerprint is MD5:6d:5d:ba:42:4e:31:07:6f:99:6a:b8:0e:79:79:d8:53.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '0.0.0.0' (ECDSA) to the list of known hosts.
Last login: Mon Nov 2 20:21:48 2020 from localhost
[root@temp ~]# ssh 0.0.0.0
Last login: Mon Nov 2 20:22:11 2020 from localhost
[root@temp ~]#