日韩性视频-久久久蜜桃-www中文字幕-在线中文字幕av-亚洲欧美一区二区三区四区-撸久久-香蕉视频一区-久久无码精品丰满人妻-国产高潮av-激情福利社-日韩av网址大全-国产精品久久999-日本五十路在线-性欧美在线-久久99精品波多结衣一区-男女午夜免费视频-黑人极品ⅴideos精品欧美棵-人人妻人人澡人人爽精品欧美一区-日韩一区在线看-欧美a级在线免费观看

歡迎訪問 生活随笔!

生活随笔

當(dāng)前位置: 首頁 > 运维知识 > linux >内容正文

linux

linux双机互信设置

發(fā)布時(shí)間:2024/3/24 linux 30 豆豆
生活随笔 收集整理的這篇文章主要介紹了 linux双机互信设置 小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.

公鑰認(rèn)證的基本思想:
對(duì)信息的加密和解密采用不同的key,這對(duì)key分別稱作private key和public key,其中,
public key存放在欲登錄的服務(wù)器上,而private key為特定的客戶機(jī)所持有。當(dāng)客戶機(jī)
向服務(wù)器發(fā)出建立安全連接的請(qǐng)求時(shí),首先發(fā)送自己的public key,如果這個(gè)public key
是被服務(wù)器所允許的,服務(wù)器就發(fā)送一個(gè)經(jīng)過public key加密的隨機(jī)數(shù)據(jù)給客戶機(jī),這個(gè)
數(shù)據(jù)只能通過private key解密,客戶機(jī)將解密后的信息發(fā)還給服務(wù)器,服務(wù)器驗(yàn)證正確
后即確認(rèn)客戶機(jī)是可信任的,從而建立起一條安全的信息通道。通過這種方式,客戶機(jī)
不需要向外發(fā)送自己的身份標(biāo)志“private key”即可達(dá)到校驗(yàn)的目的,并且private key
是不能通過public key反向推斷出來的。這避免了網(wǎng)絡(luò)竊聽可能造成的密碼泄露??蛻魴C(jī)
需要小心的保存自己的private key,以免被其他人竊取,一旦這樣的事情發(fā)生,就需要
各服務(wù)器更換受信的public key列表。

配置ssh互信的步驟如下:
??? 1. 首先,在要配置互信的機(jī)器上,生成各自的經(jīng)過認(rèn)證的key文件;
??? 2. 其次,將所有的key文件匯總到一個(gè)總的認(rèn)證文件中;
??? 3. 將這個(gè)包含了所有互信機(jī)器認(rèn)證key的認(rèn)證文件,分發(fā)到各個(gè)機(jī)器中去;
??? 4. 驗(yàn)證互信。
在主機(jī)名為node1,node2,node3上以相同的用戶test創(chuàng)建ssh互信。
?
?
1.在每個(gè)節(jié)點(diǎn)上創(chuàng)建 RSA密鑰和公鑰
使用test用戶登陸
mkdir ~/.ssh
chmod 700 ~/.ssh
cd ~/.ssh
ssh-keygen -t rsa
?
2.整合公鑰文件
在node1上執(zhí)行以下命令
ssh node1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh node2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh node3 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
?
3.分發(fā)整合后的公鑰文件
在node1上執(zhí)行以下命令
scp ~/.ssh/authorized_keys? node2:~/.ssh/
scp ~/.ssh/authorized_keys? node3:~/.ssh/
?
4.測(cè)試ssh互信
在各個(gè)節(jié)點(diǎn)上運(yùn)行以下命令,若不需要輸入密碼就顯示系統(tǒng)當(dāng)前日期,就說明SSH互信已經(jīng)配置成功了。
ssh node1 date
ssh node2 date
ssh node3 date


2013-8-15
以下是自己具體的驗(yàn)證過程

配置ssh互信的步驟如下:
??? 1. 首先,在要配置互信的機(jī)器上,生成各自的經(jīng)過認(rèn)證的key文件;
??? 2. 其次,將所有的key文件匯總到一個(gè)總的認(rèn)證文件中;
??? 3. 將這個(gè)包含了所有互信機(jī)器認(rèn)證key的認(rèn)證文件,分發(fā)到各個(gè)機(jī)器中去;
??? 4. 驗(yàn)證互信。
在主機(jī)名為gpmaster,gpnode1,gpnode2上以相同的用戶test創(chuàng)建ssh互信。
?
?
1.在每個(gè)節(jié)點(diǎn)上創(chuàng)建 RSA密鑰和公鑰
使用root用戶登陸
mkdir ~/.ssh
chmod 700 ~/.ssh
cd ~/.ssh
ssh-keygen -t rsa
?
2.整合公鑰文件
在gpmaster上執(zhí)行以下命令
ssh gpmaster cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh gpnode1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh gpnode2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
?
3.分發(fā)整合后的公鑰文件
在gpmaster上執(zhí)行以下命令
scp ~/.ssh/authorized_keys? gpnode1:~/.ssh/
scp ~/.ssh/authorized_keys? gpnode2:~/.ssh/
?
4.測(cè)試ssh互信
在各個(gè)節(jié)點(diǎn)上運(yùn)行以下命令,若不需要輸入密碼就顯示系統(tǒng)當(dāng)前日期,就說明SSH互信已經(jīng)配置成功了。
ssh gpmaster date
ssh gpnode1 date
ssh gpnode2 date

?


具體過程是:

1.在每個(gè)節(jié)點(diǎn)上創(chuàng)建 RSA密鑰和公鑰
使用root用戶登陸
mkdir ~/.ssh
chmod 700 ~/.ssh
cd ~/.ssh
ssh-keygen -t rsa(一路敲回車)
[root@gpmaster .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):? #回車??????
Enter passphrase (empty for no passphrase): #回車
Enter same passphrase again: #回車
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
9f:62:ab:0e:8c:e4:7f:b1:8e:a7:61:db:89:74:de:36 root@gpmaster
[root@gpmaster .ssh]#

2.
整合公鑰文件
在gpmaster上執(zhí)行以下命令
ssh gpmaster cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh gpnode1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh gpnode2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
[root@gpmaster .ssh]# ssh gpmaster cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'gpmaster (192.168.66.110)' can't be established.
RSA key fingerprint is 69:ad:d3:6a:bf:ea:89:ab:6d:64:c4:1c:6f:b3:fe:9b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gpmaster,192.168.66.110' (RSA) to the list of known hosts.
root@gpmaster's password:
[root@gpmaster .ssh]# ssh gpnode1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'gpnode1 (192.168.66.111)' can't be established.
RSA key fingerprint is 69:ad:d3:6a:bf:ea:89:ab:6d:64:c4:1c:6f:b3:fe:9b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gpnode1,192.168.66.111' (RSA) to the list of known hosts.
root@gpnode1's password:
[root@gpmaster .ssh]# ssh gpnode2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'gpnode2 (192.168.66.112)' can't be established.
RSA key fingerprint is 69:ad:d3:6a:bf:ea:89:ab:6d:64:c4:1c:6f:b3:fe:9b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gpnode2,192.168.66.112' (RSA) to the list of known hosts.
root@gpnode2's password:
[root@gpmaster .ssh]# chmod 600 ~/.ssh/authorized_keys

3.
在gpmaster上執(zhí)行以下命令
scp ~/.ssh/authorized_keys? gpnode1:~/.ssh/
scp ~/.ssh/authorized_keys? gpnode2:~/.ssh/
[root@gpmaster .ssh]# scp ~/.ssh/authorized_keys? gpnode1:~/.ssh/
root@gpnode1's password:
authorized_keys?????????????????????????????????????????????????????????????????????????????????? 100% 1183???? 1.2KB/s?? 00:00???
[root@gpmaster .ssh]# scp ~/.ssh/authorized_keys? gpnode2:~/.ssh/
root@gpnode2's password:
authorized_keys??????


4.????
測(cè)試ssh互信
在各個(gè)節(jié)點(diǎn)上運(yùn)行以下命令,若不需要輸入密碼就顯示系統(tǒng)當(dāng)前日期,就說明SSH互信已經(jīng)配置成功了。
ssh gpmaster date
ssh gpnode1 date
ssh gpnode2 date?????????????????????????????????????????????????????????????????????? 100% 1183???? 1.2KB/s?? 00:00???
[root@gpmaster .ssh]# ssh gpmaster date
Thu Aug 15 10:35:27 CST 2013
[root@gpmaster .ssh]# ssh gpnode1 date
Thu Aug 15 10:35:33 CST 2013
[root@gpmaster .ssh]# ssh gpnode2 date
Thu Aug 15 10:35:42 CST 2013
[root@gpmaster .ssh]#
[root@gpmaster .ssh]#
[root@gpmaster .ssh]# ssh gpmaster date
ssh gpnode1 date
ssh gpnode2 dateThu Aug 15 10:35:52 CST 2013
[root@gpmaster .ssh]# ssh gpnode2 date

Thu Aug 15 10:35:53 CST 2013
[root@gpmaster .ssh]#
[root@gpmaster .ssh]#
[root@gpmaster .ssh]#
[root@gpmaster .ssh]# ssh gpmaster date
ssh gpnode1 date
ssh gpnode2 dateThu Aug 15 10:36:14 CST 2013
[root@gpmaster .ssh]# ssh gpnode2 date
Thu Aug 15 10:36:17 CST 2013
[root@gpmaster .ssh]#
[root@gpmaster .ssh]#
[root@gpmaster .ssh]#
[root@gpmaster .ssh]# ssh gpmaster date
ssh gpnode1 date
ssh gpnode2 date
ssh gpmaster dateThu Aug 15 10:36:32 CST 2013
[root@gpmaster .ssh]# ssh gpmaster date
Thu Aug 15 10:36:33 CST 2013
[root@gpmaster .ssh]#

總結(jié)

以上是生活随笔為你收集整理的linux双机互信设置的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò),歡迎將生活随笔推薦給好友。