感谢支持
我们一直在努力

Linux之间建立信任关系

【前言】


目的:在两个Linux之间建立信任关系,互相访问不用输入密码


环境:RHEL5+SSH


说明:需要建立信任关系的用户为Oracle,两台主机hostname分别为:vm1/vm2 


【步骤】


(1)、切换到需要建立信任关系的用户,这里是oracle用户
(2)、执行命令:ssh-keygen  -d,然后一直回车.
该命令会在用户home目录下生成一个隐藏的.ssh目录。目录里面有两个文件:
id_dsa、id_dsa.pub
这两个是密钥文件,id_dsa是密钥,id_dsa.pub是公钥
(3)、在.ssh目录下建立文件:authorized_keys2
(4)、在主机vm2上面执行步骤1~3
(5)、将vm1主机的id_dsa.pub文件内容复制到vm2主机的authorized_keys2
(6)、将vm2主机的id_dsa.pub文件内容复制到vm1主机的authorized_keys2


详细步骤可以参考下面:


 


<!–

Code highlighting produced by Actipro CodeHighlighter (freeware)
http://www.CodeHighlighter.com/

–>[root@vm1:/]#su oracle
[oracle@vm1]#pwd
/home/oracle
[oracle@vm1]#ls
la
总计
44
drwx—— 3 oracle oinstall 4096 03-30 17:48 .
drwxr-xr-x 4 root root 4096 03-30 17:00 ..
-rw——- 1 oracle oinstall 933 03-31 15:54 .bash_history
-rw-r–r– 1 oracle oinstall 24 03-30 17:00 .bash_logout
-rw-r–r– 1 oracle oinstall 629 03-30 17:48 .bash_profile
-rw-r–r– 1 oracle oinstall 124 03-30 17:00 .bashrc
-rw-r–r– 1 oracle oinstall 515 03-30 17:00 .emacs
drwxr-xr-x 3 oracle oinstall 4096 03-30 17:00 .kde
-rw——- 1 oracle oinstall 682 03-30 17:48 .viminfo
-rw-r–r– 1 oracle oinstall 658 03-30 17:00
.zshrc
[oracle@vm1]#ssh
-keygen –d
Generating
public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Created directory ‘/home/oracle/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
24:a2:81:6c:f3:77:b2:99:79:50:c4:2b:bb:98
:8f:ca oracle@vm1
[oracle@vm1]#ls
la
总计
48
drwx—— 4 oracle oinstall 4096 04-01 19:27 .
drwxr-xr-x 4 root root 4096 03-30 17:00 ..
-rw——- 1 oracle oinstall 933 03-31 15:54 .bash_history
-rw-r–r– 1 oracle oinstall 24 03-30 17:00 .bash_logout
-rw-r–r– 1 oracle oinstall 629 03-30 17:48 .bash_profile
-rw-r–r– 1 oracle oinstall 124 03-30 17:00 .bashrc
-rw-r–r– 1 oracle oinstall 515 03-30 17:00 .emacs
drwxr-xr-x 3 oracle oinstall 4096 03-30 17:00 .kde
drwx—— 2 oracle oinstall 4096 04-01 19:27 .ssh
-rw——- 1 oracle oinstall 682 03-30 17:48 .viminfo
-rw-r–r– 1 oracle oinstall 658 03-30 17:00
.zshrc
[oracle@vm1]#cd .ssh
[oracle@vm1]#ls
l
总计
8
-rw——- 1 oracle oinstall 668 04-01 19:27 id_dsa
-rw-r–r– 1 oracle oinstall 600 04-01 19:27
id_dsa.pub
[oracle@vm1]#touch authorized_keys2
[oracle@vm1]#ls
l
总计
8
-rw-r–r– 1 oracle oinstall 0 04-01 19:27 authorized_keys2
-rw——- 1 oracle oinstall 668 04-01 19:27 id_dsa
-rw-r–r– 1 oracle oinstall 600 04-01 19:27
id_dsa.pub
[oracle@vm1]#cp id_dsa.pub id_dsa.pub.vm1
[oracle@vm1]#scp id_dsa.pub.vm1 vm2:
/home/oracle/.ssh/
The authenticity of host
‘vm2 (139.122.1.20)’ can’t be established.
RSA key fingerprint is 2d:01:46:c1:55:6e:57:ef:0c:c1:55:50:b4:fa:39:6a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘vm2,139.122.1.20’ (RSA) to the list of known hosts.
oracle@vm2’s password:
id_dsa.pub.vm1 100% 600 0.6KB/s 00:00
[oracle@vm1]#ls
l
总计
20
-rw-r–r– 1 oracle oinstall 0 04-01 19:27 authorized_keys2
-rw——- 1 oracle oinstall 668 04-01 19:27 id_dsa
-rw-r–r– 1 oracle oinstall 600 04-01 19:27 id_dsa.pub
-rw-r–r– 1 oracle oinstall 600 04-01 19:29 id_dsa.pub.vm1
-rw-r–r– 1 oracle oinstall 600 04-01 19:30 id_dsa.pub.vm2
-rw-r–r– 1 oracle oinstall 398 04-01 19:29
known_hosts
[oracle@vm1]#cat id_dsa.pub.vm2
ssh
-dss AAAAB3NzaC1kc3MAAACBAL/W2eqD725BtEZeB+v/VOBm1TIlCU4BnDlatNBLSdNtNpnLvGU4mcv8Ym9Xk25plMB2J3YJY4o6FGVFLrAaBVzsJFvWJcZDzrsGNyaEFmW6M8SbxQV4lC/kITkuSAXnmMGE2oSeHUxRFVO5AdOIQ7x5W7bJtOe+WcHA6xgunUcTAAAAFQCMlW/wduHRlTRyluNsUhz2IF7ZrQAAAIAOzgpQbvibWn0pUstJ5jIN0J53OHVXk4wVz/R8tg9ltob+V7Jru3ABDs3/DpLJC4Ep1B1gW6rI+/sxr6Z2qGT100WOz3xKowDNREst9SHiwXPVjPy/Vv/Ymqeugc5AX3/eicVtgCgY+hxfM+4rBrTLZ19HyNSGF7YxVrsEuPSEqAAAAIB8XKN6qc7HjTfngcqwmDREaagb7y8VkYj4kUTl31vrvTXBBeUCCuaVvAUPF1bf7U55Iy4OMv6hJ4ZBXwNzK/6/2QKYt3tS8ncFg/PkGRHvafQi8HglIbAoI9cErIDDb7G55mDtoctyuoCe6apfcnxJiJNFxxgxJjjgAHdNIpEBsg== oracle@vm2
[oracle@vm1]#cat id_dsa.pub.vm2
> authorized_keys2
[oracle@vm1]#cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               vm1 localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
139.122.1.10  vm1
139.122.1.20  vm2

[oracle@vm1]#ssh vm2 ls
[oracle@vm1]#ssh vm2 ls
a
.
..
.bash_history
.bash_logout
.bash_profile
.bashrc
.emacs
.kde
.ssh
.viminfo
.zshrcd


 


    成功之后用ssh或者scp命令都不用输入密码【建立后第一次访问可能要确认一次】,如果不成功可能原因如下:


    1、.ssh目录以及目录内文件权限不正确


    .ssh目录权限为700,目录内文件权限为644


    2、复制公钥文件id_dsa.pub的时候复制了多余的字符,比如空格或者换行,所以我上面演示的例子用了一种看起来比较


麻烦但算是安全的做法


 


    备注:


    如果要建立多台主机,比如四台主机之间的root用户之间的信任关系,步骤和上面差不多,假设四台主机hostname分别为:
VM1
VM2
VM3
VM4


步骤如下:
(1)、用root用户登陆VM1
(2)、cd ~
(3)、执行命令:ssh-keygen  -d,然后一直回车.
(4)、在root用户的主目录的.ssh目录下建立文件:authorized_keys2,修改权限为:644
(5)、在其他主机上面执行步骤1、2、3、4
(6)、将VM2、VM3、VM4主机的id_dsa.pub文件内容依次复制到csg-dev1主机的authorized_keys2内
(7)、在其他主机上重复步骤6[将除了自己之外的其他主机的公钥文件的内容复制到本机的authorized_keys2里面].


3、验证
在csg-dev1上面用root用户执行命令:
#ssh VM2主机IP  ls
#ssh VM3主机IP  ls
#ssh VM4主机IP  ls
如果能顺利列出对方主机文件,则说明配置成功.

赞(0) 打赏
转载请注明出处:服务器评测 » Linux之间建立信任关系
分享到: 更多 (0)

听说打赏我的人,都进福布斯排行榜啦!

支付宝扫一扫打赏

微信扫一扫打赏