我有三台Linux,IP分别为a:10.0.0.20/b:10.0.0.50/c:10.0.0.60/d:10.0.0.70
# a为本地主机 b c d为远程主机
#在a上生成密钥对(3次回车出现图案) [root@manager scripts]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: b6:23:13:46:a0:12:5c:9f:8a:21:90:f2:2c:d4:4e:ff root@manager The key‘s randomart image is: +--[ RSA 2048]----+ |+.o.. | |++ +... | |=++ .o. | |o.=..o | | o . + S | | . E . | | o o | | o . | | | +-----------------+
# 在a上分别执行远端服务器命令
[root@manager scripts]# ssh root@10.0.0.50 "mkdir .ssh; chmod 0700 .ssh" (未将公钥发送之前需要输密码)
# 在a上分别向b c d 主机发送公钥
scp ~/.ssh/id_rsa.pub root@10.0.0.50:/root/.ssh/id_rsa.pub (需要输入密码,发完后就不需要输密码了)
# 在b c d分别执行
[root@cadicate-master ~]# touch .ssh/authorized_keys [root@cadicate-master ~]# chmod 600 ~/.ssh/authorized_keys
[root@cadicate-master ~]# cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
[root@cadicate-master ~]# rm -f /root/.ssh/id_rsa.pub (安全起见删除公钥)
回到A机器:
# ssh root@10.0.0.50 (不需要密码, 登录成功)
注:假如失败, 看看selinux是否打开
关闭selinux : setenforce 0(临时关闭) vim /etc/selinux/config 将SELINUX=enforcing改为SELINUX=disabled 重启就好
