Shulou(Shulou.com)06/01 Report--

This article shows you how to configure SSH password-free access in a Linux cluster. The content is concise and easy to understand, which will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

1. Cluster planning

Host IP

Host name

10.141.93.101

Dmz01

10.141.93.102

Dmz02

10.141.93.103

Inside01

10.141.93.104

Inside02

10.141.93.105

Inside03

10.141.93.106

Inside04

10.141.93.107

Inside05

10.141.93.108

Inside06

10.141.93.109

Inside07

10.141.93.110

Inside08

10.141.93.111

Inside09

10.141.93.112

Inside10

10.141.93.113

Inside11

10.141.93.114

Inside12

10.141.93.115

Inside13

10.141.93.116

Inside14

10.141.93.117

Inside15

10.141.93.118

Inside16

There are 18 servers in the cluster, which are divided into 2 servers in DMZ area and 16 servers in INSIDE area. Mainly used for web server and application server, database, cache and so on. In order to deploy applications and manage cluster servers conveniently, 18 servers are configured with password-free SSH mutual access.

2. Modify the host name

Regardless of the initial installation of the system or the cloud host, the host name "localhost" or "VM_75_173_centos" is not easy to distinguish the server role. Therefore, it is easy to install, deploy and maintain, and the host name hostname will be modified again.

You can use the following command to modify the host name:

Hostnamectl set-hostname inside01

Use the above command to modify the host name and log in to ssh again, and you can see that the host name has been modified.

3. Configure the key of the aggregation server

Here, the so-called aggregation server is to select a server in the cluster, and then other servers do SSH password-free trust with it. This paper chooses dmz01 (10.141.93.101) as the aggregation server. The diagram is as follows:

Other servers do SSH login password-free trust configuration to dmz01. Here dmz01 is the aggregation server.

The command to configure the aggregation server key is as follows:

[root@dmz01] # ssh-keygen-t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/ root/.ssh/id_rsa): [enter]

Enter passphrase (empty for no passphrase): [enter]

Enter same passphrase again: [enter]

Your identification has been saved in / root/.ssh/id_rsa.

Your public key has been saved in / root/.ssh/id_rsa.pub.

The key fingerprint is:

43:0d:08:18:ec:9e:d6:1f:ea:5f:04:30:0f:66:26:41 root@dmz01

The key's randomart image is:

+-[RSA 2048]-+

| oE+O. | |

| o = =. O |

|. O. . | |

|. O |

|. O S |

| +. .. . | |

|. O.. | |

|. .. | |

|. | |

+-+

Go to the "/ root/.ssh" directory, copy and generate the "authorized_keys" file, using the following command:

Cat id_rsa.pub > > authorized_keys

The results are as follows:

[root@inside01 .ssh] # ll

Total 12

-rw-r--r-- 1 root root 395 Nov 12 16:25 authorized_keys

-rw- 1 root root 1675 Nov 12 16:24 id_rsa

-rw-r--r-- 1 root root 395 Nov 12 16:24 id_rsa.pub

4. Copy the keys of other servers

After configuring the aggregation server secret key in section 3, you need to configure dmz02,inside01 in turn. The keys of 17 servers, including inside16. The method is the same as the command in section 3.

After configuring the keys of the other 17 servers, you need to copy the keys of the 17 servers to the aggregation server dmz01. The copy command is as follows:

[root@dmz01 .ssh] # ssh-copy-id-I dmz01

[root@inside01 .ssh] # ssh-copy-id-I dmz01

Copy the secret keys of 17 sets to dmz01 in turn.

5. Copy the aggregation key file

Copy the aggregated key file from the aggregation server to the "/ root/.ssh" directory of the other 17 servers in turn, with the command as follows:

[root@dmz01 .ssh] # scp authorized_keys dmz02:/root/.ssh/

[root@dmz01 .ssh] # scp authorized_keys inside01:/root/.ssh/

...

[root@dmz01 .ssh] # scp authorized_keys inside16:/root/.ssh/

Root@inside16's password:

Authorized_keys 100% 7104 6.9KB/s 00:00

Scp copies the key file "authorized_keys" as shown above, which requires a password.

Ssh is free of password authentication:

[root@dmz01 .ssh] # ssh dmz02

The authenticity of host 'dmz02 (10.141.68.179)' can't be established.

ECDSA key fingerprint is 22:49:b2:5c:7c:8f:73:56:89:29:8a:bd:56:49:74:66.

Are you sure you want to continue connecting (yes/no)? Yes

Warning: Permanently added 'dmz02,10.141.68.179' (ECDSA) to the list of known hosts.

Last login: Sat Nov 12 17:19:19 2016 from 10.141.93.186

As can be seen from the above, "ssh dmz02", ssh login dmz02 server, no longer need to enter a password. But the hint is that you need to add dmz02 to dmz01's "know hosts" list file. So that the next time ssh accesses dmz02, it won't prompt you to join the know hosts list.

6. Generate know_hosts file

Ssh the other 17 servers from the aggregation server in turn, after the previous password-free setting. You no longer need to enter a password, but there are prompts to join the know hosts list.

Note: in order to add your dmz01 to the know hosts file, you also need to "[root@dmz01.ssh] # ssh dmz01".

The contents of the resulting know_hosts file are as follows:

View the number of know_hosts file lines:

[root@dmz01 .ssh] # wc-l known_hosts

18 known_hosts

You can see one line for each host, indicating that dmz01 knows about all 18 servers, including itself.

7. Copy know_hosts file

The know host settings of 18 servers for dmz01 are generated in section 6, and the / root/.ssh/know_hosts file scp of dmz01 is copied to the other 17 servers.

Ssh password-free login verification:

[root@dmz01 .ssh] # ssh inside10

Last login: Tue Nov 15 15:01:18 2016 from 10.141.93.186

[root@inside10 ~] # ssh inside15

Last login: Sat Nov 12 17:52:29 2016 from 10.141.93.186

[root@inside15 ~] # ssh dmz02

Last login: Sat Nov 12 20:05:59 2016 from 10.141.93.186

[root@dmz02 ~] # ssh dmz01

Last login: Thu Nov 17 23:56:05 2016 from 218.10.89.246

[root@dmz01 ~] # ssh inside15

Last login: Fri Nov 18 00:23:54 2016 from 10.141.114.152

Ssh password-free login order: dmz01insight 10insight inside15clients dmz02login dmz01inside15.

What is Linux system Linux is a free-to-use and free-spread UNIX-like operating system, is a POSIX-based multi-user, multi-task, multi-threaded and multi-CPU operating system, using Linux can run major Unix tools, applications and network protocols.

The above is how to configure SSH password-free access in a Linux cluster. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.