配置机器 hostname
vi /etc/hostname 增加S1PA11
再执行 # hostname S1PA11 ---修改成功
打开hosts文件 并修改关联关系:
127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6
增加下面两行 (本地和另一台机器IP和hostname) 10.58.44.47 S1PA11 10.126.45.56 S1PA222
ping S1PA222 PING S1PA222 (10.126.45.56) 56(84) bytes of data. 64 bytes from S1PA222 (10.126.45.56): icmp_seq=1 ttl=62 time=0.235 ms 64 bytes from S1PA222 (10.126.45.56): icmp_seq=2 ttl=62 time=0.216 ms 64 bytes from S1PA222 (10.126.45.56): icmp_seq=3 ttl=62 time=0.276 ms
ping S1PA11 PING S1PA11 (10.58.44.47) 56(84) bytes of data. 64 bytes from S1PA11 (10.58.44.47): icmp_seq=1 ttl=62 time=0.268 ms 64 bytes from S1PA11 (10.58.44.47): icmp_seq=2 ttl=62 time=0.273 ms
目前 两台机器是可以通信的
ssh免密码验证配置
首先在S1PA11机器配置(该机器是master)
进去.ssh文件: [spark@S1PA11 sbin]$ cd ~/.ssh/
生成秘钥 ssh-keygen : ssh-keygen -t rsa ,一路狂按回车键就可以了
最终生成(id_rsa,id_rsa.pub两个文件)
生成authorized_keys文件:[spark@S1PA11 .ssh]$ cat id_rsa.pub >> authorized_keys
在另一台机器S1PA222(slave机器)也生成公钥和秘钥
步骤跟S1PA11是类似的
进去.ssh文件: [spark@S1PA11 sbin]$ cd ~/.ssh/
生成秘钥 ssh-keygen :ssh-keygen -t rsa ,一路狂按回车键就可以了
最终生成(id_rsa,id_rsa.pub两个文件)
将S1PA222机器的id_rsa.pub文件copy到S1PA11机器:
[spark@S1PA222 .ssh]$ scp id_rsa.pub spark@10.58.44.47:~/.ssh/id_rsa.pub_sl
此切换到机器S1PA11 合并authorized_keys;
[spark@S1PA11 .ssh]$ cat id_rsa.pub_sl >> authorized_keys
将authorized_keyscopy到S1PA222机器(/home/spark/.ssh):
[spark@S1PA11 .ssh]$ scp authorized_keys spark@10.126.45.56:~/.ssh/
现在讲两台机器 .ssh/ 文件夹权限改为700,authorized_keys文件权限改为600(or 644)
chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
OK 完成以上操作后 可以开始ssh验证了
S1PA11j机器sshS1PA222
[spark@S1PA11 .ssh]$ ssh S1PA222 Last login: Mon Jan 5 15:18:58 2015 from s1pa11 [spark@S1PA222 ~]$ exit logout Connection to S1PA222 closed. [spark@S1PA11 .ssh]$ ssh S1PA222 Last login: Mon Jan 5 15:46:00 2015 from s1pa11
S1PA222机器ssh S1PA11
Connection to S1PA11 closed. [spark@S1PA222 .ssh]$ ssh S1PA11 Last login: Mon Jan 5 15:46:43 2015 from s1pa222 [spark@S1PA11 ~]$ exit
顺利完成ssh免密码验证
PS:异常问题处理
1、ssh localhost:publickey 授权失败
sudo vi /etc/ssh/sshd_config RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys service sshd restart 注:ssh可同时支持publickey和password两种授权方式,publickey默认不开启,需要配置为yes。 如果客户端不存在.ssh/id_rsa,则使用password授权;存在则使用publickey授权; 如果publickey授权失败,依然会继续使用password授权。 不要设置 PasswordAuthentication no ,它的意思是禁止密码登录,这样就只能本机登录了!
2、vi /etc/selinux/config SELINUX=disabled chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys 最后重启你的 linux 执行 ssh localhost
3、ssh ip 或 hostname 均提示:connection refused 目标主机的ssh server端程序是否安装、服务是否启动,是否在侦听22端口; 是否允许该用户登录; 本机是否设置了iptables规则,禁止了ssh的连入/连出;