共四台机器:
10.0.16.4(l1.inet.jansora.com)
.10.0.4.10(l2.inet.jansora.com)
.10.0.4.14(l3.inet.jansora.com)
.10.0.4.12(l4.inet.jansora.com)
确保能互相ping
通
配置互信共以下几步步
1. 生成互信 key
在四台机器上分别生成 ssh-key
root@l1:~# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:1OULmKdwgL3gjWfyocJTAXiB03A6D60BX5gMVAq4r6s root@l1
The key's randomart image is:
+---[RSA 3072]----+
|o*=+ o. . |
|B.+ + .. + o |
|.=.. =..= + . |
|.= o= *+ o . . |
|+o=..* .S . |
| +=+ . |
| .+o |
|. o |
|E.. |
+----[SHA256]-----+
2. 将 SSH 互信 keys 集中到一起
将四台互信key集中到 l1.inet.jansora.com
ssh -p 22 l1.inet.jansora.com cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh -p 22 l2.inet.jansora.com cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh -p 22 l3.inet.jansora.com cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh -p 22 l4.inet.jansora.com cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
2. 将 SSH 互信 keys 分发到各台机器上
scp -P 22 ~/.ssh/authorized_keys l1.inet.jansora.com:~/.ssh/
scp -P 22 ~/.ssh/authorized_keys l2.inet.jansora.com:~/.ssh/
scp -P 22 ~/.ssh/authorized_keys l3.inet.jansora.com:~/.ssh/
scp -P 22 ~/.ssh/authorized_keys l4.inet.jansora.com:~/.ssh/
验证通过
在各个机器上分别执行下述命令进行测试(同时如果没有添加互信的话会把互信节点添加到 ~/.ssh/known_hosts
)
这个步骤是很有必要做的, 因为第一次执行远程 ssh 的话需要把对方节点添加到
~/.ssh/known_hosts
. 这一步骤是需要人工确认(输入yes
)的, 第二次就不会了, 见下方测试记录
root@l4:~# ssh -p 22 l1.inet.jansora.com date;ssh -p 22 l2.inet.jansora.com date;ssh -p 22 l3.inet.jansora.com date;ssh -p 22 l4.inet.jansora.com date;
The authenticity of host '[l1.inet.jansora.com]:22 ([10.0.16.4]:22)' can't be established.
ECDSA key fingerprint is SHA256:IRjRyhOGpV8t1TD11Lj6nchvMEtWOLyPJ0qvFG+shq8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[l1.inet.jansora.com]:22,[10.0.16.4]:22' (ECDSA) to the list of known hosts.
Sun 15 May 2022 01:48:49 PM CST
The authenticity of host '[l2.inet.jansora.com]:22 ([10.0.4.10]:22)' can't be established.
ECDSA key fingerprint is SHA256:IQOR/vXTKqdGsJLAQZVzVZYh9xt2qhf8S4pt0IqgukY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[l2.inet.jansora.com]:22,[10.0.4.10]:22' (ECDSA) to the list of known hosts.
Sun 15 May 2022 01:48:51 PM CST
The authenticity of host '[l3.inet.jansora.com]:22 ([10.0.4.14]:22)' can't be established.
ECDSA key fingerprint is SHA256:/0SLIO//nZAaIxXtzon7uCYsKxqrnEDti5Hkw6oXrGg.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[l3.inet.jansora.com]:22,[10.0.4.14]:22' (ECDSA) to the list of known hosts.
Sun 15 May 2022 01:48:52 PM CST
The authenticity of host '[l4.inet.jansora.com]:22 ([10.0.4.12]:22)' can't be established.
ECDSA key fingerprint is SHA256:uX9n1S+XS/fwlKo0wqHxL/6ubv1X8rcsE5bKq/qHjkc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[l4.inet.jansora.com]:22,[10.0.4.12]:22' (ECDSA) to the list of known hosts.
Sun 15 May 2022 01:48:53 PM CST
root@l4:~# ssh -p 22 l1.inet.jansora.com date;ssh -p 22 l2.inet.jansora.com date;ssh -p 22 l3.inet.jansora.com date;ssh -p 22 l4.inet.jansora.com date;
Sun 15 May 2022 01:50:28 PM CST
Sun 15 May 2022 01:50:29 PM CST
Sun 15 May 2022 01:50:29 PM CST
Sun 15 May 2022 01:50:30 PM CST
root@l4:~#