1. 确保线上app1服务器上有pos用户
[root@app1-server ~]# id pos
uid=504(pos) gid=504(pos) groups=504(pos)
[root@app1-server ~]# echo 123|passwd --stdin pos
2. 跳板机上的开发人员code1~code3分别生成一对秘钥
[code1@jumper-server .ssh]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/code1/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/code1/.ssh/id_rsa.
Your public key has been saved in /home/code1/.ssh/id_rsa.pub.
The key fingerprint is:
21:10:21:06:0b:d0:13:e9:52:7b:89:fc:82:cb:f4:ba code1@jumper-server
The key's randomart image is:
+--[ RSA 2048]----+
|=o+o+o |
|.o=. . |
|.+ + .. . |
|. = o . . |
| o o S |
|... . |
|o... |
|.. . |
| Eo |
+-----------------+
[code1@jumper-server .ssh]$ ll
total 12
-rw------- 1 code1 code1 1675 Aug 28 09:37 id_rsa 私钥
-rw-r--r-- 1 code1 code1 401 Aug 28 09:37 id_rsa.pub 公钥
-rw-r--r-- 1 code1 code1 390 Aug 26 11:27 known_hosts
3. 跳板机上的code1~code3人员将自己的公钥远程拷贝到线上app1的pos用户的加目录里(~/.ssh/xxx)
[code1@jumper-server .ssh]$ ssh-copy-id -i pos@10.1.1.1
pos@10.1.1.1's password:
Now try logging into the machine, with "ssh 'pos@10.1.1.1'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
或者
[code1@jumper-server .ssh]$ scp id_rsa.pub pos@10.1.1.1:/home/pos/.ssh/authorized_keys
pos@10.1.1.1's password:
id_rsa.pub 100% 401 0.4KB/s 00:00
[code1@jumper-server .ssh]$
4. 测试验证
[code1@jumper-server ~]$ ssh pos@10.1.1.1
[pos@app1-server ~]$