在很多软件安装的时候都有这些需求,因此在这里一起讲一下
修改主机名
简单的使用 hostnamectl 命令就好了
hostnamectl set-hostname NAME
免密认证
准备工作,修改主机文件
/etc/hosts
[root@node1 .ssh]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.79.200 node1 192.168.79.202 node2 192.168.79.204 node3
在每个节点的/root/.ssh目录下执行(连按三次回车就好)
ssh-keygen -t rsa
[root@node1 .ssh]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:EZ1TYD9Hu7qQO+lKsOPGGu2ym5pbMUWR0psjBW7XVwM root@node1 The key's randomart image is: +---[RSA 2048]----+ | .ooo..E=+ . | | ...+. o+o o . | | ooooo ..o o | | ..o+ o o . | | o...S . | | + o . . | | o.+ . o.. | | o.=oo oo . | | +o=*o .oo.. | +----[SHA256]-----+
然后在node1上执行
cat id_rsa.pub >> authorized_keys
登录其余主机,将公钥文件全部拷贝到node1的authorized_keys中,如node3节点:
[root@node3 .ssh]# ssh-copy-id -i node1 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'node1 (192.168.79.200)' can't be established. ECDSA key fingerprint is SHA256:AdOUf9OIf3q4Ks7q8nj0agFtFIFdB1BGtlk8SkYImmo. ECDSA key fingerprint is MD5:91:b6:be:a0:bb:f3:7a:e5:2c:6b:4a:c0:a4:7f:01:55. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@node1's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'node1'" and check to make sure that only the key(s) you wanted were added.
此时查看node1节点的authorized_keys文件可以看到已经全部加进来了
[root@node1 .ssh]# cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3BQUX3qQJadEaBv8IGNh1aqIKIfT/9IkqZGCfx9UEFQ4kGOdpNay355YLKUOMNbjYtFSyVA0M2jkVopFPNlhEh7S/dIgYslgjEL7rtwl8evK9FI6cIkKbjWQWbpjdLgBrvvKhAPUBwhpfoUqUyzr+wtwSzgIJV8/C651OsRP4frtVruJj6qHBE+Rb++mUbs2sGj7h8NNrtWgIHJupFqrg35F7VcVGQe4LMdm3xTDXH0b/a15LosLtg7DQOngCXuJ4iL7qVIHHXqWv2Khv+Gw/PP6fvfPD29v8KCpjSq9Yk+O44LeM4mJE39TsHY+ASxSae4surdomcCCVQoeJ7tbF root@node1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC34kQ98T/x4ex1FvNnCEC1wquxJeaMTjzWuySP33CHXHK0QpvJMg5Y1t7v9sItuVCtJac0Z932Qd0E/QnBWCNuq548JmZeIWgzdXiI+G8MLSk32GJmXig9X4THUWpcRm+qmo9ZXTImqW0C1srRNr7cQ8AtViCooxFcF7s410D1XBLza7V+Key+GTrYZNQV+cXQMX643TJl/TQaOzJamDsPZnH9f9E4q1Ux0I47IiPJBMjLonox/Bqf8W+qDgQKFA6zWrebb7YWdMbS4x8hHN0+SIeoMpLYdUNy18XCREZEYd4aWJs4v8RRsrdBaKMA1LtELNktapFqVTWtc9fFN51f root@node2 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1+6ZqI1mU2mns17pNWoPkmzSExYy14gJI5elUeM91LLjxlKMz7TWofJPJg/s2hSuu3v9db3PwzYhZenCEJ6k6R8e+iUlu65QEgvQWhsLzbQW5UAXdqKzhhC6DsaYLUZbnfaCIMNvzWo6rUcaRnKZFVAw+scxxFasHJnjQmiAZg0uL8iCT1Cghu9CwqAF2UFxCCSt6rso6l71YUZAsUMtiCS1wA/D5+9rYHkXijgTsMK3nlklQNJ9QPWz/AHgTs0N59STpWJ89KMxCRZfWgvkwzoajYMK4OeUV9HxSZuzwuIOR3Rek4YB2BN0VdfQZZxO07pgnPi/OawswojkxgRYX root@node3
修改权限后把authorized_keys文件拷贝到其余节点,此时所有节点免密认证成功
[root@node1 .ssh]# chmod 600 authorized_keys [root@node1 .ssh]# scp authorized_keys node2:`pwd` The authenticity of host 'node2 (192.168.79.202)' can't be established. ECDSA key fingerprint is SHA256:AdOUf9OIf3q4Ks7q8nj0agFtFIFdB1BGtlk8SkYImmo. ECDSA key fingerprint is MD5:91:b6:be:a0:bb:f3:7a:e5:2c:6b:4a:c0:a4:7f:01:55. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'node2,192.168.79.202' (ECDSA) to the list of known hosts. root@node2's password: authorized_keys 100% 1176 622.8KB/s 00:00 [root@node1 .ssh]# scp authorized_keys node3:`pwd` The authenticity of host 'node3 (192.168.79.204)' can't be established. ECDSA key fingerprint is SHA256:AdOUf9OIf3q4Ks7q8nj0agFtFIFdB1BGtlk8SkYImmo. ECDSA key fingerprint is MD5:91:b6:be:a0:bb:f3:7a:e5:2c:6b:4a:c0:a4:7f:01:55. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'node3,192.168.79.204' (ECDSA) to the list of known hosts. root@node3's password: authorized_keys 100% 1176 519.8KB/s 00:00 [root@node1 .ssh]#
关闭防火墙
一般来说关闭firewalld服务和selinux
# 关闭防火墙 systemctl stop firewalld systemctl disable firewalld #关闭selinux 使用getenforce来查看是否开启,如果开启 使用setenforce 0关闭 # 永久关闭selinux vim /etc/sysconfig/selinux 将SELINUX=enforcing改为disabled