sshkeygen生成密钥对,然后使用sshcopyid将公钥复制到其他服务器。CentOS 7 SSH多服务器配置简介
在企业中,我们经常需要管理多台服务器,为了提高工作效率,我们可以使用SSH(Secure Shell)协议进行远程登录和管理,本文将详细介绍如何在CentOS 7上配置SSH多服务器。
准备工作
1、确保所有服务器已经安装了CentOS 7操作系统。
2、在所有服务器上安装OpenSSH服务,可以使用以下命令进行安装:
```
yum install opensshserver y
```
3、生成SSH密钥对,在每台服务器上执行以下命令:
```
sshkeygen t rsa
```
4、将公钥复制到其他服务器的~/.ssh/authorized_keys文件中,将服务器A的公钥复制到服务器B和服务器C:
```
sshcopyid user@serverB
sshcopyid user@serverC
```
5、为每台服务器设置一个唯一的主机名,可以使用以下命令进行设置:
```
hostnamectl sethostname serverA
```
6、编辑/etc/hosts文件,添加所有服务器的IP地址和主机名。
```
192.168.1.1 serverA
192.168.1.2 serverB
192.168.1.3 serverC
```
配置SSH免密码登录
为了让用户能够免密码登录多台服务器,我们需要在每台服务器上配置SSH免密码登录,具体操作如下:
1、在每台服务器上生成一个名为id_rsa_multi的SSH密钥对:
```
sshkeygen t rsa f ~/.ssh/id_rsa_multi N "" C "multiple servers"
```
2、将id_rsa_multi公钥复制到所有其他服务器的~/.ssh/authorized_keys文件中:
```
sshcopyid user@serverB i ~/.ssh/id_rsa_multi o "IdentitiesOnly=yes" o "BatchMode=yes" o "StrictHostKeyChecking=no" o "UserKnownHostsFile=/dev/null" o "LogLevel=QUIET" o "PreferredAuthentications=password,publickey" o "PasswordAuthentication=no" o "PubkeyAuthentication=yes" o "GSSAPIAuthentication=no" o "KerberosAuthentication=no" o "ChallengeResponseAuthentication=no" o "UsePAM=no" o "AcceptEnv=yes" o "ConnectTimeout=0" o "ControlMaster=auto" o "ControlPersist=600" o "IdentityFile=~/.ssh/id_rsa_multi" o "TCPKeepAlive=no" o "Compression=no" o "ServerAliveInterval=60" o "ServerAliveCountMax=3" o "ForwardX11=no" o "ForwardAgent=no" o "RemoteForwardX11=no" o "RemoteForwardAgent=no" o "PermitLocalCommand=no" o "ShowPatchLevel=no" o "VisualHostKey=yes" o "HostbasedAuthentication=no" o "Trust new hosts on nomatch=yes" o "UpdateHostKeys=yes" o "GSSAPIAuthentication=no" o "GSSAPICleanupCredentials=yes" o "GSSAPIStrictPayloadCheck=no" o "PasswordAuthentication=no" user@serverB:~/.ssh/authorized_keys > /dev/null 2>&1 &
```
3、测试免密码登录是否成功:
```
ssh user@serverB id_rsa_multi
```
配置SSH端口转发
为了方便远程管理,我们可以配置SSH端口转发,具体操作如下:
1、在本地计算机上创建一个名为config的文件夹,用于存放SSH配置文件:
```
mkdir ~/config && cd ~/config
```
2、创建一个新的SSH配置文件,例如serverA.conf:
```
touch serverA.conf && echo 'Host serverA' >> serverA.conf && echo ' Port 22' >> serverA.conf && echo ' User user' >> serverA.conf && echo ' IdentityFile ~/.ssh/id_rsa' >> serverA.conf && echo ' ServerAliveInterval 60' >> serverA.conf && echo ' ServerAliveCountMax 3' >> serverA.conf && echo ' ForwardX11 no' >> serverA.conf && echo ' ForwardAgent yes' >> serverA.conf && echo ' ProxyCommand ssh user@serverB netcat %h %p' >> serverA.conf && echo ' Compression yes' >> serverA.conf && echo ' TCPKeepAlive yes' >> serverA.conf && echo ' ClientAliveInterval 60' >> serverA.conf && echo ' ClientAliveCountMax 3' >> serverA.conf && echo ' StrictHostKeyChecking no' >> serverA.conf && echo ' UserKnownHostsFile /dev/null' >> serverA.conf && echo ' IdentityFile ~/.ssh/id_rsa_multi' >> serverA.conf && echo ' GSSAPIAuthentication no' >> serverA.conf && echo ' GSSAPICleanupCredentials yes' >> serverA.conf && echo ' GSSAPIStrictPayloadCheck no' >> serverA.conf && echo ' PasswordAuthentication no' >> serverA.conf && echo ' PubkeyAuthentication yes' >> serverA.conf && echo ' PermitLocalCommand yes' >> serverA.conf && echo ' UpdateHostKeys yes' >> serverA.conf && echo ' VisualHostKey yes' >> serverA.conf && echo ' HostbasedAuthentication no' >> serverA.conf && echo ' Trust new hosts on nomatch yes' >> serverA.conf && echo ' RemoteForwardX11 no' >> serverA.conf && echo ' RemoteForwardAgent no' >> serverA.conf && echo ' AllowTcpForwarding yes' >> serverA.conf && echo ' XAuthLocation /opt/X11/bin/xauth' >> serverA.conf && echo ' GatewayPorts yes' >> serverA.conf && echo ' DynamicForward yes' >> serverA.conf && echo ' ExitOnForwardFailure yes' >> serverA.conf && echo ' ControlMaster auto' >> serverA.clie && echo ' ControlPersist 600' >> serverA.clie && chmod 600 ~/config/serverA.clie && mv ~/config/serverA.clie ~/config/serverB.clie ~/config/serverC.clie ~/config/serverD.clie ~/config/serverE.clie ~/config/serverF.clie ~/config/serverG
原创文章,作者:K-seo,如若转载,请注明出处:https://www.kdun.cn/ask/545575.html
微信扫一扫