目录
服务器节点编号
项目服务器较多的时候,靠脑子记 IP 太痛苦了,不如给每个节点服务器做个编号,方便标记和远程登录。
登陆主节点服务器,编辑 /etc/hosts
vim /etc/hosts
在主节点服务器的 hosts 文件末尾添加节点服务器的 IP 地址和对应编号
192.168.35.96 node01
192.168.35.95 node02
192.168.35.94 node02
192.168.35.93 node03
192.168.35.92 node04
192.168.35.91 node05
192.168.35.87 node06
192.168.35.85 node07
测试编号是否有效
[root@localhost ~]# ping -c 4 node05
PING node05 (192.168.35.91) 56(84) bytes of data.
64 bytes from node05 (192.168.35.91): icmp_seq=1 ttl=64 time=0.232 ms
64 bytes from node05 (192.168.35.91): icmp_seq=2 ttl=64 time=0.244 ms
64 bytes from node05 (192.168.35.91): icmp_seq=3 ttl=64 time=0.241 ms
64 bytes from node05 (192.168.35.91): icmp_seq=4 ttl=64 time=0.183 ms
主节点生成公钥
在主节点服务器用户目录下执行命令生成公钥
cd ~
ssh-keygen
执行命令后会提示你输入其他信息,可以不用理会,一直确认到结束

通过如下的命令查看生成的.ssh目录下文件
[root@localhost ~]# ls -atrl|grep ssh
drwx------. 1 root root 116 Dec 26 10:26 .ssh
复制公钥到子节点
按照以下命令将主节点生成的公钥复制到其他子结点上,第一次登陆放置公钥需要子节点服务器的密码,放置成功后面就不需要密码了
[root@localhost ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node04
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'node04 (172.19.19.95)' can't be established.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node04's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@node04'"
and check to make sure that only the key(s) you wanted were added.
测试免密登录子节点
成功登录子节点,而且地址为子节点编号
[root@localhost ~]# ssh root@node04
Last login: Tue Dec 26 09:34:22 2023 from 172.19.19.93
[root@localhost ~]# ifconfig
eno1: flags=4163 mtu 1500
inet 172.19.19.95 netmask 255.255.255.0 broadcast 172.19.19.255
inet6 XXXXXXXXXXXXXX prefixlen 64 scopeid 0x20
ether XXXXXXXXXXXXXX txqueuelen 1000 (Ethernet)
RX packets 17840064 bytes 9324119811 (8.6 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12520522 bytes 17055220745 (15.8 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xdfb20000-dfb3ffff
取消子节点免密登录
有时候免密登录只是为了测试方便,测试完了还要恢复回去。我们添加公钥的时候是将将主节点的公钥添加到子节点主机的 authorized_keys 文件里,如果主节点登录子节点要求输入密码,则需要在子节点主机上的 authorized_keys 中注释或去掉主节点的公钥。示例如下:
[root@node02 ~]# cd ~/.ssh
[root@node02 ~]# vi authorized_keys
[root@node02 ~]#$ cat authorized_keys
# ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiUjCuy0zCFIwVkMRsHkn+SPk4oSAYIjmI9tRT1/7wS7nkaqhoK68fHosF07g6Hwl90Gx5yfXbz1qfQXhA8dVMJnNSkSsJHCSVbRcI5nqBZhVz3Ohj1YbGnPRSr23sIfPsZv2Ajvlfu/GQu0n7hkhWbbITxwxUabGU7UZ6QpiQnKPvFOvluSQWuZ296HkmxoeEhRGDedJGf2vHJyzKIypUZTe0R2eH1WOaaNNSXQa/OjBP/i4SnnU4oMaidPJt+KWHhvYatpuEF4RUhoR7FaGaysDw6lUATLfbhgYq86EmUzqEe+OwFwgYBDWQ80s9DfHp5OjsAxc8u3sBIGIuxgeP root@192.168.35.96
然后使用主节点来远程登录子节点 node02 的时候提示我们输入密码了
[root@locahost ~]# ssh root@node02
root@node02's password:
本文介绍了如何在CentOS系统中为服务器节点分配编号,编辑hosts文件进行IP映射,并通过生成并复制公钥实现主节点对子节点的免密登录。同时提供了取消免密登录的方法。
4701

被折叠的 条评论
为什么被折叠?



