Linux Configuration SSH Mutual trust
The basic idea of public key authentication:
The encryption and decryption of information using different keys, the key is called private key and public key, where public key is stored on the server to log on, and private key for a specific client hold. When the client makes a request to establish a secure connection to the server, first sends its own public key, if the public key is allowed by the server, the server sends a public key encrypted random data to the client, this data only through the private Key decryption, the client sends the decrypted information back to the server, the server verifies that the client is trustworthy, and thus establishes a secure information channel. In this way, the client does not need to send its own identity flag "private key" to achieve the purpose of verification, and private key can not be inferred from the public key backwards. This avoids the potential for password leaks caused by network eavesdropping. The client needs to be careful to save its own private key to avoid being stolen by others, and once that happens, the server will need to replace the trusted public key list.
Configuration SSH the steps to mutual trust are as follows:
1. First, on the machine to configure mutual trust, the generation of their own certified key files;
2. Next, all the key files are aggregated into a total certification file;
3. Distribute this certification document, which contains all trusted machine authentication keys, to each machine;
4. Verify mutual trust.
Create SSH trust with the same user test on the host named Node1,node2,node3.
1. Create an RSA key and public key on each node
Login with test user
mkdir ~/.ssh
chmod ~/.ssh
CD ~/.ssh
SSH-KEYGEN-T RSA
2. consolidating public key files
Execute the following command on the Node1
SSH node1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
SSH node2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
SSH node3 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod ~/.ssh/authorized_keys
3. Distributing the Consolidated public key file
Execute the following command on the Node1
SCP ~/.ssh/authorized_keys node2:~/.ssh/
SCP ~/.ssh/authorized_keys node3:~/.ssh/
4. test ssh Trust
Run the following command on each node, if you do not need to enter a password to display the current date of the system, it means that SSH trust has been configured successfully.
SSH Node1 Date
SSH Node2 Date
SSH node3 Date
Linux Configuration SSH Trust