The basic idea of public key authentication:
The encryption and decryption of information takes differentKey, it'sKeyrespectively calledprivate Keyand thePublic Key, of which,Public Keyon the server you want to log on to, andprivate Keyowned by a particular client. When a client makes a request to the server to establish a secure connection, it first sends its ownPublic Key, if thisPublic Keyis allowed by the server, the server sends aPublic Keyencrypted random data to the client, this data can only beprivate Keydecryption, the client sends the decrypted information back to the server, and the server verifies that the client is trustworthy, thus establishing a secure information channel. In this way, the client does not need to send out its own identity flag "private Key"To achieve the purpose of the calibration, andprivate Keyis not throughPublic Keyinferred in reverse. This avoids the potential for password leaks caused by network eavesdropping. The client needs to be careful to save its ownprivate KeyTo avoid being stolen by others, and once that happens, the server needs to replace the trustedPublic Keylist.
The steps to configure SSH Trust are as follows:
1. first, on the machine to configure mutual trust, the generation of their own certified key files;
2. Next, all the key files are aggregated into a total certification file;
3. Distribute this certification document, which contains all trusted machine authentication keys , to each machine;
4. Verify mutual trust.
Create ssh Trust with the same user test on the host named Node1,node2 .
1 . create on each node RSA keys and public keys
Login with test user
mkdir ~/.ssh
chmod ~/.ssh
CD ~/.ssh
SSH-KEYGEN-T RSA
2. consolidating public key files
Execute the following command on the node1
SSH node1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh node2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod ~/.ssh/authorized_keys
3. distributing the Consolidated public key file
Execute the following command on the node1
SCP ~/.ssh/authorized_keys node2:~/.ssh/
SCP ~/.ssh/authorized_keys node3:~/.ssh/
4. Test ssh Trust
run the following command on each node, if you do not need to enter a password to display the current date of the system, it indicates SSH Trust has been configured successfully.
SSH Node1 Date
ssh node2 Date
Linux Configuration SSH Trust