狮子的雄心,骆驼的耐力,孩子的执著!
分类: LINUX
2012-08-18 16:09:17
环境: centos6a,centos6b,centos6c
需求:从centos6a免密码,自动登陆到centos6b或者centos6c
步骤:
1 修改每台机器的/etc/hosts文件,内容如下
127.0.0.1 localhost
192.168.0.2 centos6a
192.168.0.3 centos6b
192.168.0.4 centos6c
2 本机创建ssh密钥
centos6a#: ssh-keygen -t rsa -P '' -f ~/.ssh/id_dsa
-P表示密码,-P '' 就表示空密码,也可以不用-P参数,这样就要三车回车,用-P就一次回车。
3 拷贝密钥到“被登陆机”输入密码,
centos6a#:~/.ssh#scp id_rsa.pub centos6b:~/.ssh/
centos6a#:~/.ssh#scp id_rsa.pub centos6c:~/.ssh/
4 ssh到“被登陆机”(centos6b,centos6c)把密钥改成 “authorized_keys”
centos6b#:~/.ssh# mv id_rsa.pub authorized_keys
centos6c#:~/.ssh# mv id_rsa.pub authorized_keys
5 在“被登陆机”(centos6b,centos6c)上执行命令 restorecon
说明:There is a bug in CentOS 6 / SELinux that results in all client
presented certificates to be ignored when SELinux is set to
Enforcing. To fix this simply:
centos6b#:restorecon -R -v ~/.ssh
centos6c#:restorecon -R -v ~/.ssh
或者
centos6b#: setenforce 0
centos6c#: setenforce 0
6 ssh centos6b 这样就实现无密码登陆
7 设置禁止root本地登录
vim /etc/pam.d/login
auth required pam_succeed_if.so user != root quiet
放到文件
/etc/pam.d/login 第一行就可以了
参考:
