2013年12月27日 星期五

[研究] ssh 免密碼登入與主機名稱關係

[研究] ssh 免密碼登入與主機名稱關係

2013-12-26

基本套件安裝

yum  -y  install  openssh  rsync  sshd
service sshd restart

測試一:主機名稱只有 localhost 和 localhost.localdomain

[root@localhost ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

.ssh 目錄原本不存在,如下:

[root@localhost ~]# ls ~/.ssh
ls: cannot access /root/.ssh: No such file or directory

.ssh 目錄原本不存在,如下:

[root@localhost ~]# ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
Generating public/private dsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
f9:b4:25:b1:0d:4b:6f:15:b9:da:c7:b7:e1:0e:d9:0f root@localhost.localdomain
The key's randomart image is:
+--[ DSA 1024]----+
|              .. |
|              .. |
|          +   .. |
|         o B ..  |
|        S = =o . |
|         o =. +.+|
|          o  oEo+|
|              .+.|
|              ...|
+-----------------+

.ssh 目錄建立了,而且有兩個檔案,如下:

[root@localhost ~]# ls -al ~/.ssh
total 16
drwx------. 2 root root 4096 Dec 26 21:51 .
dr-xr-x---. 6 root root 4096 Dec 26 21:51 ..
-rw-------. 1 root root  668 Dec 26 21:51 id_dsa
-rw-r--r--. 1 root root  616 Dec 26 21:51 id_dsa.pub
[root@localhost ~]#

[root@localhost ~]# cat ~/.ssh/id_dsa
-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQDgDhd2pO8stCXqdc2lhd0NelvQiNPdGcRHrRRBD0Tyw8cV5tgh
ftPCAWK04gVYUOzoNccZFEHznhsTnlhFRJ94vUnuFeGjTdUdiGLSv/5poQw/8WCc
qSp+U8FQPndr57MHoap58YbLoCT6+YPpk+9LUDrBZo9aui86bg1KX+/1qQIVALQ4
MrAipmS+ePTNJbxVNykxIEFBAoGAPDz1Vqn9Fj3hl909m/gg0lHyOdirG4IhOfDs
Rn6h229+E3Ni+55Fn61DZ6vX0Zfd3MJWkSHtIUSLQvLUFua0d5upyrwudAy0BJOZ
tqDWIhC8tH6kCWjIZh5XCBi/NRXkMn7yqQbXH0VTQZj4bbdKtBNCal0XMYmSCQWH
Tzae8GoCgYEAs5JlIGWwpgfVshDQqq37qrNeM7QjAXGPy0+ShsCaX9QBT93L1u3K
DBT7chwZ+CtijBNBPBayE+SmlCyvz050LrAx6BJaf+KojsIETKobKbSwmpJDIoT+
WqDgufKEZrGEL2T6sJXbwgMm9w2x47lszuwazmdxQ56nE7MXaa+yeUsCFG/zuTR0
olVJO7k1RsVLVpRxary3
-----END DSA PRIVATE KEY-----

[root@localhost ~]# cat ~/.ssh/id_dsa.pub
ssh-dss AAAAB3NzaC1kc3MAAACBAOAOF3ak7yy0Jep1zaWF3Q16W9CI090ZxEetFEEPRPLDxxXm2CF+08IBYrTiBVhQ7Og1xxkUQfOeGxOeWEVEn3i9Se4V4aNN1R2IYtK//mmhDD/xYJypKn5TwVA+d2vnswehqnnxhsugJPr5g+mT70tQOsFmj1q6LzpuDUpf7/WpAAAAFQC0ODKwIqZkvnj0zSW8VTcpMSBBQQAAAIA8PPVWqf0WPeGX3T2b+CDSUfI52KsbgiE58OxGfqHbb34Tc2L7nkWfrUNnq9fRl93cwlaRIe0hRItC8tQW5rR3m6nKvC50DLQEk5m2oNYiELy0fqQJaMhmHlcIGL81FeQyfvKpBtcfRVNBmPhtt0q0E0JqXRcxiZIJBYdPNp7wagAAAIEAs5JlIGWwpgfVshDQqq37qrNeM7QjAXGPy0+ShsCaX9QBT93L1u3KDBT7chwZ+CtijBNBPBayE+SmlCyvz050LrAx6BJaf+KojsIETKobKbSwmpJDIoT+WqDgufKEZrGEL2T6sJXbwgMm9w2x47lszuwazmdxQ56nE7MXaa+yeUs= root@localhost.localdomain

把公鑰放入授權檔案,如下:

[root@localhost ~]# cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

[root@localhost ~]# chmod 600 ~/.ssh/authorized_keys

[root@localhost ~]# ls -al ~/.ssh
total 20
drwx------. 2 root root 4096 Dec 26 23:03 .
dr-xr-x---. 6 root root 4096 Dec 26 21:51 ..
-rw-------. 1 root root  616 Dec 26 23:03 authorized_keys
-rw-------. 1 root root  668 Dec 26 21:51 id_dsa
-rw-r--r--. 1 root root  616 Dec 26 21:51 id_dsa.pub

第一次連線時候,會要求輸入密碼,如下:

[root@localhost ~]# ssh root@localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is ac:12:b8:b7:5d:ad:3b:38:b8:21:de:82:e5:70:bd:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
Last login: Thu Dec 26 23:02:46 2013 from localhost

[root@localhost ~]# exit
logout
Connection to localhost closed.

第二次連線時候,不會要求輸入密碼,如下:

[root@localhost ~]# ssh root@localhost
Last login: Thu Dec 26 23:04:32 2013 from localhost

[root@localhost ~]# exit
logout
Connection to localhost closed.


[root@localhost ~]# ls -al ~/.ssh
total 24
drwx------. 2 root root 4096 Dec 26 23:04 .
dr-xr-x---. 6 root root 4096 Dec 26 21:51 ..
-rw-------. 1 root root  616 Dec 26 23:03 authorized_keys
-rw-------. 1 root root  668 Dec 26 21:51 id_dsa
-rw-r--r--. 1 root root  616 Dec 26 21:51 id_dsa.pub
-rw-r--r--. 1 root root  391 Dec 26 23:04 known_hosts

[root@localhost ~]# cat ~/.ssh/known_hosts
localhost ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LIV57VFoes/fM6eplVCzvMgSZ+ZR0WuvApkgptMIu/bEoFQqK6Hdz4zduh8gIFYWQnvzmd5mYqS6h0QXCweindBjZSu0OxVL3E9VwLE/gl7ps/j9NXmaUcRdsQ40dS0H+WnH7tCAIB0E2gvixSBqDMIJ58maRwF3ELU7D+rUKufnrSDNZb+wFTfjszocuXb1D70G20R+GfQlCh8vb9RJrdeFEoFowKYJHE0uZsO6pBt7ljXXTc2i9mAl3zrMgM/yJCAVb9UrQc99wNSu7m+C12urASZflDjZB/Ut2uVcqaeTQ2Aotd96q72D8y7qwnq3Sca3P8WNE352bf3lgY5mw==

如上,第一次連線,ssh 會把 key 放入 known_hosts 檔案中,第二次連線發現 key 存在,就直接連線不問了
/root/.ssh/known_hosts 檔案目前只有一行,一開頭為 localhost,表示允許無密碼連到 root@localhost

改測試連 root@localhost.localdomain
雖然 localhost.localdomain 和 localhost 是相同 IP 和主機,但是 ssh 免密碼連線當成不同,仍要輸入密碼

[root@localhost ~]# ssh root@localhost.localdomain
The authenticity of host 'localhost.localdomain (::1)' can't be established.
RSA key fingerprint is ac:12:b8:b7:5d:ad:3b:38:b8:21:de:82:e5:70:bd:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost.localdomain' (RSA) to the list of known hosts.
Last login: Thu Dec 26 23:04:36 2013 from localhost

[root@localhost ~]# exit
logout
Connection to localhost.localdomain closed.

[root@localhost ~]# ssh root@localhost.localdomain
Last login: Thu Dec 26 23:06:19 2013 from localhost

[root@localhost ~]# exit
logout
Connection to localhost.localdomain closed.

[root@localhost ~]# cat ~/.ssh/known_hosts
localhost ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LIV57VFoes/fM6eplVCzvMgSZ+ZR0WuvApkgptMIu/bEoFQqK6Hdz4zduh8gIFYWQnvzmd5mYqS6h0QXCweindBjZSu0OxVL3E9VwLE/gl7ps/j9NXmaUcRdsQ40dS0H+WnH7tCAIB0E2gvixSBqDMIJ58maRwF3ELU7D+rUKufnrSDNZb+wFTfjszocuXb1D70G20R+GfQlCh8vb9RJrdeFEoFowKYJHE0uZsO6pBt7ljXXTc2i9mAl3zrMgM/yJCAVb9UrQc99wNSu7m+C12urASZflDjZB/Ut2uVcqaeTQ2Aotd96q72D8y7qwnq3Sca3P8WNE352bf3lgY5mw==
localhost.localdomain ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LIV57VFoes/fM6eplVCzvMgSZ+ZR0WuvApkgptMIu/bEoFQqK6Hdz4zduh8gIFYWQnvzmd5mYqS6h0QXCweindBjZSu0OxVL3E9VwLE/gl7ps/j9NXmaUcRdsQ40dS0H+WnH7tCAIB0E2gvixSBqDMIJ58maRwF3ELU7D+rUKufnrSDNZb+wFTfjszocuXb1D70G20R+GfQlCh8vb9RJrdeFEoFowKYJHE0uZsO6pBt7ljXXTc2i9mAl3zrMgM/yJCAVb9UrQc99wNSu7m+C12urASZflDjZB/Ut2uVcqaeTQ2Aotd96q72D8y7qwnq3Sca3P8WNE352bf3lgY5mw==

如上,~/.ssh/known_hosts 檔案多了一行 localhost.localdomain 的 key

[root@localhost ~]# ssh root@127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is ac:12:b8:b7:5d:ad:3b:38:b8:21:de:82:e5:70:bd:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
Last login: Thu Dec 26 23:06:28 2013 from localhost
[root@localhost ~]# exit
logout
Connection to 127.0.0.1 closed.

[root@localhost ~]# ssh root@192.168.128.104
The authenticity of host '192.168.128.104 (192.168.128.104)' can't be established.
RSA key fingerprint is ac:12:b8:b7:5d:ad:3b:38:b8:21:de:82:e5:70:bd:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.128.104' (RSA) to the list of known hosts.
Last login: Thu Dec 26 23:07:40 2013 from localhost
[root@localhost ~]# exit
logout
Connection to 192.168.128.104 closed.

**********************************************************************

測試二:主機名稱加上 master01

[root@localhost ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.128.104   master01

[root@localhost ~]# rm  -fr  /root/.ssh
[root@localhost ~]# ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
[root@localhost ~]# cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
[root@localhost ~]# chmod 600 ~/.ssh/authorized_keys

[root@localhost ~]# ssh root@localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is ac:12:b8:b7:5d:ad:3b:38:b8:21:de:82:e5:70:bd:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
Last login: Thu Dec 26 23:08:01 2013 from 192.168.128.104
[root@localhost ~]# exit
logout
Connection to localhost closed.

[root@localhost ~]# ssh root@master01
The authenticity of host 'master01 (192.168.128.104)' can't be established.
RSA key fingerprint is ac:12:b8:b7:5d:ad:3b:38:b8:21:de:82:e5:70:bd:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'master01,192.168.128.104' (RSA) to the list of known hosts.
Last login: Thu Dec 26 23:21:46 2013 from localhost
[root@localhost ~]# exit
logout
Connection to master01 closed.

[root@localhost ~]# ssh root@192.168.128.104
Last login: Thu Dec 26 23:22:32 2013 from master01
[root@localhost ~]# exit
logout
Connection to 192.168.128.104 closed.

[root@localhost ~]# cat ~/.ssh/known_hosts
master01,192.168.128.104 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LIV57VFoes/fM6eplVCzvMgSZ+ZR0WuvApkgptMIu/bEoFQqK6Hdz4zduh8gIFYWQnvzmd5mYqS6h0QXCweindBjZSu0OxVL3E9VwLE/gl7ps/j9NXmaUcRdsQ40dS0H+WnH7tCAIB0E2gvixSBqDMIJ58maRwF3ELU7D+rUKufnrSDNZb+wFTfjszocuXb1D70G20R+GfQlCh8vb9RJrdeFEoFowKYJHE0uZsO6pBt7ljXXTc2i9mAl3zrMgM/yJCAVb9UrQc99wNSu7m+C12urASZflDjZB/Ut2uVcqaeTQ2Aotd96q72D8y7qwnq3Sca3P8WNE352bf3lgY5mw==

這裡注意一下,ssh root@master01 被紀錄後,ssh root@192.168.128.104 可以直接連上
檢視 known_hosts 檔案發現 master01 和 192.168.128.104 同時被記錄使用相同 key

[root@localhost ~]# ssh root@localhost.localdomain
The authenticity of host 'localhost.localdomain (::1)' can't be established.
RSA key fingerprint is ac:12:b8:b7:5d:ad:3b:38:b8:21:de:82:e5:70:bd:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost.localdomain' (RSA) to the list of known hosts.
Last login: Thu Dec 26 23:22:41 2013 from master01
[root@localhost ~]# exit
logout
Connection to localhost.localdomain closed.
[root@localhost ~]#


[root@localhost ~]# ssh root@127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is ac:12:b8:b7:5d:ad:3b:38:b8:21:de:82:e5:70:bd:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
Last login: Thu Dec 26 23:23:12 2013 from localhost
[root@localhost ~]# exit
logout
Connection to 127.0.0.1 closed.
[root@localhost ~]#

砍掉 known_hosts

[root@localhost ~]# rm -fr ~/.ssh/known_hosts

[root@localhost ~]# ssh root@192.168.128.104
The authenticity of host '192.168.128.104 (192.168.128.104)' can't be establishe d.
RSA key fingerprint is ac:12:b8:b7:5d:ad:3b:38:b8:21:de:82:e5:70:bd:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.128.104' (RSA) to the list of known hosts.
Last login: Thu Dec 26 23:25:10 2013 from localhost

[root@localhost ~]# exit
logout
Connection to 192.168.128.104 closed.

[root@localhost ~]# ssh root@master01
The authenticity of host 'master01 (192.168.128.104)' can't be established.
RSA key fingerprint is ac:12:b8:b7:5d:ad:3b:38:b8:21:de:82:e5:70:bd:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'master01' (RSA) to the list of known hosts.
Last login: Thu Dec 26 23:25:49 2013 from master01

這裡注意一下,之前 ssh root@master01 被紀錄後,ssh root@192.168.128.104 可以直接連上
但是 ssh root@192.168.128.104 被記錄後,ssh root@master01 仍要輸入密碼

[root@localhost ~]# exit
logout
Connection to master01 closed.

[root@localhost ~]# cat ~/.ssh/known_hosts
192.168.128.104 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LIV57VFoes/fM6eplVCzvMgSZ+Z R0WuvApkgptMIu/bEoFQqK6Hdz4zduh8gIFYWQnvzmd5mYqS6h0QXCweindBjZSu0OxVL3E9VwLE/gl7 ps/j9NXmaUcRdsQ40dS0H+WnH7tCAIB0E2gvixSBqDMIJ58maRwF3ELU7D+rUKufnrSDNZb+wFTfjszo cuXb1D70G20R+GfQlCh8vb9RJrdeFEoFowKYJHE0uZsO6pBt7ljXXTc2i9mAl3zrMgM/yJCAVb9UrQc9 9wNSu7m+C12urASZflDjZB/Ut2uVcqaeTQ2Aotd96q72D8y7qwnq3Sca3P8WNE352bf3lgY5mw==
master01 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LIV57VFoes/fM6eplVCzvMgSZ+ZR0WuvAp kgptMIu/bEoFQqK6Hdz4zduh8gIFYWQnvzmd5mYqS6h0QXCweindBjZSu0OxVL3E9VwLE/gl7ps/j9NX maUcRdsQ40dS0H+WnH7tCAIB0E2gvixSBqDMIJ58maRwF3ELU7D+rUKufnrSDNZb+wFTfjszocuXb1D7 0G20R+GfQlCh8vb9RJrdeFEoFowKYJHE0uZsO6pBt7ljXXTc2i9mAl3zrMgM/yJCAVb9UrQc99wNSu7m +C12urASZflDjZB/Ut2uVcqaeTQ2Aotd96q72D8y7qwnq3Sca3P8WNE352bf3lgY5mw==

發現 192.168.128.104 和 master01 使用相同 key,把 known_hosts 內容修改如下
也就是 master01,192.168.128.104,localhost,localhostdomain,master02,127.0.0.1 用相同 key

[root@localhost ~]# cat ~/.ssh/known_hosts
master01,192.168.128.104,localhost,localhostdomain,master02,127.0.0.1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LIV57VFoes/fM6eplVCzvMgSZ+ZR0WuvApkgptMIu/bEoFQqK6Hdz4zduh8gIFYWQnvzmd5mYqS6h0QXCweindBjZSu0OxVL3E9VwLE/gl7ps/j9NXmaUcRdsQ40dS0H+WnH7tCAIB0E2gvixSBqDMIJ58maRwF3ELU7D+rUKufnrSDNZb+wFTfjszocuXb1D70G20R+GfQlCh8vb9RJrdeFEoFowKYJHE0uZsO6pBt7ljXXTc2i9mAl3zrMgM/yJCAVb9UrQc99wNSu7m+C12urASZflDjZB/Ut2uVcqaeTQ2Aotd96q72D8y7qwnq3Sca3P8WNE352bf3lgY5mw==

測試一下,發現 root@localhost 不會問了,但 root@master02 不行,因為 /etc/hosts 根本沒有設定 master02 的 IP

[root@localhost ~]# ssh root@localhost
Last login: Thu Dec 26 23:28:03 2013 from master01
[root@localhost ~]# exit
logout
Connection to localhost closed.

[root@localhost ~]# ssh root@master02
^C

**********************************************************************

測試三:主機名稱加上 master01 和 master01.

[root@localhost ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.128.104   master01    master01.hadoops

[root@localhost ~]# rm -fr ~/.ssh/known_hosts

[root@localhost ~]# ssh root@master01.hadoops
The authenticity of host 'master01.hadoops (192.168.128.104)' can't be established.
RSA key fingerprint is ac:12:b8:b7:5d:ad:3b:38:b8:21:de:82:e5:70:bd:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'master01.hadoops,192.168.128.104' (RSA) to the list of known hosts.
Last login: Thu Dec 26 23:32:02 2013 from localhost
[root@localhost ~]# exit
logout
Connection to master01.hadoops closed.

[root@localhost ~]# cat /root/.ssh/known_hosts
master01.hadoops,192.168.128.104 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LIV57VFoes/fM6eplVCzvMgSZ+ZR0WuvApkgptMIu/bEoFQqK6Hdz4zduh8gIFYWQnvzmd5mYqS6h0QXCweindBjZSu0OxVL3E9VwLE/gl7ps/j9NXmaUcRdsQ40dS0H+WnH7tCAIB0E2gvixSBqDMIJ58maRwF3ELU7D+rUKufnrSDNZb+wFTfjszocuXb1D70G20R+GfQlCh8vb9RJrdeFEoFowKYJHE0uZsO6pBt7ljXXTc2i9mAl3zrMgM/yJCAVb9UrQc99wNSu7m+C12urASZflDjZB/Ut2uVcqaeTQ2Aotd96q72D8y7qwnq3Sca3P8WNE352bf3lgY5mw==

[root@localhost ~]# ssh root@master01
The authenticity of host 'master01 (192.168.128.104)' can't be established.
RSA key fingerprint is ac:12:b8:b7:5d:ad:3b:38:b8:21:de:82:e5:70:bd:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'master01' (RSA) to the list of known hosts.
Last login: Thu Dec 26 23:34:43 2013 from master01
[root@localhost ~]# exit
logout
Connection to master01 closed.

[root@localhost ~]# cat /root/.ssh/known_hosts
master01.hadoops,192.168.128.104 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LIV57VFoes/fM6eplVCzvMgSZ+ZR0WuvApkgptMIu/bEoFQqK6Hdz4zduh8gIFYWQnvzmd5mYqS6h0QXCweindBjZSu0OxVL3E9VwLE/gl7ps/j9NXmaUcRdsQ40dS0H+WnH7tCAIB0E2gvixSBqDMIJ58maRwF3ELU7D+rUKufnrSDNZb+wFTfjszocuXb1D70G20R+GfQlCh8vb9RJrdeFEoFowKYJHE0uZsO6pBt7ljXXTc2i9mAl3zrMgM/yJCAVb9UrQc99wNSu7m+C12urASZflDjZB/Ut2uVcqaeTQ2Aotd96q72D8y7qwnq3Sca3P8WNE352bf3lgY5mw==
master01 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LIV57VFoes/fM6eplVCzvMgSZ+ZR0WuvApkgptMIu/bEoFQqK6Hdz4zduh8gIFYWQnvzmd5mYqS6h0QXCweindBjZSu0OxVL3E9VwLE/gl7ps/j9NXmaUcRdsQ40dS0H+WnH7tCAIB0E2gvixSBqDMIJ58maRwF3ELU7D+rUKufnrSDNZb+wFTfjszocuXb1D70G20R+GfQlCh8vb9RJrdeFEoFowKYJHE0uZsO6pBt7ljXXTc2i9mAl3zrMgM/yJCAVb9UrQc99wNSu7m+C12urASZflDjZB/Ut2uVcqaeTQ2Aotd96q72D8y7qwnq3Sca3P8WNE352bf3lgY5mw==

**********************************************************************

測試四

[root@localhost ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

設定 hostname

[root@localhost ~]# hostname master01

顯示 hostname

[root@localhost ~]# hostname
master01

[root@localhost ~]# rm -fr /root/.ssh/known_hosts
[root@localhost ~]# ssh root@master01
ssh: Could not resolve hostname master01: Name or service not known

所以 ssh 會去找 /etc/hosts 內容

**********************************************************************

測試五

[root@localhost ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

[root@localhost ~]# hostname
localhost.localdomain

[root@localhost ~]# cat /etc/sysconfig/network
NETWORKING=yes
#HOSTNAME=localhost.localdomain
HOSTNAME=master01.hadoops
GATEWAY=192.168.128.2

[root@localhost ~]# rm -fr /root/.ssh/known_hosts

[root@localhost ~]# ssh root@master01.hadoops
ssh: Could not resolve hostname master01.hadoops: Name or service not known
[root@localhost ~]#

**********************************************************************

結論

當 key 做好後,第一次 ssh 連線 ( 例如 ssh@localhost ) 產生 known_hosts 檔案後
修改 known_hosts,增加相關 IP 主機名稱,是最方便的,例如

[root@localhost ~]# cat ~/.ssh/known_hosts
localhost ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LIV57VFoes/fM6eplVCzvMgSZ+ZR0WuvApkgptMIu/bEoFQqK6Hdz4zduh8gIFYWQnvzmd5mYqS6h0QXCweindBjZSu0OxVL3E9VwLE/gl7ps/j9NXmaUcRdsQ40dS0H+WnH7tCAIB0E2gvixSBqDMIJ58maRwF3ELU7D+rUKufnrSDNZb+wFTfjszocuXb1D70G20R+GfQlCh8vb9RJrdeFEoFowKYJHE0uZsO6pBt7ljXXTc2i9mAl3zrMgM/yJCAVb9UrQc99wNSu7m+C12urASZflDjZB/Ut2uVcqaeTQ2Aotd96q72D8y7qwnq3Sca3P8WNE352bf3lgY5mw==

改成下面

[root@localhost ~]# cat ~/.ssh/known_hosts
master01,192.168.128.104,localhost,localhostdomain,127.0.0.1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LIV57VFoes/fM6eplVCzvMgSZ+ZR0WuvApkgptMIu/bEoFQqK6Hdz4zduh8gIFYWQnvzmd5mYqS6h0QXCweindBjZSu0OxVL3E9VwLE/gl7ps/j9NXmaUcRdsQ40dS0H+WnH7tCAIB0E2gvixSBqDMIJ58maRwF3ELU7D+rUKufnrSDNZb+wFTfjszocuXb1D70G20R+GfQlCh8vb9RJrdeFEoFowKYJHE0uZsO6pBt7ljXXTc2i9mAl3zrMgM/yJCAVb9UrQc99wNSu7m+C12urASZflDjZB/Ut2uVcqaeTQ2Aotd96q72D8y7qwnq3Sca3P8WNE352bf3lgY5mw==

(完)

沒有留言:

張貼留言