Extreme Thinking
ssh 交換金鑰

2013-11-26

DRBD01 及DRBD02 設 /etc/hosts

192.168.15.137 drbd01 node1 node1.drbd.org
192.168.15.138 drbd02 node2 node2.drbd.org

DRBD01 建立 ssh-key

[root@DRBD01 ~]# cd .ssh
[root@DRBD01 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
43:4b:9a:bb:27:30:81:4d:78:9d:a6:ea:dc:51:c4:79 root@DRBD01
The key's randomart image is:
+--[ RSA 2048]----+
| . o o |
| . o B E |
| = + .o |
| . + .= . |
| . oo S |
| . + . . |
| o . +. |
| o . ... |
| .o |
+-----------------+
[root@DRBD01 .ssh]# ls
id_rsa id_rsa.pub known_hosts

DRBD01 ssh-key 複製到 DRBD02

[root@DRBD01 ~]# cd .ssh
[root@DRBD01 .ssh]# scp ./id_rsa.pub drbd02:/root/.ssh/id_rsa.pub.drbd01
root@drbd02's password:
id_rsa.pub 100% 393 0.4KB/s 00:00

DRBD02 建立 ssh-key

[root@DRBD02 ~]# cd .ssh
[root@DRBD02 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)?
[root@DRBD02 .ssh]#
[root@DRBD02 .ssh]#
[root@DRBD02 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
7b:bb:35:91:c7:ca:13:3f:69:15:f3:1e:20:05:40:a4 root@DRBD02
The key's randomart image is:
+--[ RSA 2048]----+
| o+.... |
| . . |
| E . . o |
| .o. +|
| S + o.o|
| . . * +.|
| . . * = .|
| . o + . |
| o. |
+-----------------+

DRBD02 ssh-key 複製到 DRBD01

[root@DRBD02 ~]# cd .ssh
[root@DRBD02 .ssh]# scp ./id_rsa.pub drbd01:/root/.ssh/id_rsa.pub.drbd02
root@drbd01's password:
id_rsa.pub 100% 393 0.4KB/s 00:00

DRBD01 ssh-key 放到 DRBD02 authorized_keys

[root@DRBD02 ~]# cd .ssh
[root@DRBD02 .ssh]# cat id_rsa.pub.drbd01 >> authorized_keys
[root@DRBD02 .ssh]# chmod 600 authorized_keys

DRBD02 ssh-key 放到 DRBD01 authorized_keys

[root@DRBD01 ~]# cd .ssh
[root@DRBD01 .ssh]# cat id_rsa.pub.drbd02 >> authorized_keys
[root@DRBD01 .ssh]# chmod 600 authorized_keys

測試 DRBD02 ssh 到 DRBD01

[root@DRBD02 .ssh]# ssh drbd01
Last login: Tue Nov 26 10:38:19 2013 from 192.168.15.138
[root@DRBD01 ~]# logout
Connection to drbd01 closed.

測試 DRBD01 ssh 到 DRBD02

[root@DRBD01 .ssh]# ssh drbd02
Last login: Tue Nov 26 10:39:22 2013 from 192.168.15.137
[root@DRBD02 ~]# logout
Connection to drbd02 closed.