[hadoop@hadoop01 ~]$ cd .ssh
[hadoop@hadoop01 .ssh]$ ll -d ./ #查看.ssh文件夹的权限
drwx------. 2 hadoop hadoop 4096 Jun 19 23:44 ./ #.ssh文件夹的权限为700,如果不是,必须执行chmod 700 ./进行修改,否则,即使配置了无密钥登录后面仍然需要密码 [hadoop@hadoop01 .ssh]$ ls authorized_keys id_rsa id_rsa.pub known_hosts [hadoop@hadoop01 .ssh]$ rm -rf ./* #清空文件夹 [hadoop@hadoop01 .ssh]$ ssh-keygen -t rsa #生成公钥和秘钥 Generating public/private rsa key pair. Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/hadoop/.ssh/id_rsa. Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub. The key fingerprint is: a2:78:65:72:49:9a:71:91:aa:8f:3b:3e:a8:b3:74:87 hadoop@hadoop01.zjl.com The key's randomart image is: +--[ RSA 2048]----+ | .. | | .. | | ..o | | .* . | | .+ * S | | ...* . | | o.Eo. | |+ =.o | |++o+ | +-----------------+ [hadoop@hadoop01 .ssh]$ ll total 8 -rw-------. 1 hadoop hadoop 1675 Jun 19 23:41 id_rsa #秘钥 -rw-r--r--. 1 hadoop hadoop 405 Jun 19 23:41 id_rsa.pub #公钥 [hadoop@hadoop01 .ssh]$ ssh-copy-id hadoop02.zjl.com #将公钥发送给远程主机 The authenticity of host 'hadoop01.zjl.com (192.168.0.131)' can't be established. RSA key fingerprint is 60:10:35:2f:64:08:bf:82:e5:bc:56:8c:3d:60:18:13. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'hadoop01.zjl.com,192.168.0.131' (RSA) to the list of known hosts. hadoop@hadoop01.zjl.com's password: Now try logging into the machine, with "ssh 'hadoop01.zjl.com'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [hadoop@hadoop01 .ssh]$ ssh hadoop01.zjl.com #无密码登录
Last login: Mon Jun 19 23:30:46 2017 from 192.168.0.1
[hadoop@hadoop02 ~]$ #无密码登录成功
所谓公钥登录,就是用户将自己的公钥储存在远程主机上。登录的时候远程主机回向用户发送一段随机字符串,用户用自己的秘钥加密后再发送给远程主机。远程主机用事先储存的公钥进行解密,如果成功,就证明用户是可信的,直接允许登录shell,不再要求密码。