Linux双机互信

前提：

1、准备工作

为了配置一台Linux主机成为HA的节点，通常需要做出如下的准备工作：

1）所有节点的主机名称和对应的IP地址解析服务可以正常工作，且每个节点的主机名称需要跟"uname -n“命令的结果保持一致；因此，需要保证两个节点上的/etc/hosts文件均为下面的内容：

为了使得重新启动系统后仍能保持如上的主机名称，还分别需要在各节点执行类似如下的命令：

Node1:

Node2：

2）设定两个节点可以基于密钥进行ssh通信，这可以通过类似如下的命令实现：

Node1:

# ssh-keygen -t rsa

Node2:

# ssh-keygen -t rsa

node1操作：

[root@~ ~]# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

[root@~ ~]# ssh-copy-id -i .ssh/id_rsa.pub [email protected]

15

The authenticity of host '192.168.0.79 (192.168.0.79)' can't be established.

RSA key fingerprint is 4e:e9:54:9b:a8:7c:ed:97:81:21:51:e2:58:3d:5e:90.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.0.79' (RSA) to the list of known hosts.

[email protected]'s password:

Now try logging into the machine, with "ssh '[email protected]'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[root@~ ~]# ssh 192.168.0.79 'ifconfig'

node2操作:

[root@ ~]# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

[root@~ ~]# ssh-copy-id -i .ssh/id_rsa.pub [email protected]

15

The authenticity of host '192.168.0.78 (192.168.0.78)' can't be established.

RSA key fingerprint is 4e:e9:54:9b:a8:7c:ed:97:81:21:51:e2:58:3d:5e:90.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.0.78' (RSA) to the list of known hosts.

[email protected]'s password:

Now try logging into the machine, with "ssh '[email protected]'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[root@~ ~]# ssh 192.168.0.78 'ifconfig'