no password login

# no password login ## 1. vm info node1: eth0: 192.168.122.135 eth1: 192.168.100.210 node2: eth0: 192.168.122.18 eth1: 192.168.100.207 建立key ```shell! node1:~ # ssh-keygen Generating public/private ed25519 key pair. Enter file in which to save the key (/root/.ssh/id_ed25519): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_ed25519 Your public key has been saved in /root/.ssh/id_ed25519.pub The key fingerprint is: SHA256:/wUww4WSI3OsznCI+WFyRTqzRKRGgXF7EOeb6qqq1DU root@rancher The key's randomart image is: +--[ED25519 256]--+ |.o*++... . .. | |.o B .+ *... | | +oBo = o= | | .+o**o + | | =+E S . | | ..o + . . | | ... . . | |.. . . | |O.. . | +----[SHA256]-----+ ``` ## 2. 使用ssh-copy-id自動將public key複製到指定節點(192.168.100.207) :::info 注意：指定節點改用fqdn或ip都要留意，發起連線後，本機的know_hosts會有主機認證資訊。 ::: ```shell! node1:~ # ssh-copy-id root@192.168.100.207 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_ed25519.pub" The authenticity of host '192.168.100.207 (192.168.100.207)' can't be established. ED25519 key fingerprint is SHA256:8NFsjC0sZgH9WAa7pHtdPGBSsRpW2QOY3xy2E/Qm9R8. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys (root@192.168.100.207) Password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@192.168.100.207'" and check to make sure that only the key(s) you wanted were added. rancher:~ # ssh 192.168.100.207 whoami root ``` ## 3. 檢視目前的know_hosts資訊，發現207 IP已加入。 ```shell! node1:~/.ssh # cat known_hosts 192.168.100.207 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtOY+/U8gtOLZnknIm7MYQ9Jz8Mqn+Il3M2b+7fSfBf 192.168.100.207 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsHj+BE2UXYsAGsxdYy8XF3/5pv/HGGWcS8fxlcNjE8NfUtEQkDrI3ZuKLiKLvk+FRoIB1j5Z9dOOnXE6JE+evY3fQz8Wxr6FUQZN658p9KSkESb8QxwQ0wc6pmZN8X+S0jvk9CB9eUSJXM605nAI4Fs5FQdsOkeHvbr6gO7dWNU5KIpmNq01Hux/b0Bn9FJ3ud4NjH4pNrq2bz6nJy801Hf40ElJq3USF0mCn3TGbVR1p0xO9Jihd5H+uV2/X5p5xeChPSPInjQi2AIi7Wb3/ANewNmg+veof9cJJ5KbAApBY+mxFj88W/6PEIi0w79gIFGhzWkEa/0TsH6qTK7VpBvxADvtl1Bd7IPwgPKpugg+71x38zLNiI5sHHB4inN3+tjIX5E9SI+KH5+u0YIHRoREd4FGvtaEE0MfmaX/KEmKANAEpULKwUMdI4bAnU9P8vA0lKzkkxwWpwMXdEcIgO/xqomwv/NuKGdLX2iVh3BkDz3XR+3O549KdSyFRfHk= 192.168.100.207 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHkQKePlMBsI+MZmuz83yfNIRkrlMCZHfp6ORWyXFEehFXmrcMk5apse+1caIwYwwkclP7DVXh2J6sWdvpL6W6g= ``` ## 4. 使用另外一個IP加入public key，會出現警告訊息說這個fingerprint是207這個IP的，你要繼續嗎？請yes繼續，此時不用輸入密碼。 ```shell! rancher:~ # ssh-copy-id root@192.168.122.18 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_ed25519.pub" The authenticity of host '192.168.122.18 (192.168.122.18)' can't be established. ED25519 key fingerprint is SHA256:8NFsjC0sZgH9WAa7pHtdPGBSsRpW2QOY3xy2E/Qm9R8. This host key is known by the following other names/addresses: ~/.ssh/known_hosts:1: 192.168.100.207 Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system. (if you think this is a mistake, you may want to use -f option) rancher:~ # ssh 192.168.122.18 whoami root ``` ## 5. 檢視node1的know_hosts資訊，會發現192.168.122.18已加入。 ```shell! rancher:~/.ssh # cat known_hosts 192.168.100.207 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtOY+/U8gtOLZnknIm7MYQ9Jz8Mqn+Il3M2b+7fSfBf 192.168.100.207 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsHj+BE2UXYsAGsxdYy8XF3/5pv/HGGWcS8fxlcNjE8NfUtEQkDrI3ZuKLiKLvk+FRoIB1j5Z9dOOnXE6JE+evY3fQz8Wxr6FUQZN658p9KSkESb8QxwQ0wc6pmZN8X+S0jvk9CB9eUSJXM605nAI4Fs5FQdsOkeHvbr6gO7dWNU5KIpmNq01Hux/b0Bn9FJ3ud4NjH4pNrq2bz6nJy801Hf40ElJq3USF0mCn3TGbVR1p0xO9Jihd5H+uV2/X5p5xeChPSPInjQi2AIi7Wb3/ANewNmg+veof9cJJ5KbAApBY+mxFj88W/6PEIi0w79gIFGhzWkEa/0TsH6qTK7VpBvxADvtl1Bd7IPwgPKpugg+71x38zLNiI5sHHB4inN3+tjIX5E9SI+KH5+u0YIHRoREd4FGvtaEE0MfmaX/KEmKANAEpULKwUMdI4bAnU9P8vA0lKzkkxwWpwMXdEcIgO/xqomwv/NuKGdLX2iVh3BkDz3XR+3O549KdSyFRfHk= 192.168.100.207 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHkQKePlMBsI+MZmuz83yfNIRkrlMCZHfp6ORWyXFEehFXmrcMk5apse+1caIwYwwkclP7DVXh2J6sWdvpL6W6g= 192.168.122.18 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtOY+/U8gtOLZnknIm7MYQ9Jz8Mqn+Il3M2b+7fSfBf node1:~/.ssh # ssh 192.168.122.18 whoami root ```