所选语种没有对应资源,请选择:

本站点使用Cookies,继续浏览表示您同意我们使用Cookies。Cookies和隐私政策>

提示

尊敬的用户,您的IE浏览器版本过低,为获取更好的浏览体验,请升级您的IE浏览器。

升级

华为 SAP HANA 一体机 CH121&CH242&2288H&2488H&9008 V5 双机安装指南 11

评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置SSH免密码互联服务

配置SSH免密码互联服务

以root用户分别登录两个服务器节点,完成以下操作,实现两台SAP HANA服务器SSH免密码互联服务。

  1. 执行命令ssh-keygen -t rsassh-keygen -t dsa生成认证公钥。

    服务器节点1:

    hw00001: # ssh-keygen -t rsa
    hw00001: # ssh-keygen -t dsa

    执行命令ssh-keygen -t rsa后界面显示如下所示:

    hw00001: # ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa): //保持默认值,直接回车
    Created directory '/root/.ssh'.
    Enter passphrase (empty for no passphrase): //保持默认值,直接回车
    Enter same passphrase again: //保持默认值,直接回车
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.
    The key fingerprint is:
    b9:67:bb:07:06:8b:20:1b:3a:a4:2e:ed:e3:d7:58:54 [MD5] root@hw00001
    The key's randomart image is:
    +--[ RSA 2048]----+
    |                 |
    |        E        |
    |       .         |
    | .o . . ..       |
    |o. + o .So       |
    |+ .   o ..o      |
    |.o   +  ..o.     |
    |..o o .  o ..    |
    |.ooo      oo     |
    +--[MD5]----------+

    执行命令ssh-keygen -t dsa后界面显示如下所示:

    hw00001:~ # ssh-keygen -t dsa
    Generating public/private dsa key pair.
    Enter file in which to save the key (/root/.ssh/id_dsa):  //保持默认值,直接回车
    Enter passphrase (empty for no passphrase):  //保持默认值,直接回车
    Enter same passphrase again:  //保持默认值,直接回车
    Your identification has been saved in /root/.ssh/id_dsa.
    Your public key has been saved in /root/.ssh/id_dsa.pub.
    The key fingerprint is:
    SHA256:8DeBxFJO5TwveFcvnzN8PpjVnxO5wScZugg9Om+bhz0 root@hw00001
    The key's randomart image is:
    +---[DSA 1024]----+
    |       o+..      |
    |      .+.+       |
    |      ..o =   .  |
    |       o . + ... |
    |        S.= o.oo+|
    |        .oo+. +O+|
    |         o = .+*X|
    |        o +.Eo *=|
    |         ++o .  +|
    +----[SHA256]-----+

    服务器节点2执行如下命令:

    ssh-keygen -t rsa
    ssh-keygen -t dsa

  2. 将本端认证公钥复制到对端。

    执行本操作前必须先完成“/etc/hosts”文件的修改,实现主机名到IP地址的解析。

    本例中以“hw00001”和“hw00002”为例,请根据实际情况修改。

    服务器节点1:

    ssh hw00001 "echo $(cat /root/.ssh/id_dsa.pub) >> /root/.ssh/authorized_keys"
    ssh hw00002 "echo $(cat /root/.ssh/id_dsa.pub) >>/root/.ssh/authorized_keys"
    ssh hw00001 "echo $(cat /root/.ssh/id_rsa.pub) >> /root/.ssh/authorized_keys"
    ssh hw00002 "echo $(cat /root/.ssh/id_rsa.pub) >>/root/.ssh/authorized_keys"

    提示输入密码时请输入root用户密码,示例如下:

    hw00001: # ssh hw00001 "echo $(cat /root/.ssh/id_dsa.pub) >> /root/.ssh/authorized_keys"
    The authenticity of host 'hw00001 (192.168.10.100)' can't be established.
    ECDSA key fingerprint is ee:4c:78:4b:d8:5f:8d:44:85:c5:46:9c:90:9d:13:bd [MD5].
    Are you sure you want to continue connecting (yes/no)? yes //输入YES
    Warning: Permanently added 'hw00001,192.168.10.100' (ECDSA) to the list of known hosts.
    Password: //输入root用户的密码

    服务器节点2:

    ssh hw00001 "echo $(cat /root/.ssh/id_dsa.pub) >> /root/.ssh/authorized_keys"
    ssh hw00002 "echo $(cat /root/.ssh/id_dsa.pub) >>/root/.ssh/authorized_keys"
    ssh hw00001 "echo $(cat /root/.ssh/id_rsa.pub) >> /root/.ssh/authorized_keys"
    ssh hw00002 "echo $(cat /root/.ssh/id_rsa.pub) >>/root/.ssh/authorized_keys"

  3. 验证配置结果。

    分别在两个服务器节点上,使用SSH登录对端节点,如果不需要输入密码就能登录成功,说明互信已经建立。

    1. 在服务器节点1,执行命令ssh hw00002,能够直接登录到节点2,不需要输入密码。
    2. 在服务器节点2,执行命令ssh hw00001,能够直接登录到节点1,不需要输入密码。

翻译
下载文档
更新时间:2019-11-07

文档编号:EDOC1100011658

浏览量:18088

下载量:652

平均得分:
本文档适用于这些产品
相关版本
相关文档
Share
上一页 下一页