设置SSH免密登录

1、在客户端生成一对密钥（公钥/私钥）
基于空口令生成一个新的ssh密钥，以实现无密码登录：
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
参数说明：
-t 加密算法类型，这里是使用rsa算法
-P 指定私钥的密码，不需要可以不指定
-f 指定生成秘钥对保持的位置

[root@node2 .ssh]# ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:FOojVcyVAoQyl/w9mv8vv1EkIJ1D8d8Csc5Vw1UOXts root@node2
The key's randomart image is:
+---[RSA 2048]----+
|   . +o+++=+. o.B|
|  o =  o+o=o + *+|
|   + .o... .= +.E|
|     o..o  o * . |
|    . ooS.  o + .|
|     .o.     . . |
|       .    .    |
|        . .  .   |
|         ..++.   |
+----[SHA256]-----+
[root@node2 .ssh]#

将秘钥文件拷贝到需要访问的节点上：

[root@node2 .ssh]# ssh-copy-id root@node1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node1's password:


Number of key(s) added: 1


Now try logging into the machine, with:   "ssh 'root@node1'"
and check to make sure that only the key(s) you wanted were added.


[root@node2 .ssh]#

这样的设置是单向的，需要在其他节点也进行同样的设置。