8.2. 生成 ecdsa 密钥对
以下步骤解释了如何为 SSH 协议的版本 2 生成 ECDSA 密钥对。
流程
在 RHUA 节点上,使用 ECDSA 参数运行
ssh-keygen
命令,并将密钥保存在默认位置。警告将 passphrase 字段留空。如果您在生成密钥对时提供了密码短语,CDS 安装和注册会失败。
$ ssh-keygen -t ecdsa Generating public/private ecdsa key pair. Enter file in which to save the key (/home/USER/.ssh/id_ecdsa): Created directory '/home/USER/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/USER/.ssh/id_ecdsa. Your public key has been saved in /home/USER/.ssh/id_ecdsa.pub. The key fingerprint is: fd:1d:ca:10:52:96:21:43:7e:bd:4c:fc:5b:35:6b:63 USER@rhua.example.com The key's randomart image is: +--[ECDSA 256]---+ | .+ +o | | . =.o | | o o + ..| | + + o +| | S o o oE.| | + oo+.| | + o | | | | | +-----------------+
确认
~/.ssh/
目录的权限已设置为rwx------
或700
(数值表示法)。$ ls -ld ~/.ssh drwx------. 2 USER USER 54 Nov 25 16:56 /home/USER/.ssh/
将公钥复制到 CDS 和 HAProxy 节点。
$ ssh-copy-id user@<haproxy1> $ ssh-copy-id user@<cds1> $ ssh-copy-id user@<cds2>