在aws创建3个机器，分别命名为oozie-test-01，oozie-test-02，oozie-test-03，aws的3台主机通过xshell以public key方式登录，登录用户为centos
在登录成功之后，在3台主机修改root用户密码

sudo passwd root

Changing password for user root.
New password: 
BAD PASSWORD: The password fails the dictionary check - it is too simplistic/systematic
Retype new password: 
passwd: all authentication tokens updated successfully.

aws的3台主机在同一个内网中，当主机停止后外网IP会变化，但是内网分配的IP不会变动，将3台主机的内网IP与主机名做映射，修改/etc/hosts

172.31.31.43    oozie-test-01
172.31.30.193   oozie-test-02
172.31.18.86    oozie-test-03

生成公钥-私钥
在3台主机生成公钥-私钥

ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:t0XuDD4hWElOfWfe96IaHZZrWQHmCycQ1ZjuU3dePUI root@ip-172-31-31-43.us-west-2.compute.internal
The key's randomart image is:
+---[RSA 2048]----+
|        =+.+o    |
|       + o+ooEo  |
|        +.o.=+...|
|       o  .*.+oo*|
|      . S.+.B.oo=|
|         +oX =. o|
|          =.B. . |
|           +.    |
|          ..     |
+----[SHA256]-----+

将公钥添加到authorized_keys

cat ~/.ssh/id_rsa.pub >> authorized_keys

查看authorized_keys内容

no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"centos\" rather than the user \"root\".';echo;sleep 10" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCEBW/rv4648y1LsKpOWSem5tCJuLxdALSkjFqrx3x46lujsSqlZsH7VhySjZXbl4MyD0CKn5hwB0BetTuV0Es/UN9I41ehJ2pc7j3wVnDAc44CleGFjCeZR4oKXtI2/+4kuFhH4Y7cfoodqY88eE05WIXTPifWf4stTAAwbMe0tpqNpJJn+GCOwxZyUKvBzURMg2QykAEnCA5xzQw3orqM9jVep9zy2qEeK4CotilTEowrSlHml3qN9Gs0EDz28I87UQAsIRALZ/QMiJj4YQaqN0Fdb8+z5Z8G+5XMZCTJ0AQwJGm3VCktwJh78FCXJhzZooUPZDKsoH+OkgL7a54V DevOps
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"centos\" rather than the user \"root\".';echo;sleep 10" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCO492eeXVIfvcndxu2YrAt5bc3cyB3uzFuxl/KfkKoaFz9gjpmPqJEkwlXIpLpchpiNOlHoPB8AJNp4mUGT4tfk+6sTCJlYot2Mfyz6EjprPj3wSaec2hFSUr88aJOTUdaBrFS9uZPaeuheMBbZ1BQ07MngTwxc5iejCQ7Vl5Ul5sGuX8pP/GzbzBtAZxwjm7ust82I50inXz8jVjn/OdldqvJDiA6MNqgZFBKs7TON/YNM2K74K0r8y4zIzqIkW/HBzlMrk7lAFyp+WTdQl3ocIO/8hKqIEkFDaWg24FPO0PzNn6DPOaxmiPOokO7V6k8I8u/qY/VEfxH3yLzUmeX jinan-aws-cpu
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+MNiuyLIodGxdMVqXPOjGgu0fY09Qd64+nGD1j46Jsb/ZmbZuh2n/45pkr8uKYoTnEekRFkZh/gyP5kiGyG9ddlycKFxYxaHQ0bBnh8OfOaZY06Se8WPKhBAK51lbO5G73oWHCFNM+m2I7mT1xLEKoPwL2EMGBytIp8RKJe5o8MrOGdfR6Z1Xlbu24zpbdK7W8YeFU48Fj7mZskKMABFkmuvZAEknZToQ15XA492g6lo5TwLFUKyPB8svugG12InhNaxKhUWdbCHfssD0zYYjb5D/VVLjZo38QHvOmjGA5/7aWKHkZ12kDhIgCOxpDOdmte0KU1SHjS/jxxL+MUCJ root@ip-172-31-31-43.us-west-2.compute.internal

最后一行内容为新增内容。
ssh访问本地localhost

ssh localhost

The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:zzgKHyveo2QoAH62LCczpwv6AEgbw64ymkxk4b1MoVc.
ECDSA key fingerprint is MD5:92:ec:3a:69:07:74:78:cd:d9:73:b5:c0:57:78:9f:45.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
Last login: Thu Feb 21 02:36:59 2019

建立互信
将oozie-test-01主机的id_rsa.pub拷贝到另外两个机器，这里需要通过centos用户将公钥拷贝，而centos用户的scp操作需要借助aws的公钥pem文件，因此首先上传pem文件至3个机器

scp -i /home/centos/jinan-aws-cpu /root/.ssh/id_rsa.pub centos@oozie-test-02:/home/centos

在oozie-test-02中将id_rsa.pub写入authorized_keys

cat /home/centos/id_rsa.pub >> authorized_keys 

在oozie-test-01验证登录

ssh root@oozie-test-02

Last login: Thu Feb 21 02:57:47 2019
[root@ip-172-31-30-193 ~]#

依次类推，分别将其他的id_rsa.pub写入authorized_keys
现在3台机器将建立互信