Linux SSH Configuration

A machine SSH login B machine does not need to enter a password, when the application has a large number of servers when the password is a waste of time in the Hadoop installation requires password-free login;

Create a. SSH folder created in the user's home directory

mkdir. SSH

You can hide the contents of a folder or file

Ls-a

Ii. Certificate of Generation

The certificate is divided into:DSA and RSA

Ssh-keygen-t rsa-p '-B 1024

Ssh-keygen Generate command

-T denotes certificate RSA

-p password Prompt '

-B Certificate Size: 1024

Key file and private key file will be generated after execution

ll

-RWX------1 apch Apache 883 may 15:13 Id_rsa
-RWX------1 apch Apache 224 may 15:13 Id_rsa.pub

Third, the public key information is written to the Authorized_keys document

Cat id_rsa.pub >> authorized_keys

(writes the generated public key file to the authorized_keys file)

Iv. setting file and directory permissions

Set Authorized_keys Permissions
$ chmod Authorized_keys
Set the. SSH directory permissions
$ chmod 700-r. SSH

Five modify /etc/ssh/sshd_config (need to log in with the root user)

Vi/etc/ssh/sshd_config

Protocol 2 (use only SSH2)
Permitrootlogin Yes (allows the root user to use SSH login, based on login account settings)

Serverkeybits 1024 (change the strength of Serverkey to 1024)

Passwordauthentication No (password login not allowed)

Permitemptypasswords No (no blank password for login)

Rsaauthentication Yes (RSA authentication enabled)

Pubkeyauthentication Yes (Public key authentication enabled)

Authorizedkeysfile. Ssh/authorized_keys

Six, restart the SSHD service (need to log in with the root user)

Service sshd Restart

Vii. Local validation tests

Ssh-v localhost (turn on login debug mode)

If an input password is present, the description does not succeed

debug1:authentications that can Continue:publickey,password
Debug1:next Authentication Method:publickey
debug1:trying private key:/home/hadoop/.ssh/identity
debug1:offering Public key:/home/hadoop/.ssh/id_rsa
Debug1:server accepts key:pkalg ssh-rsa Blen 149
debug1:read PEM private key Done:type RSA
debug1:authentications that can Continue:publickey,password
debug1:offering Public key:/home/hadoop/.ssh/id_dsa
debug1:authentications that can Continue:publickey,password
Debug1:next Authentication Method:password
[email protected] ' s password:

Error log View

Login to view the system log files with the root user

Tail-50f/var/log/secure

May 16:35:37 JTMCRM195 sshd[7838]: Authentication Refused:bad ownership or modes for Directory/home/hadoop
May 16:35:37 JTMCRM195 sshd[7838]: Authentication Refused:bad ownership or modes for Directory/home/hadoop
May 16:36:05 JTMCRM195 sshd[7839]: Connection closed by 127.0.0.1
May 16:36:12 JTMCRM195 sshd[7848]: Authentication Refused:bad ownership or modes for Directory/home/hadoop
May 16:36:12 JTMCRM195 sshd[7848]: Authentication Refused:bad ownership or modes for Directory/home/hadoop

From the log should be. SSH directory permissions are not correct, please re-perform the fourth step operation;

Eight, copy Id_rsa, id_rsa.pub to other application server:

SCP Id_rsa [Email protected]:/home/hadoop/.ssh

Remote replication

SCP id_rsa.pub [Email protected]:/home/hadoop/.ssh

Remote replication

Log in to the application server (IP), and then perform steps three through seventh;

Nine, will verify the remote password-free login:

SSH 10.196.20.194 (remote IP)

Summarize:

1, the permissions of the file and directory should not be set to chmod 777, so the permissions are too large, there are security issues;

2, the generated RSA/DSA signature of the public key is for the other machine to use.

3.access between Linux direct SSH machine IP

4, configuration error Condition: Permissions or/etc/ssh/sshd_config settings are incorrect