A machine SSH login B machine does not need to enter a password, when the application has a large number of servers when the password is a waste of time in the Hadoop installation requires password-free login;
Create a. SSH folder created in the user's home directory
mkdir. SSH
You can hide the contents of a folder or file
Ls-a
Ii. Certificate of Generation
The certificate is divided into:DSA and RSA
Ssh-keygen-t rsa-p '-B 1024
Ssh-keygen Generate command
-T denotes certificate RSA
-p password Prompt '
-B Certificate Size: 1024
Key file and private key file will be generated after execution
ll
-RWX------1 apch Apache 883 may 15:13 Id_rsa
-RWX------1 apch Apache 224 may 15:13 Id_rsa.pub
Third, the public key information is written to the Authorized_keys document
Cat id_rsa.pub >> authorized_keys
(writes the generated public key file to the authorized_keys file)
Iv. setting file and directory permissions
Set Authorized_keys Permissions
$ chmod Authorized_keys
Set the. SSH directory permissions
$ chmod 700-r. SSH
Five modify /etc/ssh/sshd_config (need to log in with the root user)
Vi/etc/ssh/sshd_config
Protocol 2 (use only SSH2)
Permitrootlogin Yes (allows the root user to use SSH login, based on login account settings)
Serverkeybits 1024 (change the strength of Serverkey to 1024)
Passwordauthentication No (password login not allowed)
Permitemptypasswords No (no blank password for login)
Rsaauthentication Yes (RSA authentication enabled)
Pubkeyauthentication Yes (Public key authentication enabled)
Authorizedkeysfile. Ssh/authorized_keys
Six, restart the SSHD service (need to log in with the root user)
Service sshd Restart
Vii. Local validation tests
Ssh-v localhost (turn on login debug mode)
If an input password is present, the description does not succeed
debug1:authentications that can Continue:publickey,password
Debug1:next Authentication Method:publickey
debug1:trying private key:/home/hadoop/.ssh/identity
debug1:offering Public key:/home/hadoop/.ssh/id_rsa
Debug1:server accepts key:pkalg ssh-rsa Blen 149
debug1:read PEM private key Done:type RSA
debug1:authentications that can Continue:publickey,password
debug1:offering Public key:/home/hadoop/.ssh/id_dsa
debug1:authentications that can Continue:publickey,password
Debug1:next Authentication Method:password
[email protected] ' s password:
Error log View
Login to view the system log files with the root user
Tail-50f/var/log/secure
May 16:35:37 JTMCRM195 sshd[7838]: Authentication Refused:bad ownership or modes for Directory/home/hadoop
May 16:35:37 JTMCRM195 sshd[7838]: Authentication Refused:bad ownership or modes for Directory/home/hadoop
May 16:36:05 JTMCRM195 sshd[7839]: Connection closed by 127.0.0.1
May 16:36:12 JTMCRM195 sshd[7848]: Authentication Refused:bad ownership or modes for Directory/home/hadoop
May 16:36:12 JTMCRM195 sshd[7848]: Authentication Refused:bad ownership or modes for Directory/home/hadoop
From the log should be. SSH directory permissions are not correct, please re-perform the fourth step operation;
Eight, copy Id_rsa, id_rsa.pub to other application server:
SCP Id_rsa [Email protected]:/home/hadoop/.ssh
Remote replication
SCP id_rsa.pub [Email protected]:/home/hadoop/.ssh
Remote replication
Log in to the application server (IP), and then perform steps three through seventh;
Nine, will verify the remote password-free login:
SSH 10.196.20.194 (remote IP)
Summarize:
1, the permissions of the file and directory should not be set to chmod 777, so the permissions are too large, there are security issues;
2, the generated RSA/DSA signature of the public key is for the other machine to use.
3.access between Linux direct SSH machine IP
4, configuration error Condition: Permissions or/etc/ssh/sshd_config settings are incorrect