L07-linux Configuring SSH-free Telnet

This article is configured to implement: The cluster server can be mutually ssh password-free login. If you want to log on to other machines (slave1, slave2) from a single machine (such as master) SSH, just follow the steps to the second step.

It is recommended that you take two or three minutes to read the full text and follow the steps.

Operation Steps:

1. Cluster environment: Master, slave1 and slave2; operating system is CENTOS7. For the next narrative convenience, except master, all other slave collectively referred to as Slavex

The necessary IP-to-hostname mappings are added to all server /etc/hosts files, as follows.

192.168.137.20 Master

192.168.137.21 slave1

192.168.137.22 Slave2

2. The configuration allows the master to be free of secret login Slavex.

Execute the following command on the master host. Can be a non-root user, I am working with a Hadoop user. And according to my test so far, with which user to do the configuration, and finally only through the user to achieve the password-free login, the other users telnet or require a passcode.

2.1 CD ~ //Switch to User home directory

2.2 Ls-al //View home directory There is no hidden path is. ssh. If not, create a. Note the permissions to view the. SSH directory, whether it is a drwx------, or not, change to 700

2.3 CD. SSH //enter into the. SSH directory

2.4 ssh-keygen-t RSA //command is executed with a continuous strike return;

The command will generate the private key Id_rsa and the public key in the ~/.SSH directory using the RSA algorithm id_rsa.pub

2.5 Ssh-copy-id Master // This command appends the contents of the generated public key file to master's Authorized_keys in the document;

Note Before executing this command, the Authorized_keys file may not exist, it's OK, directly execute the command on the line, will be automatically generated, of course, you can create one yourself; Note that the permissions of the Authorized_keys file are 600;

In addition to the Ssh-copy-id command, the public key content can be appended to the authorized_ using the cat id_rsa.pub >> Authorized_keys method In the keys file, it is not really possible to append the contents to your copy and paste.

After performing this step, the SSH Master command can be used to log on to yourself on master. (Before this step, even if you are logged in via SSH, you need to manually enter the password every time)

The content in the Authorized_keys file is a set of strings that begin with Ssh-rsa, such as:

Note: the hostname in the diagram is inconsistent with the master and Slavex described in the text, but does not affect the understanding of the Content format in the Uthorized_keys file.

2.6 Ssh-copy-id slavex // append Master's public key to Slavex Authorized_keys file, then Master will be free to log in Slavex

3. Configuration allows Slavex to log in to other machines in the cluster

After the second step above, on the master can already ssh password-free login master, Slavex , but from the Slavex still can't ssh to the other machine (master, Slavex), If you want the Slavex to be able to log on to other machines like master, you need to perform the same step 2nd on the Slavex, which is to generate your private key public key pair on the Slavex, and then append its public key to the Authorized_keys file of the other machine.

In summary, if you want to configure the cluster server can ssh password-free login, you can have the following two ways: (two methods are the same nature, but the process steps are slightly different)

method One: a server in accordance with the 2nd step to operate, until all the machines are configured to complete;

method Two: all machines, including Master and Slavex, first generate their private key public key pair with the ssh-keygen-t RSA Command, followed by Ssh-copy-id master The command appends both master and Slavex's public key to the master's Authorized_keys file , and when all is appended, Master's Authorized_keys The file already has the public key information of all the servers in the cluster (including master itself and other slave) (it is known that all the machines in the cluster can be free of SSH login master), it is a complete public key information file, At this point, the Authorized_keys on master will be sent to the ~/.ssh/directory of each slave in sequence (SCP command example: SCP ~/.ssh/authorized_keys [Email protected]:~ /.ssh/). This allows the entire cluster to be free of SSH logins to each other.

As for this step, in the online search for information in the individual blog post see the operation of this step, I do not configure the operation, I do not know how it affects the results, because I did not do this step configuration also makes SSH password-free login success. If you must configure it, this is done before the 2nd step.

On each host in the cluster

sudo vim/etc/ssh/sshd_config

Turn on the following options

Rsaauthentication Yes//allow authentication with RSA key

Pubkeyauthentication Yes//Allow public key authentication

Authorizedkeysfile. Ssh/authorized_keys//natively saved public key file ( This is more important )

For /etc/ssh/sshd_config files, online query advice: "Unless it is necessary, do not change the /etc/ssh/sshd_config this file set value!" "Because the default is usually the most stringent SSH protection, so there is no need to change him!"

L07-linux Configuring SSH-free Telnet