Linux (CentOS) SSH Login Without password verification

Linux (CentOS) SSH Login Without password verification

Recently, we are building a Hadoop cluster. For ease of operation, the Master needs to log on to Slave via SSH without password verification.

1. Principle:
As a client, Master must implement password-free public key authentication. When connecting to the server Salve, a key pair must be generated on the Master, including a public key and a private key, then, copy the public key to all Salve instances. When the Master node is linked to Salve through SSH, Salve generates a random number and encrypts the random number with the public key of the Master node and sends it to the Master node. After the Master receives the number of encrypted data, it decrypts it with the private key and returns the number of decrypted data to Salve. After confirming that the number of decrypted data is correct, the Master is allowed to connect. This is a public key authentication process, during which you do not need to manually enter the password, the important process is to copy the Public Key generated on the Master to Salve.

2. log on to the Hadoop user on the Master, execute the following command to generate a key pair, write the public key file to the authorization file, and assign permissions to it.

[hadoop@master bin]$ ssh-keygen -t rsa -P ''Generating public/private rsa key pair.Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):Your identification has been saved in /home/hadoop/.ssh/id_rsa.Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.The key fingerprint is:93:21:fb:20:01:c9:13:a3:28:01:6c:57:3b:a0:e0:e2 hadoop@masterThe key's randomart image is:+--[ RSA 2048]----+|*.++..           ||+==+. .          ||*o...o. .        ||+    ..o o       || E  . o S        ||     . o .       ||        .        ||                 ||                 |+-----------------+[hadoop@master bin]$  cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys[hadoop@master bin]$ chmod 600 ~/.ssh/authorized_keys

3. Switch to the root user, configure sshd, and cancel the public key field to be commented out,
RSAAuthentication yes # enable RSA Authentication
PubkeyAuthentication yes # enable public key/private key pair Authentication
AuthorizedKeysFile. ssh/authorized_keys # public key file path (the same as the file generated above), save the settings, and Restart sshd to test the local SSH

[Hadoop @ master bin] $ su root Password: bash-4.1 # vim/etc/ssh/sshd_configbash-4.1 # service sshd restartStopping sshd: [OK] Starting sshd: [OK]

4. Local test: I used localhost, IP address, and hostname for the test. I can find that no password is required.

[hadoop@master bin]$ ssh localhostThe authenticity of host 'localhost (::1)' can't be established.RSA key fingerprint is 3a:99:7f:41:68:bd:3b:80:43:bb:8a:5c:62:73:1f:45.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'localhost' (RSA) to the list of known hosts.[hadoop@master ~]$ ssh 172.16.1.17The authenticity of host '172.16.1.17 (172.16.1.17)' can't be established.RSA key fingerprint is 3a:99:7f:41:68:bd:3b:80:43:bb:8a:5c:62:73:1f:45.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '172.16.1.17' (RSA) to the list of known hosts.Last login: Wed Jun 10 12:37:23 2015 from ::1[hadoop@master ~]$ ssh mastersysconfig/       system-releaseThe authenticity of host 'master (172.16.1.17)' can't be established.RSA key fingerprint is 3a:99:7f:41:68:bd:3b:80:43:bb:8a:5c:62:73:1f:45.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'master' (RSA) to the list of known hosts.Last login: Wed Jun 10 12:38:37 2015 from 172.16.1.17

The following describes how to log on to Slave through SSH without password verification on the Master node.

1. First create the user hadoop on Slave and set the password

-Bash-4.1 # useradd hadoop-bash-4.1 # ls-l/home total usage 8drwx ------ 2 hadoop 4096 June 10 12:58 hadoopdrwx ------ 2 xc 4096 July 9 2013 xc-bash-4.1 # passwd hadoop Change User hadoop Password. New Password: re-enter the new password passwd: All authentication tokens have been successfully updated.

2. Switch to the Master and scp the public key on the Master to the Hadoop user on the Slave node.

[hadoop@master ~]$ scp ~/.ssh/id_rsa.pub hadoop@slave2:~/The authenticity of host 'slave2 (172.16.1.20)' can't be established.RSA key fingerprint is 67:22:ba:43:ad:fe:a2:d4:ad:43:26:4b:71:d0:54:af.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'slave2,172.16.1.20' (RSA) to the list of known hosts.hadoop@slave2's password:id_rsa.pub                                                         100%  395     0.4KB/s   00:00[hadoop@master ~]$

• 1

3. copy the file to the Slave node, append the public key to the authorization file, and modify the permissions.

[hadoop@master ~]$ ssh hadoop@slave2hadoop@slave2's password:[hadoop@slave2 ~]$ lsid_rsa.pub[hadoop@slave2 ~]$ mkdir ~/.ssh[hadoop@slave2 ~]$ chmod 700 ~/.ssh/[hadoop@slave2 ~]$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys[hadoop@slave2 ~]$ chmod 600 ~/.ssh/authorized_keys[hadoop@slave2 ~]$

4. Switch to the root user, modify the sshd configuration, and restart the sshd service.
1) Add the following two lines of code under/etc/sys:

sysconfig/      system-releasesysctl.conf     system-release-cpe

2) then modify the/etc/ssh/sshd_config file and uncomment the following three lines)

RSAAuthentication yesPubkeyAuthentication yesAuthorizedKeysFile      .ssh/authorized_keys

3) restart the sshd service

service sshd restart

5. Go back to the Master node for testing and find that you can ssh to the Hadoop user of the Slave node without entering the password.

[hadoop@master ~]$ ssh hadoop@slave2Last login: Wed Jun 10 13:09:53 2015 from 172.16.1.17[hadoop@slave2 ~]$

SSH service remote access to Linux Server login is slow

How to Improve the SSH login authentication speed of Ubuntu

Enable the SSH service to allow Android phones to remotely access Ubuntu 14.04

How to add dual authentication for SSH in Linux

Configure the SFTP environment for non-SSH users in Linux

Configure and manage the SSH service on Linux

Basic SSH tutorial

SSH password-free logon details

This article permanently updates the link address: