Cloud computing 7 for cainiao: SSH password-less login for Ubuntu
2012-10-30 created
2012-11-1 last updated
When more than three machines are combined, the management will be in disorder. therefore, You need to log on to the certificate to manage the server cluster. the master node can be directly logged on to the data node through SSH. the control node can directly log on to the controlled node. to use the concept of C/S, the client needs to install OpenSSH-client, and the server needs to install OpenSSH-server. in fact, we will soon find out which services and customers are there. therefore, OpenSSH is installed on all machines. You can run the following command to check whether they are installed:
(Car @ :~ $ Indicates that the username is car, the machine name is A, and the current directory is/home/car)
Car @ :~ $ Apt-Cache Policy openssh-Client
Car @ :~ $ Apt-Cache Policy openssh-Server
You can also install them directly:
Car @ :~ $ Sudo apt-Get install OpenSSH-Client
Car @ :~ $ Sudo apt-Get install OpenSSH-Server
In addition, we need to install the SSH software sshpass without interactive password login, so that we can write the password to the command line, so that the script installation process without manual intervention is possible.
Car @ :~ $ Sudo apt-Get install sshpass
After the installation is complete, you can access any other B.
Car @ :~ $ Sshpass-P ABC123 SSH car @ B
Where:
The car is the user name of B. Here we assume that all user names of A and B are car.
ABC123 is the car password on B.
With this technology, you can easily log on to each machine without entering the password interactively. but this is definitely not safe. This is only the script in the installation phase. with the above preparations, we will start to use the SSH certificate logon method below:
SSH certificate logon Method
Suppose we want to access another B in a, so we need to generate a Public Key key pair (ssh-keygen) on ). copy the public key of A to B, and add the public key of a (id_rsa.pub.a) to the authorized_keys file in the main directory of a user (CAR) of B on B, then you can log on to B directly on a (log on to B as a car user ).
/Home/CAR/. Ssh/authorized_keys
1) generate a public key pair on
Car @ :~ $ Ssh-keygen-t rsa-p'-f ~ /. Ssh/id_rsa
Or:
Car @ :~ $ Ssh-keygen
The following two files are generated.
/Home/CAR/. Ssh/id_rsa
/Home/CAR/. Ssh/id_rsa.pub
2) copy the Public Key id_rsa.pub of a to machine B.
Car @ :~ $ SCP./. Ssh/id_rsa.pub car @ B :~ /Id_rsa.pub.a
B is the IP address or machine name, but you need to add one in/etc/hosts of A, such:
...
192.168.63.101 B
...
3) log on from A to B
Car @ :~ $ Sshpass-P ABC123 SSH car @ B
4) add id_rsa.pub.a to B ~ /. Ssh/authorized_keys
Car @ B :~ $ Cat./id_rsa.pub.a./. Ssh/authorized_keys
Car @ B :~ $ Exit
5) log on to B using a certificate again in A. You can see that the password is no longer needed.
Car @ :~ $ SSH car @ B
6) Suppose you still have c, d, e, f... you also need to log on to B on the machine, as long as you copy the id_rsa private key file generated on a to the corresponding machine.
For example, we also need to log on to B on C:
# Copy a's private key to C
Car @ :~ $ Sshpass-P ABC123 SCP./. Ssh/id_rsa car @ C :~ /Id_rsa.a
# Log on to C
Car @ :~ $ Sshpass-P abc1234 SSH car @ C
# Delete the C Certificate and recreate the certificate (delete the certificate on a machine at any time. SSH certificates are not terrible, but after the certificate system is completed, deleting the certificate on a machine will make the entire system unable to work normally. therefore, it is vital to maintain a set of strictly tested scripts to restore the entire cloud computing environment at any time)
Car @ C :~ $ Sudo Rm-R./. Ssh/
# Rebuilding the C Certificate
Car @ C :~ $ Ssh-keygen
Press ENTER
# Place the private key of A in the. Ssh directory of C.
Car @ C :~ $ Sudo mV./id_rsa.a./. Ssh/
# Now you can remotely log on to B through SSH on C. Of course, you must specify the Certificate Name id_rsa.a.
Car @ C :~ $ Ssh-I./. Ssh/id_rsa.a car @ B
# At this time, an annoying prompt appears to confirm whether you have added the IP address of B. SSH/known_hosts. To remove this (yes/no) Prompt, you can change the configuration in/etc/ssh/ssh_config of C:
...
Stricthotkeychecking No
...
# You can also:
Car @ C :~ $ Ssh-O stricthotkeychecking = no-I./. Ssh/id_rsa.a car @ B
In this way, no prompt will be displayed (the-O stricthotkeychecking = no option plays a role ).
7) How to log on to B using SSH directly as the root user of B:
For example, on a, we want to log on to B as the root user.
# Switch to root @ B and set the password for root:
Car @ B :~ $ Sudo-S
Enter the same password twice
# Check what is in. Ssh under/root. If no, create an SSH-keygen file:
Root @ B :~ $ Ls/root/. SSH
# Copy the Public Key id_rsa.pub On A to B, log on to B, and add id_rsa.pub.a to/root/. Ssh/authorized_keys.
Car @ :~ $ Sshpass-P ABC123 SCP./. Ssh/id_rsa.pub car @ B :~ /Id_rsa.pub.a
Car @ :~ $ Sshpass-P ABC123 car @ B
Car @ B :~ $ Sudo cat./id_rsa.pub.a>/root/. Ssh/authorized_keys
# Return to A, and then you can remotely log on to B (as the root user)
Car @ :~ $ SSH root @ B
8) Note:
A. the private key file id_rsa.a cannot be released at will. You need to set a password. It is not covered in this article.
B. Although this document is case-insensitive, you should use only lowercase letters at any time.
C. In this article, whenever the machine name appears, it should be changed to the IP address of the machine in practice.