I. Preparatory work
First of all make sure that you have SSH installed on your Linux system, and that for Ubuntu systems it is common to install only SSH client, so we need to install SSH server manually:
sudo Install Openssh-server
Two. SSH Fundamentals 2.1 Fundamentals
SSH guarantees security because it uses public-key cryptography. The process is as follows:
- The remote host receives the user's login request and sends its own public key to the user;
- The user uses this public key to encrypt the login password and send it back;
- The remote host uses its own private key, decrypts the login password and, if the password is correct, consents to the user's login.
2.1 Basic Usage
SSH default port number is: 22, you can modify the default port number for others according to your needs, and with the use of iptables filtering to limit the remote SSH login IP. Common usage is as follows:
# Use the default 22 port SSH [Email protected] 192.168. 0.1 # If you have modified the SSH default port number (for example: Modify in order to 1000), you need to specify the port number when logging in 10000 SSH [Email protected] 192.168. 0.1 10000
Three. Configure SSH non-secret login 3.1 primarily with the Hadoop cluster configuration:
The remote Hadoop daemon needs to be managed during Hadoop operation, and after Hadoop is started, Namenode starts and stops various daemons on each datanode through SSH (Secure Shell). This must be executed between the nodes when the command is not required to enter the form of a password, we need to configure SSH to use the form of non-password public key authentication, so that namenode use SSH without password login and start the dataname process, the same principle, Datanode can also log on to NameNode using SSH without a password.
1. First, run ssh localhost to generate /home/user name/. directory, and then execute the following command to append the generated "Id_rsa.pub" ( Here's to remember append, not overwrite ) to the authorized key. This effect is achieved by the current user without a secret SSH login to himself:
1 cd ~/. SSH " ssh localhost " 2 Ssh-keygen -t RSA3# appends id_rsa.pub to Authorized_keys4cat ~/ . ssh/id_rsa.pub >> ~/. ssh/authorized_keys
2. If you want to implement a non-secret login to other hosts, simply append the generated "id_rsa.pub" to the "~/.ssh/authorized_keys" of the other hosts. Here we use the method is to copy the "~/.ssh/id_rsa.pub" of the machine to the host you want to login without a secret, and then on the corresponding host using the "Cat" command to append "~/.ssh/id_rsa.pub" to the host "~/.ssh/authorize D_keys "in.
1# Suppose our host name is: A, user name: Hadoop,ip:192.168.0.12# you want to have a non-secret SSH login host name: B, User name: Hadoop,ip:192.168.0.23 4# First, we use the Hadoop user copy in a"~/.ssh/id_rsa.pub"to B's"/home/hadoop/tmp/"directory under5 SCP~/.SSH/id_rsa.pub [email protected]192.168.0.2:/home/hadoop/tmp6 # The IP here can also be changed to host name7 8# Then, SSH login B, will"/home/hadoop/tmp/id_rsa.pub"Append to"~/.ssh/authorized_keys"to the. 9 Cat/home/hadoop/tmp/id_rsa.pub >> ~/.SSH/authorized_keys
Now we can use SSH without a secret login to the B hadoop user in a, the same way if you want to have no secret login to other hosts can use this method. It is important to note that when you configure a Hadoop cluster, master and slave can ssh to each other without a secret login.
SSH No password Authentication configuration