SSH password-free Authentication

1. Install and start the SSH protocol

Sudo Yum Install SSH sudo Yum install rsyncservice sshd restart start service

(RsyncIs a remote data synchronization tool that can quickly synchronize files between multiple hosts through the LAN/WAN)

Ensure that all servers are installed. After the preceding command is executed, each server can log on to each other through password verification.

　　

Last login: Mon Oct 29 14:01:11 2012 from 10.196.80.99[email protected]:~$ ssh localhostThe authenticity of host ‘localhost (127.0.0.1)‘ can‘t be established.ECDSA key fingerprint is c0:b3:7d:6d:17:94:02:e1:e4:67:39:4f:08:ff:74:cf.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added ‘localhost‘ (ECDSA) to the list of known hosts.[email protected]‘s password:… …Last login: Mon Oct 29 14:25:47 2012 from 10.196.80.99[email protected]:~$

　　

[email protected]:~$ ssh datanode1The authenticity of host ‘datanode1 (10.196.80.91)‘ can‘t be established.ECDSA key fingerprint is dc:8b:7b:82:25:74:0c:ec:15:a7:3b:2a:e6:c3:a0:2e.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added ‘datanode1,10.196.80.91‘ (ECDSA) to the list of known hosts.[email protected]‘s password:Welcome to Ubuntu 12.04.1 LTS (GNU/Linux 3.2.0-29-generic-pae i686)… …[email protected]:~$

　　

2. Configure master password-less logon to all salve1) SSH password-less Principle

Master (namenode | jobtracker), as the client, needs to implement password-free public key authentication, when connecting to the server salve (datanode | tasktracker), needs to generate a key pair on the master, includes a public key and a private key, and then copies the public key to all slave instances.

When the master connects to salve through SSH, salve generates a random number and encrypts the random number with the public key of the master and sends it to the master. After the master receives the number of encrypted data, it decrypts it with the private key and returns the number of decrypted data to slave. After the slave confirms that the number of decrypted data is correct, it allows the master to connect. This is a public key authentication process, during which you do not need to manually enter the password.

2) generate a password pair on the master machine

Run the following command on the master node:

ssh-keygen –t rsa –P ‘‘

A command is used to generate a password-less key pair. When asking about the storage path, press enter to use the default path. Generated key pair:Id_rsaAndId_rsa.pub, Which is stored in "~/. SSH"Directory.

[email protected]:~$ ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/hadoop/.ssh/id_rsa.Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.The key fingerprint is:c8:5e:3e:c1:9b:52:6f:24:a5:e4:c1:1c:00:8d:fb:3b [email protected]The key‘s randomart image is:+--[ RSA 2048]----+| .+... || . .o . || . = . || .. = + || .o S . || ..+ B || o.= o || E. o || . |+-----------------+

View "~ /"Is there a". Ssh "folder, and". SSH"Check whether there are two passwords in the file. Add the password-free logon mode for the local machine.

[email protected]:~/.ssh$ cat id_rsa.pub >> authorized_keys

Two things need to be done before verification.

1. modifying files"Authorized_keys"Permission (Permission settings are very important because insecure settings make you unable to use the RSA function.),

[email protected]:~/.ssh$ chmod 600 authorized_keys

2. Use the root user to set"/Etc/ssh/sshd_config. Enable password-less logon.

UseRootLog on to the server and modify the following content in the SSH configuration file "/etc/ssh/sshd_config.

1. rsaauthentication yes # enable RSA Authentication 2. pubkeyauthentication yes # enable public key/private key pair authentication method 3. authorizedkeysfile/home/hadoop /. SSH/authorized_keys # public key file path (same as the file generated above)

Log out of Root, UseHadoopNormal user verification successful

[email protected]:~/.ssh$ ssh localhostWelcome to Ubuntu 12.04.1 LTS (GNU/Linux 3.2.0-29-generic-pae i686)* Documentation: https://help.ubuntu.com/191 packages can be updated.51 updates are security updates.Last login: Mon Oct 29 14:43:08 2012 from localhost[email protected]:~$  

It is learned that no password has been set for login at this level. The next thing isPublic KeyCopyAll. Use the following command format to copy the public key:

SCP ~ /. Ssh/id_rsa.pub remote username @ Remote Server IP :~ /

For example:

SCP ~ /. Ssh/id_rsa.pub [email protected]: ~ /

The above command isCopyFile"Id_rsa.pub"To the Server IP address is"10.196.80.91"The user is"Hadoop""/Home/hadoop/.

4) copy the public key on namenode to datanode1.

Create a. Ssh folder under/home/hadoop/on each slave machine.

[email protected]:~/.ssh$ scp id_rsa.put [email protected]:/home/hadoop/.ssh/[email protected]‘s password:authorized_keys 100% 397 0.4KB/s 00:00[email protected]:~/.ssh$

We learned that the file "id_rsa.pub" has been passed, because no password-free connection has been established, so during the connection, we still need to prompt you to enter the database 1 Server user hadoop password. To ensure that the file has been uploaded, use securecrt to log on to the datanode1: 10.196.80.91 server and check whether the. Ssh folder exists under "/home/hadoop. And then modify the folder". SSH"User permission, change his permission"700", Run the following command:

chmod 700 ~/.ssh　

5) append to the authorization file "authorized_keys"

So far, the public key of master. hadoop has been available, the folder ". Ssh" has been available, and the permissions have been modified. This step is to append the public key of master. hadoop to the authorization file "authorized_keys" of slave1.hadoop. Use the following command to append and modify"Authorized_keys"File Permission:

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keyschmod 600 ~/.ssh/authorized_keys

　　

Use the root user to modify "/etc/ssh/sshd_config"

For detailed steps, refer to the previous master. hadoop"Set SSH Configuration", The specific steps are as follows: 1st is to modify the configuration file; 2nd is to restart the SSH service.

[This operation does not need to be performed in ubuntucentos .]

Log on to datanode Using SSH without a password *

After completing the settings, you can use the following command format to log on to the SSH client without a password.

SSH remote server IP Address

RememberAll slave nodesUnder the "/home/hadoop/. Ssh" Directory"Id_rsa.pub" FileDelete.

rm –r ~/id_rsa.pub

So far, we have achieved password-free login from "master" to "slave1" SSH Through the first five steps, repeat the preceding steps to configure the remaining two slave servers (slave2 and slave3.This wayThen, we have completed "Configuring the master to log on to all slave servers without a password ".

6) configure all slave users to log on to the master without a password.

This step must be included, because in the hadoop communication protocol, nodemanager also needs to communicate with ResourceManager as the client.

Similar to the principle of logging on to all slave instances without a password on the master, the public key of the slave isAppendTo "authorized_keys" in the ". Ssh" folder of the master, rememberAppend (>).

Before the operation, copy the/etc/hosts file of namenode to the/home/hadoop/downloads folder of each datanodede through SCP, and then log on to each datanode to overwrite the hosts file using the sudo CP command. Similar to other datanode

Create the "datanode2" public key and private key, and append the public key to the "authorized_keys" file. The command used is as follows:

ssh-keygen –t dsa–P ‘‘cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

Then run the following command"SCPCopy the Public Key "id_dsa.pub" of "datanode" to the "/home/hadoop/" Directory of "namenode", andAppendTo "authorized_keys" of "namenode.

Operations on the "namenode" Server

The command used is as follows:

cat id_dsa.pub >> authorized_keys

Delete the copied "id_rsa.pub" file.

Finally, test the password-less login from "datanode" to "namenode.

Then the remaining machines are configured in the same way.

SSH password-free Authentication