Hadoop cluster (Issue 1) _ no password configuration for JDK and SSH

Source: Internet
Author: User
Tags openssh server
Document directory
  • 1.1 original Article Source
  • 1.2 unzip and install JDK
  • 1.3 environment variables to be configured
  • 1.4 how to configure Environment Variables
  • 1.5 test JDK
  • 1.6 uninstall JDK
  • 2.1 original Article Source
  • 2.2 Preface
  • 2.3 confirm that the system has installed the OpenSSH server and client
  • 2.4 check the local sshd configuration file (Root)
  • 2.5 If the configuration file is modified, restart the sshd service (Root)
  • 2.6 run the test command after logging on to the system through SSH
  • 2.7 create a public/private key for a certificate
  • 2.8 test logging on to SSH localhost
  • 2.9 General debugging steps
  • 2.10 Authenticate and log on to the remote server

 

1. Configure Java environment variables in Linux

 

1.1 original Article Source

Address: http://blog.csdn.net/jiedushi/article/details/6672894

 

1.2 unzip and install JDK

Enter the directory of the jdk-6u14-linux-i586.bin file under the shell terminal, execute the command./jdk-6u14-linux-i586.bin at this time there will be a protocol, continue to press enter, when asked whether to agree, enter Yes, press Enter. A jdk1.6.0 _ 14 directory will be generated in the current directory. You can copy it to any directory.

 

1.3 environment variables to be configured

1) Path Environment Variable

The function is to specify the command search path. When you execute a command under shell, it searches for the path specified by the PATH variable to see if the corresponding command program can be found. We need to add the bin directory under the JDK installation directory to the existing PATH variable. The bin directory contains frequently used executable files such as javac/Java/javadoc waiting, after setting the PATH variable, You can execute tools such as javac and Java in any directory.

2) classpath environment variable

The function is to specify the Class search path and use the classes that have already been compiled. The premise is that you can find them, and JVM searches for classes through classpth. We need to set DT. jar and tools. jar in the Lib subdirectory under the JDK installation directory to classpath. Of course, the current directory "." must also be added to this variable.

3) java_home environment variable

It points to the JDK installation directory. Eclipse, netbeans, tomcat, and other software find and use the installed JDK by searching the java_home variable.

 

1.4 how to configure Environment Variables

1) modify the/etc/profile file

This method is recommended if your computer is used only for development, because all users' shells have the right to use these environment variables, which may bring security issues to the system.

  • Open/etc/profile in a text editor
  • Add the following content to the end of the profile file:

 

Export java_home =/usr/share/jdk1.6.0 _ 14

Export Path = $ java_home/bin: $ path

Export classpath =.: $ java_home/lib/dt. jar: $ java_home/lib/tools. Jar

 

  • Log on again
  • Annotation

 

A. Change/usr/share/jdk1.6.0 _ 14 to your JDK installation directory.

B. Use the colon ":" To separate paths in Linux

C. $ path/$ classpath/$ java_home is used to reference the value of the original environment variable.

When setting environment variables, pay special attention not to overwrite the original values. This is

Common errors.

D. The current directory "." In classpath cannot be lost. It is also a common error to discard the current directory.

E. Export exports the three variables as global variables.

F. Case sensitivity is required.

 

2) modify the. bash_profile File

This method is more secure. It can control the permissions to use these environment variables to the user level. If you need to grant a user permission to use these environment variables, you only need to modify. you can use the bash_profile file.

  • Open the. bash_profile file in the user directory in a text editor.
  • Add the following content to the end of the. bash_profile file:

 

Export java_home =/usr/share/jdk1.6.0 _ 14

Export Path = $ java_home/bin: $ path

Export classpath =.: $ java_home/lib/dt. jar: $ java_home/lib/tools. Jar

 

  • Log on again

 

3) directly set variables in Shell

I am not in favor of using this method. If you change the shell, your settings will be invalid. Therefore, this method is only for temporary use and will be re-set later, which is troublesome.

Run the following command on the shell terminal:

 

Export java_home =/usr/share/jdk1.6.0 _ 14

Export Path = $ java_home/bin: $ path

Export classpath =.: $ java_home/lib/dt. jar: $ java_home/lib/tools. Jar

 

 

1.5 test JDK

1) create a test. Java file in the text editor, enter the following code and save the file:

 

Public class test {

Public static void main (string ARGs []) {

System. Out. println ("A New JDK test! ");

}

}

 

2) Compile:

Run the javac test. Java command on the shell terminal.

3) run:

Run the Java test command on the shell terminal.

When "A New JDK test!" appears in shell! JDK runs normally.

 

1.6 uninstall JDK
  • Find the _ uninst subdirectory of the JDK installation directory.
  • Run the command./uninstall. Sh on the shell terminal to uninstall JDK.

 

2. Configure OpenSSH password-less Login

 

2.1 original Article Source

Address: http://www.iteye.com/topic/421608

 

2.2 Preface

You need to set up password-free login to build a hadoop environment recently. The so-called password-free login actually refers to login through certificate authentication, use a public/private key authentication method for SSH login.

In Linux, SSH is the default tool for remote logon, because the protocol of this tool uses the RSA/DSA encryption algorithm. This tool is secure for Remote Management in Linux. Telnet is put on use in Linux because it is insecure.

A simple explanation of the "Public/Private Key" authentication method: first, create a pair of public/private keys on the client (Public Key File :~ /. Ssh/id_rsa.pub; private key file :~ /. Ssh/id_rsa ). Then put the public key on the server (~ /. SSH/authorized_keys) and keep the private key. when using SSH to log on, the SSH program will send a private key to match the public key on the server. if the match is successful, you can log on.

The configuration of Ubuntu and cygwin is smooth, but many problems are encountered in centos system configuration. Therefore, centos (centos5) is used as an example to describe how to configure certificate verification login. The specific steps are as follows:

 

2.3 confirm that the system has installed the OpenSSH server and client

The installation steps are not described here, which is not the focus of this article.

 

2.4 check the local sshd configuration file (Root)

 

$ VI/etc/ssh/sshd_config

 

Find the following content and remove the annotator "#"

 

Rsaauthentication Yes

Pubkeyauthentication Yes

Authorizedkeysfile. Ssh/authorized_keys

 

 

2.5 If the configuration file is modified, restart the sshd service (Root)

 

$ VI/sbin/service sshd restart

 

 

2.6 run the test command after logging on to the system through SSH

 

$ SSH localhost

 

Press enter and you will be prompted to enter the password because the certificate has not yet been generated.

 

2.7 create a public/private key for a certificate

 

$ Ssh-keygen-t dsa-p'-f ~ /. Ssh/id_dsa

$ Cat ~ /. Ssh/id_dsa.pub> ~ /. Ssh/authorized_keys

 

2.8 test logging on to SSH localhost

 

$ SSH localhost

 

Under normal circumstances, the login is successful, and some successful login information is displayed. If the login fails, please refer to the "General debugging steps" below ".

 

2.9 General debugging steps

I failed to configure it. I still prompted to enter the password according to the above steps. Then, use SSH-V to display detailed login information to find the cause:

 

$ Ssh-V localhost

 

Press enter to display the detailed login information as follows:

 

...... Omitted

Debug1: authentications that can continue: publickey, gssapi-with-mic, password

Debug1: Next authentication method: gssapi-with-mic

Debug1: unspecified GSS failure. Minor code may provide more information

Unknown Code krb5 195

Debug1: unspecified GSS failure. Minor code may provide more information

Unknown Code krb5 195

Debug1: unspecified GSS failure. Minor code may provide more information

Unknown Code krb5 195

Debug1: Next authentication method: publickey

Debug1: Trying private key:/home/Huaxia/. Ssh/identity

Debug1: Trying private key:/home/Huaxia/. Ssh/id_rsa

Debug1: Offering Public Key:/home/Huaxia/. Ssh/id_dsa

Debug1: authentications that can continue: publickey, gssapi-with-mic, password

Debug1: Next authentication method: Password

Huaxia @ localhost's password:

 

At the same time, log on to the root user to view the system's log files:

 

$ Tail/var/log/secure-N 20

 

...... Omitted

Jul 13 11:21:05 shnap sshd [3955]: accepted password for Huaxia from 192.168.8.253 port 51837 SSH2

Jul 13 11:21:05 shnap sshd [3955]: pam_unix (sshd: session): session opened for user Huaxia by (uid = 0)

Jul 13 11:21:47 shnap sshd [4024]: Connection closed by 127.0.0.1

Jul 13 11:25:28 shnap sshd [4150]: authentication refused: Bad ownership or modes for file/home/Huaxia/. Ssh/authorized_keys

Jul 13 11:25:28 shnap sshd [4150]: authentication refused: Bad ownership or modes for file/home/Huaxia/. Ssh/authorized_keys

Jul 13 11:26:30 shnap sshd [4151]: Connection closed by 127.0.0.1

...... Omitted

 

From the preceding log information, we can see that the file/home/Huaxia/. Ssh/authorized_keys has a permission error.

View the file details in/home/Huaxia/. Ssh/as follows:

 

$ LS-lH ~ /. Ssh/

Total 16 K

-RW-r -- 1 Huaxia 602 07-13 authorized_keys

-RW ------- 1 Huaxia 672 07-13 id_dsa

-RW-r -- 1 Huaxia 602 07-13 id_dsa.pub

-RW-r -- 1 Huaxia 391 07-13 known_hosts

 

Modify the authorized_keys permission of the file (the permission setting is very important because insecure security settings make you unable to use the RSA function ):

 

$ Chmod 600 ~ /. Ssh/authorized_keys

 

Test again and log on as follows:

 

$ SSH localhost

Last login: Wed Jul 13 14:04:06 2011 from 192.168.8.253

 

If this information is displayed, the local login without a password is successful.

 

2.10 Authenticate and log on to the remote server

Note:The OpenSSH service of the remote server must be started.

Copy the locally produced key to the remote server (two methods)

1) Method 1:

 

$ Cat ~ /. Ssh/id_rsa.pub | SSH remote user name @ Remote Server IP 'cat-> ~ /. Ssh/authorized_keys'

 

2) Method 2:

Run the following command on the local machine:

 

$ SCP ~ /. Ssh/id_dsa.pub michael@192.168.8.148:/home/Michael/

 

Log on to the remote server michael@192.168.8.148 and execute:

 

$ Cat id_dsa.pub >> ~ /. Ssh/authorized_keys

 

Remote logon to 192.168.8.148 on the local machine:

 

$ SSH michael@192.168.8.148.

Linux Michael-virtualbox 2.6.35-22-generic # 33-ubuntu SMP sun Sep 19 20:34:50 UTC 2010 i686 GNU/Linux

Ubuntu 10.10

 

Welcome to Ubuntu!

* Documentation: https://help.ubuntu.com/

 

216 packages can be updated.

71 updates are security updates.

 

New Release 'natty 'available.

Run 'do-release-upload' to upgrade to it.

 

Last login: Wed Jul 13 14:46:37 2011 from Michael-virtualbox

Michael @ Michael-virtualbox :~ $

 

The logon is successful.

If the login test fails, you need to modify the authorized_keys permission for the file on the remote server 192.168.8.148 (Permission settings are very important because insecure settings make you unable to use the RSA function.)

 

Chmod600~ /. Ssh/authorized_keys

 

Article download: http://files.cnblogs.com/xia520pi/HadoopCluster_Vol.5S.rar

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.