recently in the establishment of the Hadoop environment need to set up no password login, so-called no password login In fact refers to the way through certificate authentication, using a known as "Public Private Key" authentication method to SSH login.
in Linux systems, SSH is the default tool for remote logins because the tool's protocol uses the RSA/DSA encryption algorithm. This tool is very secure for remote management of Linux systems. Telnet, because of its insecurity, is shelved in the Linux system.
" Public Private Key" authentication method Simple Explanation: First create a pair of public private key (public key file: ~/.ssh/id_rsa.pub; private key file: ~/.ssh/id_rsa) on the client. Then put the public key on the server (~/.ssh/authorized_keys) and keep the private key. When using SSH login, the SSH program sends the private key to match the public key on the server. If the match succeeds, you can log in.
the Ubuntu and Cygwin configurations are smooth, and there are a number of issues with configuring the CentOS system. In this paper, CentOS (Centos5 ) as an example in detail how to configure the certificate authentication login, the following steps:
1. Verify that the system has OPENSSH server and client installed
installation steps are no longer covered here, not the focus of this article.
2. Confirm the configuration file of native sshd (requires root permission)
$ vi/etc/ssh/sshd_config
find the following and remove the comment "#"
rsaauthentication Yes
Pubkeyauthentication Yes
Authorizedkeysfile. Ssh/authorized_keys
3. If you modify the configuration file, you need to restart the sshd service (requires root access)
$ vi/sbin/service sshd Restart
4. execute the test command after SSH login system :
$ ssh localhost
Enter will prompt you for a password because we have not generated a certificate at this time
5. Steps to generate the certificate Public private key:
$ ssh-keygen-t Dsa-p "-F ~/.SSH/ID_DSA
$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
6. Test login ssh localhost:
$ ssh localhost
under normal circumstances will log on successfully, display some successful login information, if the failure please see the following general debugging steps
7. General Commissioning Steps
I failed in the configuration, follow the above steps are still prompted to enter a password. Then use SSH-V display detailed login information to find the reason:
$ ssh-v localhost
The Enter shows the detailed login information as follows:
。。。。。。 OmittedAt the same time with the root user login to view the system log files:
$tail/var/log/secure-n 20
。。。。。。 OmittedThere is a problem with the permissions of the file /home/huaxia/.ssh/authorized_keys from the log information above.
See the following files for more information on /home/huaxia/.ssh/ :
$ LS-LH ~/.ssh/Modify the permissions of the file Authorized_keys ( the settings for permissions are important, because unsafe setting of security settings will make it impossible for you to use the RSA feature ):
$ chmod ~/.ssh/authorized_keysTest again to log in as follows:
$ ssh localhostSee this message indicates that the machine has been successfully implemented without password login.
8. Authentication login remote server (remote server OpenSSH of course to start)
Copy locally produced key to remote server side (two methods)
Method One:
$cat ~/.ssh/id_rsa.pub | SSH remote User name @ Remote server IP ' cat->> ~/.ssh/authorized_keys 'Method Two:
To perform on this machine:
$ SCP ~/.ssh/id_dsa.pub [email protected]:/home/michael/Log on to the remote server [email protected] after the execution:
$ cat Id_dsa.pub >> ~/.ssh/authorized_keysTest of the remote login 192.168.8.148 of the machine:
$ssh [email protected]Visible has been successfully landed.
If the login test is unsuccessful, you need to modify the permissions on the file Authorized_keys on the remote server 192.168.8.148 ( the settings for permissions are important because unsafe settings will make it impossible for you to use the RSA feature )
chmod ~/.ssh/authorized_keysRemember to close SELinux
To view the SELinux status:
1,/usr/sbin/sestatus-v # #如果SELinux The status parameter is enabled is turned on
SELinux status:enabled
2. Getenforce # #也可以用这个命令检查
To turn off SELinux:
1, temporarily shut down (do not restart the machine):
Setenforce 0 # #设置SELinux become permissive mode
# #setenforce 1 set SELinux to become enforcing mode
2. Modify the configuration file to restart the machine:
Modify the/etc/selinux/config file
Change Selinux=enforcing to Selinux=disabled
Restart the machine
Linux (Centos) configuration openssh no password login
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
