Linux(CentOS)SSH無密碼驗證登陸

標籤：hadoop   centos   linux   

最近在搭建Hadoop叢集，為了操作方便，需要Master用無密碼驗證的方式的SSH登陸Slave。
1.原理：
Master作為用戶端，要實現無密碼公開金鑰認證，串連到伺服器Salve上時，需要在Master上產生一個金鑰組，包括一個公開金鑰和一個私密金鑰，而後將公開金鑰複製到所有的Salve上。當Master通過SSH連結到Salve上時，Salve會產生一個隨機數並用Master的公開金鑰對隨機數進行加密，並發送給Master。Master收到加密數之後再用私密金鑰解密，並將解密數回傳給Salve，Salve確認解密數無誤之後就允許Master進行串連了。這就是一個公開金鑰認證過程，期間不需要手工輸入密碼，重要的過程是將Master上產生的公開金鑰複製到Salve上。

2.在Master上登陸Hadoop使用者，執行以下命令，產生金鑰組，並把公開金鑰檔案寫入授權檔案中，並賦值許可權

[[email protected] bin]$ ssh-keygen -t rsa -P ‘‘Generating public/private rsa key pair.Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):Your identification has been saved in /home/hadoop/.ssh/id_rsa.Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.The key fingerprint is:93:21:fb:20:01:c9:13:a3:28:01:6c:57:3b:a0:e0:e2 [email protected]The key‘s randomart image is:+--[ RSA 2048]----+|*.++..           ||+==+. .          ||*o...o. .        ||+    ..o o       || E  . o S        ||     . o .       ||        .        ||                 ||                 |+-----------------+[[email protected] bin]$  cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys[[email protected] bin]$ chmod 600 ~/.ssh/authorized_keys

3 切換root使用者，配置sshd，取消被注釋的公開金鑰欄位，
RSAAuthentication yes # 啟用 RSA 認證
PubkeyAuthentication yes # 啟用公開金鑰私密金鑰配對認證方式
AuthorizedKeysFile .ssh/authorized_keys # 公開金鑰檔案路徑（和上面產生的檔案同） 並儲存設定，然後重啟sshd，即可測試原生SSH

[hadoop@master bin]$ su root密碼：bash-4.1# vim /etc/ssh/sshd_configbash-4.1# service sshd restartStopping sshd:                                             [  OK  ]Starting sshd:                                             [  OK  ]

4.本機測試：這裡我用了localhost，IP地址，hostname來進行測試，可以發現均不需要輸入密碼。

[[email protected] bin]$ ssh localhostThe authenticity of host ‘localhost (::1)‘ can‘t be established.RSA key fingerprint is 3a:99:7f:41:68:bd:3b:80:43:bb:8a:5c:62:73:1f:45.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added ‘localhost‘ (RSA) to the list of known hosts.[[email protected] ~]$ ssh 172.16.1.17The authenticity of host ‘172.16.1.17 (172.16.1.17)‘ can‘t be established.RSA key fingerprint is 3a:99:7f:41:68:bd:3b:80:43:bb:8a:5c:62:73:1f:45.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added ‘172.16.1.17‘ (RSA) to the list of known hosts.Last login: Wed Jun 10 12:37:23 2015 from ::1[[email protected] ~]$ ssh mastersysconfig/       system-releaseThe authenticity of host ‘master (172.16.1.17)‘ can‘t be established.RSA key fingerprint is 3a:99:7f:41:68:bd:3b:80:43:bb:8a:5c:62:73:1f:45.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added ‘master‘ (RSA) to the list of known hosts.Last login: Wed Jun 10 12:38:37 2015 from 172.16.1.17

下面介紹Master用無密碼驗證的方式的SSH登陸Slave

1.首先在Slave上建立使用者hadoop，並設定密碼

-bash-4.1# useradd hadoop-bash-4.1# ls -l /home總用量 8drwx------ 2 hadoop hadoop 4096 6月  10 12:58 hadoopdrwx------ 2 xc     xc     4096 7月   9 2013 xc-bash-4.1# passwd hadoop更改使用者 hadoop 的密碼 。新的 密碼：重新輸入新的 密碼：passwd： 所有的身分識別驗證令牌已經成功更新。

2.切換到Master，並將Master上的公開金鑰scp到Slave節點的Hadoop使用者上

[hadoop@master ~]$ scp ~/.ssh/id_rsa.pub hadoop@slave2:~/The authenticity of host ‘slave2 (172.16.1.20)‘ can‘t be established.RSA key fingerprint is 67:22:ba:43:ad:fe:a2:d4:ad:43:26:4b:71:d0:54:af.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added ‘slave2,172.16.1.20‘ (RSA) to the list of known hosts.[email protected]‘s password:id_rsa.pub                                                         100%  395     0.4KB/s   00:00[hadoop@master ~]$

3.拷貝完後到Slave節點上，公開金鑰追加授權檔案，並修改許可權

[hadoop@master ~]$ ssh [email protected]hadoop@slave2‘s password:[hadoop@slave2 ~]$ lsid_rsa.pub[hadoop@slave2 ~]$ mkdir ~/.ssh[hadoop@slave2 ~]$ chmod 700 ~/.ssh/[hadoop@slave2 ~]$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys[hadoop@slave2 ~]$ chmod 600 ~/.ssh/authorized_keys[hadoop@slave2 ~]$

4.然後切換至root用，修改sshd配置，並重啟sshd服務。
1)在/etc/sys下添加下面兩行代碼

sysconfig/      system-releasesysctl.conf     system-release-cpe

2）然後修改 /etc/ssh/sshd_config檔案，將下面三行注釋(#)取消掉)

RSAAuthentication yesPubkeyAuthentication yesAuthorizedKeysFile      .ssh/authorized_keys

3)重啟sshd服務

service sshd restart

5.回到Master下進行測試，發現可以不用輸入密碼，便可以ssh到Slave節點的Hadoop使用者上。

[hadoop@master ~]$ ssh hadoop@slave2Last login: Wed Jun 10 13:09:53 2015 from 172.16.1.17[hadoop@slave2 ~]$

Linux(CentOS)SSH無密碼驗證登陸