最近在学习搭建hadoop,搭建环境的一个步骤就是要设置免密码登陆。这里使用VMWare的两台CentOS虚拟机为例。
原理
虚拟机环境设置
虚拟机一:
Hostname: Master.Hadoop
Group/User: hadoop/hadoop
虚拟机二:
Hostname: Slave1.Hadoop
Group/User: hadoop/hadoop
两台虚拟机必须都是用桥接方式接入,为了确保已经联通,可以相互ping一下
启动sshd服务
/usr/sbin/sshd
Error: Need an item to match
[hadoop@Slave1 ~]$ yum search ssh
Loaded plugins: fastestmirror, refresh-packagekit, security
Determining fastest mirrors
* base: mirrors.yun-idc.com
* extras: mirrors.btte.net
* updates: mirrors.sina.cn
base | 3.7 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
=============================== N/S Matched: ssh ===============================
ksshaskpass.x86_64 : A KDE version of ssh-askpass with KWallet support
libssh2.x86_64 : A library implementing the SSH2 protocol
libssh2.i686 : A library implementing the SSH2 protocol
libssh2-devel.i686 : Development files for libssh2
libssh2-devel.x86_64 : Development files for libssh2
libssh2-docs.x86_64 : Documentation for libssh2
openssh.x86_64 : An open source implementation of SSH protocol versions 1 and 2
openssh-askpass.x86_64 : A passphrase dialog for OpenSSH and X
openssh-clients.x86_64 : An open source SSH client applications
openssh-ldap.x86_64 : A LDAP support for open source SSH server daemon
openssh-server.x86_64 : An open source SSH server daemon
pam_ssh_agent_auth.i686 : PAM module for authentication with ssh-agent
pam_ssh_agent_auth.x86_64 : PAM module for authentication with ssh-agent
trilead-ssh2.noarch : SSH-2 protocol implementation in pure Java
trilead-ssh2-javadoc.noarch : Javadoc for trilead-ssh2
jsch.noarch : Pure Java implementation of SSH2
python-paramiko.noarch : A SSH2 protocol library for python
python-twisted-conch.x86_64 : SSH and SFTP protocol implementation together with
: clients and servers
Name and summary matches only, use "search all" for everything.
配置ssh证书
[hadoop@Slave1 ~]$ ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
de:83:74:4f:0e:9d:f0:ce:9f:21:38:d2:ac:b1:85:02 hadoop@Slave1.Hadoop
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| + . |
| E S o = |
| . o B O |
| . * O * . |
| . * o o o |
| o o |
+-----------------+
[hadoop@Slave1 ~]$
此时,在/home/hadoop/.ssh/下生成两个文件,公钥id_rsa.pub和私钥id_rsa,此时有两种方式将公钥复制到Slave1上
第一种:ssh-copy-id -i user@host
[hadoop@Master ~]$ ssh-copy-id -i hadoop@192.168.0.9
The authenticity of host '192.168.0.8 (192.168.0.8)' can't be established.
RSA key fingerprint is 1c:09:82:e7:05:28:04:fd:98:3b:53:eb:c1:6d:b2:36.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.9' (RSA) to the list of known hosts.
hadoop@192.168.0.9's password:
Now try logging into the machine, with "ssh 'hadoop@192.168.0.9'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
此时登陆打开Slave1的/home/hadoop/.ssh/authorized_keys,查看是否已经有hadoop@Master.Hadoop的rsa
第二种:
[hadoop@Master .ssh]$ scp ~/.ssh/id_rsa.pub hadoop@192.168.0.9:~/
然后查看Slave1的/home/hadoop文件夹下是否有id_rsa.pub文件和.ssh文件夹,然后
[hadoop@Slave1 ~]$ cat id_rsa.pub ~/.ssh/authorized_keys
打开authorized_keys,查看是否复制成功
配置sshd_config文件
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
保存后退出,然后重新启动ssh:service sshd restart
配置文件夹权限
测试
在Master机器上输入:
[hadoop@Master .ssh]$ ssh hadoop@192.168.0.9
Last login: Sun Nov 8 04:55:32 2015 from master.hadoop
或者
[hadoop@Master .ssh]$ ssh 192.168.0.9
Last login: Sun Nov 8 05:09:52 2015 from master.hadoop
配置成功