ssh远程访问自动登录

为什么80%的码农都做不了架构师？>>>   

由于hadoop有需求需要远程自动登录服务器。这里可以使用ssh建立密钥的方法来操作实现。

一般ssh两端在整个通讯过程中，为实现 SSH的安全连接，服务器端与客户端要经历如下五个阶段：

1、版本号协商阶段，SSH目前包括 SSH1和SSH2两个版本， 双方通过版本协商确定使用的版本。

2、密钥和算法协商阶段，SSH支持多种加密算法， 双方根据本端和对端支持的算法，协商出最终使用的算法。

3、认证阶段，SSH客户端向服务器端发起认证请求， 服务器端对客户端进行认证。

4、会话请求阶段， 认证通过后，客户端向服务器端发送会话请求。

5、交互会话阶段 ，会话请求通过后，服务器端和客户端进行信息的交互。

linux1机器要自动登录linux2服务器

首先在linux1产生公钥和私钥：(hadoop账号)

hadoop@linux1:~# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/opt/hadoop/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /opt/hadoop/.ssh/id_rsa.
Your public key has been saved in /opt/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
be:88:e2:75:95:ec:39:21:0e:7c:2b:dd:34:a6:87:03 hadoop@linux1
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|   .   . .       |
|    E o S        |
|     * % +       |
|    o O B        |
|  .. + + o       |
| .... . .        |
+-----------------+

拷贝linux1公钥id_rsa.pub到1inux2服务器hadoop账号下

hadoop@linux1:~/.ssh$scp id_rsa.pub hadoop@linux2:/opt/hadoop/.ssh/

将linux2服务器上公钥追加进到authorized_keys

hadoop@linux2:~/.ssh$ cat id_rsa.pub>>authorized_keys 
hadoop@linux2:~/.ssh$ cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0spUjVu70Tp2uMRuisid7x0xa6r77no9pI459chma3tM4VvLo1C+OYOelwxqZxsSUtReuJTIhBeK+FUoWVZzUabj0wMSuCzaB+QI5YZlmzSj863cS2SVWdrFWqbnb4eWE+hf7pedR5jFtzHRgg0TurGWmktK2lfFAG24Ca89XjUas4zO89yh3A0uUFbgAS6Z1eY+W5QcPkoXelnW6Se6F2c9cVJk5n4WKcsbnxctxsgNxXpZhlK62cu75AkNie/0Cx/k/jCi9kILrbKd4EZJMVQp+HHdLrWgLrKhn9YnUnd1m9WKQRisX0TogzRgzsLYl9BRnPv57z7IdEnt03L3Xw== hadoop@linux1

修改ssh配置文件（/etc/ssh/sshd_config）,设置公钥认证登录

/etc/ssh/ssh_config  linux1客户端改
PubkeyAuthentication yes
PreferredAuthentications publickey,password

/etc/sshd_config  linux2服务端改
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

重启服务，测试ssh自动登录

hadoop@linux1:~/.ssh$ ssh -v hadoop@linux2
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /opt/hadoop/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to linux2 [linux2] port 56000.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /opt/hadoop/.ssh/identity type -1
debug1: identity file /opt/hadoop/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /opt/hadoop/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5
debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client arcfour hmac-md5 none
debug1: kex: client->server arcfour hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '[linux2]:56000' is known and matches the RSA host key.
debug1: Found key in /opt/hadoop/.ssh/known_hosts:66
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
#############################################################################
#       Warning: Unauthorized access to this system is strictly prohibited. #
#       Use of this system is limited to authorized individuals only.       #
#       All activities are monitored.                                       #
#############################################################################
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /opt/hadoop/.ssh/identity
debug1: Offering public key: /opt/hadoop/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
Linux (none) 2.6.18-6-amd64 #1 SMP Fri Aug 21 14:53:35 UTC 2009 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
hadoop@linux2:~$

转载于:https://my.oschina.net/davehe/blog/90890