1、首先,虚拟机准备3台
并在各台虚拟机的vim /etc/hosts的目录文件下添加各位台映射的ip地址
hadoop100机器:
[root@hadoop100 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.219.7 hadoop100
192.168.219.8 hadoop101
192.168.219.9 hadoop102
保存并退出!
hadoop101机器:
[root@hadoop101 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.219.7 hadoop100
192.168.219.8 hadoop101
192.168.219.9 hadoop102
保存并退出!
hadoop102机器:
[root@hadoop102 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.219.7 hadoop100
192.168.219.8 hadoop101
192.168.219.9 hadoop102
保存并退出!
2、登陆互通其它机器
[root@hadoop100 ~]# ssh hadoop101
The authenticity of host 'hadoop101 (192.168.219.8)' can't be established.
ECDSA key fingerprint is SHA256:hdb9PQbW+QzFC247S6CHmykBTBg7pNYs6beQ7y0l0dM.
ECDSA key fingerprint is MD5:7b:8b:a0:6d:a9:4b:b6:55:7d:0b:10:bf:ac:f2:8c:a5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hadoop101,192.168.219.8' (ECDSA) to the list of known hosts.
root@hadoop101's password:
Last login: Mon Nov 18 21:20:02 2019 from 192.168.219.1
[root@hadoop101 ~]#
由上面可知,已经切换:机器hadoop100到机器hadoop101
退出切换机器,命令:exit
[root@hadoop101 ~]# exit
logout
Connection to hadoop101 closed.
[root@hadoop100 ~]#
生成公钥私密
[root@hadoop100 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
查看当前目录:
[root@hadoop100 ~]# pwd
/root
查看公钥的文件:
[root@hadoop100 ~]# cd /root/.ssh/
[root@hadoop100 .ssh]# ls
id_rsa id_rsa.pub known_hosts
[root@hadoop100 .ssh]#
接下来,远程拷贝
机器hadoop100将公钥远程拷贝到机器hadoop101的root目录下的.ssh文件
[root@hadoop100 .ssh]# ssh-copy-id hadoop101
在拷贝之前,需要在机器hadoop101查看有没有.ssh文件夹,若有就直接拷贝,若没有该文件就需要创建
[root@hadoop101 ~]# cd .ssh
root@hadoop101 .ssh]#
[root@hadoop101 .ssh]# ll
total 4
-rw------- 1 root root 396 Nov 19 12:19 authorized_keys
由上面得知,.ssh文件夹多了一个文件。
我们可以执行cat查看Hadoop100、hadoop101公钥的信息
[root@hadoop100 .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJSbYSfU8MxvgSuac+bhgd4OlvUNLRJBqC11wt+NhZX0lXzd3QdyQf41wMpCHC6+HaaiPMqgsnXVuHDTthoK7ItYRW6ulUeyCIj4p7V5SilTemHnE9hL4KFEOMq7mtHpmWETv1aDLlI+glglixUv5fZPGIhWRtkx4GAjh1DOCVlGy+PyN7JugNnIokSm+GYz8feKv/TdqaPk2u0GxGxKqg9JUahdRRYHfJNlTiJ/LR6q0TfCp5v8V1rCgVCj+iAR52Hax82P0GbDdUwr5Q//9dwIGWGqJxe9i1j9datKaXAsEc9bh4ey+HTB8BgkwtdBP/Iqu3tlTG2pvnyCeQGOZZ root@hadoop100
[root@hadoop100 .ssh]#
[root@hadoop101 .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJSbYSfU8MxvgSuac+bhgd4OlvUNLRJBqC11wt+NhZX0lXzd3QdyQf41wMpCHC6+HaaiPMqgsnXVuHDTthoK7ItYRW6ulUeyCIj4p7V5SilTemHnE9hL4KFEOMq7mtHpmWETv1aDLlI+glglixUv5fZPGIhWRtkx4GAjh1DOCVlGy+PyN7JugNnIokSm+GYz8feKv/TdqaPk2u0GxGxKqg9JUahdRRYHfJNlTiJ/LR6q0TfCp5v8V1rCgVCj+iAR52Hax82P0GbDdUwr5Q//9dwIGWGqJxe9i1j9datKaXAsEc9bh4ey+HTB8BgkwtdBP/Iqu3tlTG2pvnyCeQGOZZ root@hadoop100
[root@hadoop101 .ssh]#
我们测试可以登陆:
如:hadoop100登陆到hadoop101
[root@hadoop100 .ssh]# ssh hadoop101
Last login: Tue Nov 19 12:29:12 2019 from hadoop100
[root@hadoop101 ~]#
注意的是,hadoop101就无法登陆到hadoop100
[root@hadoop101 ~]# ssh hadoop100
The authenticity of host 'hadoop100 (192.168.219.7)' can't be established.
ECDSA key fingerprint is SHA256:hdb9PQbW+QzFC247S6CHmykBTBg7pNYs6beQ7y0l0dM.
ECDSA key fingerprint is MD5:7b:8b:a0:6d:a9:4b:b6:55:7d:0b:10:bf:ac:f2:8c:a5.
Are you sure you want to continue connecting (yes/no)?
解决问题:
想要hadoop101登陆到hadoop100,hadoop101必须含有公钥才行,如下命令:
ssh-keygen -t rsa
ssh-copy-id hadoop100
[root@hadoop101 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:dqsmPtQBF1cioVo2NfeidYt8K68xPPjtogKc+ylw2Qc root@hadoop101
The key's randomart image is:
+---[RSA 2048]----+
| *o+.. |
| .o.= o |
| =o o o |
| +E..+ + . |
| ..+ oS.+ o |
| . * o.o+ o . |
| o + .. B . |
| o +..o.B |
| ++=o.o++ |
+----[SHA256]-----+
[root@hadoop101 ~]#
[root@hadoop101 ~]# ssh-copy-id hadoop100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'hadoop100 (192.168.219.7)' can't be established.
ECDSA key fingerprint is SHA256:hdb9PQbW+QzFC247S6CHmykBTBg7pNYs6beQ7y0l0dM.
ECDSA key fingerprint is MD5:7b:8b:a0:6d:a9:4b:b6:55:7d:0b:10:bf:ac:f2:8c:a5.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@hadoop100's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'hadoop100'"
and check to make sure that only the key(s) you wanted were added.
这样我们就可以测试,从hadoop101登陆到hadoop100
[root@hadoop101 ~]# ssh hadoop100
Last login: Tue Nov 19 11:52:02 2019 from localhost
[root@hadoop100 ~]#
我们尝试退出hadoop100,再从hadoop100切换hadoop100(相同机器)
[root@hadoop100 ~]# exit
logout
Connection to hadoop100 closed.
[root@hadoop101 ~]# exit
logout
Connection to hadoop101 closed.
[root@hadoop100 .ssh]# ssh hadoop100
root@hadoop100's password:
由上面得知,登陆还需要密码。
解决问题:
ssh-copy-id hadoop100
[root@hadoop100 ~]# ssh-copy-id hadoop100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@hadoop100's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'hadoop100'"
and check to make sure that only the key(s) you wantedlingyiwere added.
执行exit命令退出,再次执行
[root@hadoop100 ~]# exit
logout
Connection to hadoop100 closed.
[root@hadoop100 .ssh]# ssh hadoop100
Last login: Tue Nov 19 12:47:10 2019 from hadoop100
[root@hadoop100 ~]#
从上面的操作,登陆是不安全的,我们实行另一套的解决方案:
步骤如下:
1、首先,我们需要在hadoop100的./ssh文件下的 authorized_keys文件删除
[root@hadoop100 .ssh]# ll
total 16
-rw------- 1 root root 792 Nov 19 12:45 authorized_keys
-rw------- 1 root root 1679 Nov 19 12:06 id_rsa
-rw-r--r-- 1 root root 396 Nov 19 12:06 id_rsa.pub
-rw-r--r-- 1 root root 710 Nov 18 21:35 known_hosts
[root@hadoop100 .ssh]# rm -rf authorized_keys
[root@hadoop100 .ssh]# ll
total 12
-rw------- 1 root root 1679 Nov 19 12:06 id_rsa
-rw-r--r-- 1 root root 396 Nov 19 12:06 id_rsa.pub
-rw-r--r-- 1 root root 710 Nov 18 21:35 known_hosts
[root@hadoop100 .ssh]#
[root@hadoop100 .ssh]# ssh-copy-id hadoop100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@hadoop100's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'hadoop100'"
and check to make sure that only the key(s) you wanted were added.
[root@hadoop100 .ssh]#
这样做的好处:安全,就是防止别人都可以登陆。