问题产生背景:
有三台CentOS 7.5机器要部署hadoop分布式环境,机器信息如下
IP 地址 | 主机名 |
---|---|
192.168.119.100 | node01 |
192.168.119.110 | node02 |
192.168.119.120 | node03 |
我创建了hadoop用户来操作hadoop集群,并且在三台机器上都安装了hadoop,为了不在启动hadoop时总是输入密码,我配置了免密登录,配置方法是根据别人写的文章配置的,基本上都是这样写的
ssh-keygen -t rsa
三台机器在hadoop用户下,执行以下命令将公钥拷贝到node01服务器上面去
ssh-copy-id node01#这一步我直接敲回车了,搞不懂
node01在hadoop用户下,执行以下命令,将authorized_keys拷贝到node02与node03服务器
cd /home/hadoop/.ssh/
scp authorized_keys node02:$PWD#直接敲回车了
scp authorized_keys node03:$PWD#直接敲回车了
看见我写的注释了吗,因为我根本搞不懂这干啥的,当然最后也没有配置成功,这种情况下的hadoop集群启动也能成功,但一般只能启动连接成功的节点,比如我,在node01上启动了hadoop,最后只有一个DataNode(如果连接成功应该有三个DataNode)。
免密登录配置原理
那么免密登录配置原理是什么呢,我们应该怎么配置?以node01为例,如果node02和node03想要免密登录node01:
解释一下:
1、我是node01,我交了两个好朋友node02和node03,想让她们知道我家的密码,于是我把我家密码写在一个小文件里面,发给她们俩;
2、我是node03,我有两个好朋友node01和node02,她俩都给了我自己家的进门密码小文件,我要把这个两个小文件放进我家的钥匙库里面。
因此免密登录的配置步骤应该是(以node02和node03免密登录node01为例):
1、node01生成密钥;
2、把密钥发送到node02和node03;
3、node02把钥匙放进自家钥匙库;
4、node03把钥匙放进自家钥匙库;
5、从node02和node03分别登录node01试一下;
实际操作:
以hadoop用户操作系统
su - hadoop
在node01下执行ssh-keygen -t rsa生成密钥,一路回车就可以
[hadoop@node01 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Ct6HIbAfypJpr/VLzxOeWX4WngQPUaSrJTguPN23Eh4 hadoop@node0
The key's randomart image is:
+---[RSA 2048]----+
| oo |
| .. |
| . .. |
| o . o. |
| . +o..So+ |
| +.+o=oE+. + |
|+.o=o+*oX.o o |
|..o = oO...= |
| ... o.oo.o |
+----[SHA256]-----+
[hadoop@node01 ~]$
这时node01就把自己家的钥匙写进的一个小文件,进入这个小文件的所在位置查看,id_rsa.pub就是node01的钥匙小文件
[hadoop@node01 ~]$ cd ~/.ssh/
[hadoop@node01 .ssh]$ ls
id_rsa id_rsa.pub known_hosts
node01建一个钥匙盒子authorized_keys来放自己家钥匙
[hadoop@node01 ~]$ touch ~/.ssh/authorized_keys
把自家钥匙放进钥匙盒子
[hadoop@node01 ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
看一下自家钥匙,已经放进去了
[hadoop@node01 .ssh]$ cat authorized_keys
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQC5St7/cQOYqmRGVbz4zV8Sr0eLDSVKojlZ8cKT3rSxSvkUJpb8Bmasyzeb+DviGp2wZnfintYNLTD4J8gIE+RQR6RNxjsUzjeeV70VnPXzZOjSHf1bfRrEZOO+VHBnQRGaynAmb+4QkeQSZmENT+0ay6fS4nqkPGjIyBJRSs3wJzmEhmPsj6wE4ZtFWrNZ+6z2hqBrA7+7+R6dt0YqIbglfxBTkH2T13JPQ32VtzihjiYe7E+z6B7xOcXq1ep7OQPKVhdEKzRw/sdkag4Myu2QqQ/VSTVWXJi+Lm40GERFU89XEuRnWS7sjrHLJ5Rdb0hGuH3UrvxxOcrSSELrwjqT hadoop@node01
在node02,node03中都执行ssh-keygen -t rsa生成密钥,使得node02,node03都各自建好一个钥匙小文件;
[hadoop@node02 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Ct6HIbAfypJpr/VLzxOeWX4WngQPUaSrJTguPN23Eh4 hadoop@node0
The key's randomart image is:
+---[RSA 2048]----+
| oo |
| .. |
| . .. |
| o . o. |
| . +o..So+ |
| +.+o=oE+. + |
|+.o=o+*oX.o o |
|..o = oO...= |
| ... o.oo.o |
+----[SHA256]-----+
[hadoop@node02 ~]$
[hadoop@node03 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Ct6HIbAfypJpr/VLzxOeWX4WngQPUaSrJTguPN23Eh4 hadoop@node0
The key's randomart image is:
+---[RSA 2048]----+
| oo |
| .. |
| . .. |
| o . o. |
| . +o..So+ |
| +.+o=oE+. + |
|+.o=o+*oX.o o |
|..o = oO...= |
| ... o.oo.o |
+----[SHA256]-----+
[hadoop@node03 ~]$
接下来就要把node02、node03的钥匙发送给node01,期间会要求输入node01的登录密码,直接输就可以;
[hadoop@node02 .ssh]$ scp ~/.ssh/id_rsa.pub hadoop@node01:~/.ssh/node02.id_rsa.pub
[hadoop@node03 .ssh]$ scp ~/.ssh/id_rsa.pub hadoop@node01:~/.ssh/node03.id_rsa.pub
再查看node01存放钥匙的位置,已经有了node02和node03的钥匙;
[hadoop@node01 .ssh]$ ls
authorized_keys id_rsa id_rsa.pub known_hosts node02.id_rsa.pub node03.id_rsa.pub
把node02和node03的钥匙也放入钥匙盒子authorized_keys;
[hadoop@node01 .ssh] cat ~/.ssh/node2.id_rsa.pub >> ~/.ssh/authorized_keys
[hadoop@node01 .ssh] cat ~/.ssh/node3.id_rsa.pub >> ~/.ssh/authorized_keys
此时再查看钥匙盒子,三把钥匙都有了;
[hadoop@node01 .ssh]$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5St7/cQOYqmRGVbz4zV8Sr0eLDSVKojlZ8cKT3rSxSvkUJpb8Bmasyzeb+DviGp2wZnfintYNLTD4J8gIE+RQR6RNxjsUzjeeV70VnPXzZOjSHf1bfRrEZOO+VHBnQRGaynAmb+4QkeQSZmENT+0ay6fS4nqkPGjIyBJRSs3wJzmEhmPsj6wE4ZtFWrNZ+6z2hqBrA7+7+R6dt0YqIbglfxBTkH2T13JPQ32VtzihjiYe7E+z6B7xOcXq1ep7OQPKVhdEKzRw/sdkag4Myu2QqQ/VSTVWXJi+Lm40GERFU89XEuRnWS7sjrHLJ5Rdb0hGuH3UrvxxOcrSSELrwjqT hadoop@node01
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdRg4SkrXLnylK2ek+bdDuApKECNgwcHrgoOnTt65MgcV+dVQ6iq5+Q2eGODPAZLTX2+dZ+Vs04rWTQIfBQDWw1I7s+ecXF459juNT0ao9dmqN24DaRxeiiPXHBI6fK47SZtLf6cMk0rCK4G0T+iHG1OqR/vorc/9Bo0IAtS+4CRWZ8aegPlCDm7COF0XAmHiKtb1CTaUxJRsBk7azxAZr+mXXW72E+ylioefra6My4duuszECPbaMdNNPXEAEpqEzcaCYa1/z2hMRWKIzXMn+RUzvSeqbPiTFnQTWc+XStswC2qOuHKcyZV9L9H7NVV0hub58bq3/OZL1bohBGcwv hadoop@node02
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDS0xBtQx1MhdB+KVPKRaUyjouPE8Sz/G7/WMGx9q1FqV/KWEyTBUfTDfyZ3GNERz07pOPOKyPQ3GHOfu887JpMdemmdHUxDodMm5b9x167lN8/JkcRTVrK446Cm4fbkxHzQxShdGX6thhcA1IMyIl4ja6NQrJ5+yIoJNVkvGUHAZKjlktbh2W4BuPCYbLyegtN2ZPtAvfD1iiTxH5z1ynlFPvmYtr2HwukVB15cmGvjiTGpvgHOrDcY171NuTH0bBaeQALPqm9yw5mIHW0ygmmS2yS6HXPEJTRsC+YAAbXh2JIZzp2h+3W+CqrSAk2lUPeIDiOp9+o1cZ5TpMi2fSZ hadoop@node03
现在的情况是node01有三家的钥匙,她已经可以免密登录另外两家;
[hadoop@node01 ~]$ ssh node02
Last login: Thu Nov 21 22:33:38 2019 from node01
[hadoop@node02 ~]$ exit
logout
Connection to node02 closed.
[hadoop@node01 ~]$ ssh node03
Last login: Thu Nov 21 22:32:43 2019
[hadoop@node03 ~]$ exit
logout
Connection to node03 closed.
这时候node01对node02和node03说,你们俩不要再各自分发钥匙了,我这的钥匙盒子有咱们三家的钥匙,我把钥匙盒子复制一份给你们吧;
[hadoop@node01 .ssh]scp -r authorized_keys hadoop@node02:~/.ssh/authorized_keys
[hadoop@node01 .ssh]scp -r authorized_keys hadoop@node03:~/.ssh/authorized_keys
调整文件夹和文件的权限(三台机器都要执行)
先调整文件夹~/.ssh的权限:
chmod 700 ~/.ssh
再调整文件~/.ssh/authorized_keys的权限:
chmod 600 ~/.ssh/authorized_keys
试一下,应该已经可以三台机器互相免密登录了,免密登录配置完成~~~撒花~~~