Ubuntu16.04 配置集群SSH无密码登录

写在前面

在Heron集群配置的过程中,需要实现主机之间的SSH免密登录。集群相关环境和配置见:流式计算 - Apache Heron专题【更新中...】

安装SSH Server(每个主机中进行)

1. Ubuntu默认安装SSH Client,此外还需要安装SSH Server:

yitian@ubuntu:~$ sudo apt-get update
yitian@ubuntu:~$ sudo apt install openssh-server

2. 开启Openssh服务:

sudo service ssh start

3. 查看SSH服务运行状态:

yitian@heron03:~/jdk$ service ssh status
● ssh.service - OpenBSD Secure Shell server
    Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enab
    Active: active (running) since Tue 2018-02-27 05:49:32 PST; 2min 12s ago
  Main PID: 3470 (sshd)
    CGroup: /system.slice/ssh.service
            └─3470 /usr/sbin/sshd -D
Feb 27 05:49:32 heron03 systemd[1]: Starting OpenBSD Secure Shell server...
Feb 27 05:49:32 heron03 sshd[3470]: Server listening on 0.0.0.0 port 22.
Feb 27 05:49:32 heron03 sshd[3470]: Server listening on :: port 22.
Feb 27 05:49:32 heron03 systemd[1]: Started OpenBSD Secure Shell server.

配置本地SSH无密码登录(heron01为例)

1. 验证:无配置之前使用SSH登录本机,需要密码登录:

yitian@heron03:~/jdk$ ssh loaclhsot
ssh: Could not resolve hostname loaclhsot: Temporary failure in name resolution
yitian@heron03:~/jdk$ ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:SM5qpUZ60VwvG6ymsVmq73mGb5wGXpBKmRiFENuxaDM.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
yitian@localhost's password:  # 需要密码
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.10.0-28-generic x86_64)
* Documentation:  https://help.ubuntu.com
  * Management:     https://landscape.canonical.com
  * Support:        https://ubuntu.com/advantage
363 packages can be updated.
217 updates are security updates.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
yitian@heron03:~$ exit
logout
Connection to localhost closed.

2.  配置本机SSH无密码登录:

yitian@heron03:~/jdk$ cd ~/.ssh/
yitian@heron03:~/.ssh$ ll
total 12
drwx------  2 yitian yitian 4096 Feb 27 05:53 ./
drwxr-xr-x 19 yitian yitian 4096 Feb 27 05:53 ../
-rw-r--r--  1 yitian yitian  222 Feb 27 05:53 known_hosts
yitian@heron03:~/.ssh$ ssh-keygen -t rsa

命令执行如下:

image_thumb

执行完成后,该目录下的文件为:

yitian@heron03:~/.ssh$ ll
total 20
drwx------  2 yitian yitian 4096 Feb 27 05:56 ./
drwxr-xr-x 19 yitian yitian 4096 Feb 27 05:53 ../
-rw-------  1 yitian yitian 1679 Feb 27 05:56 id_rsa
-rw-r--r--  1 yitian yitian  396 Feb 27 05:56 id_rsa.pub
-rw-r--r--  1 yitian yitian  222 Feb 27 05:53 known_hosts
yitian@heron03:~/.ssh$ cat ./id_rsa.pub >> ./authorized_keys

配置完成后,验证本机SSH无密码登录:

yitian@heron03:~/.ssh$ ssh localhost
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.10.0-28-generic x86_64)
* Documentation:  https://help.ubuntu.com
  * Management:     https://landscape.canonical.com
  * Support:        https://ubuntu.com/advantage
363 packages can be updated.
217 updates are security updates.
Last login: Tue Feb 27 05:58:13 2018 from 192.168.201.133
yitian@heron03:~$ exit
logout
Connection to localhost closed.

注意:在验证ssh登录之后,一定要记得退出(exit)否则,登录情况会影响之后的操作。

配置两台主机之间SSH无密码登录 

在两台主机完成ssh server安装本地ssh无密码登录之后,以Master Host(heron01:192.168.201.136)Slave Host(heron02:192.168.201.135)为例,使用yitian用户,并完成配置完成两台主机之间的ssh无密码登录。

注:在之后的集群配置过程中,需要使用root用户下的集群SSH无密码登录,root用户下的配置,与这里yitian用户的配置相同,只需要将用户切换到root用户下进行即可。

1. Master(heron01)无密码登陆Slave(heron02)

在完成本机的SSH无密码登录之后,进行下面的操作:在密钥对生成以后,我们需要将heron01上的公钥复制到heron02主机,来创建heron02对heron01的信任关系,以实现heron01无密码登陆heron02。运行以下命令复制客户端的公钥到服务端。

yitian@heron01:~/.ssh$ ssh-copy-id yitian@heron02
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
yitian@heron02's password:
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh 'yitian@heron02'"
and check to make sure that only the key(s) you wanted were added.
yitian@heron01:~/.ssh$ ssh heron02
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.13.0-32-generic x86_64)
* Documentation:  https://help.ubuntu.com
     * Management:     https://landscape.canonical.com
     * Support:        https://ubuntu.com/advantage
159 packages can be updated.
0 updates are security updates.
Last login: Mon Feb 12 00:17:13 2018 from 192.168.201.129
yitian@heron01:~$ exit
logout
Connection to heron02 closed.

2. Slave(heron02)无密码登陆Master(heron01)步骤同上:

yitian@heron02:~/.ssh$ ssh-copy-id yitian@heron01
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
yitian@heron01's password:
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh 'yitian@heron01'"
and check to make sure that only the key(s) you wanted were added.
yitian@heron02:~/.ssh$ ssh heron01
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.13.0-32-generic x86_64)
* Documentation:  https://help.ubuntu.com
     * Management:     https://landscape.canonical.com
     * Support:        https://ubuntu.com/advantage
159 packages can be updated.
0 updates are security updates.
Last login: Mon Feb 12 00:17:13 2018 from 192.168.201.129
yitian@heron02:~$ exit
logout
Connection to heron01 closed.

至此,heron01和heron02主机之间的SSH无密码登陆配置完成。

注:需要注意的是配置集群时需要集群中所有主机间可以互相SSH无密登陆!!!

常见问题

1. 主机IP和主机名不变的情况下,重新虚拟机后,重新ssh连接该虚拟机,出现:

yitian@heron02:~$ ssh heron03
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:SM5qpUZ60VwvG6ymsVmq73mGb5wGXpBKmRiFENuxaDM.
Please contact your system administrator.
Add correct host key in /home/yitian/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/yitian/.ssh/known_hosts:6
   remove with:
   ssh-keygen -f "/home/yitian/.ssh/known_hosts" -R heron03
ECDSA host key for heron03 has changed and you have requested strict checking.
Host key verification failed.

解决方法:根据提示,运行如下命令:

yitian@heron02:~/.ssh$ ssh-keygen -f "/home/yitian/.ssh/known_hosts" -R heron03
# Host heron03 found: line 6
/home/yitian/.ssh/known_hosts updated.
Original contents retained as /home/yitian/.ssh/known_hosts.old

然后,重新配置ssh无密码登录即可。

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值