Linux中实现SSH免密登录
0.环境简介
- windows 10【物理机】 + centos 6.5【虚拟机】
- hadoop 2.6.4
1.ssh协议原理
[待完善]
2.ssh免密搭建
- step 01.查看当前目录下的.ssh文件
[root@littlelawson ~]# ls -a
. derby.log IdeaProjects .oracle_jre_usage twitbase-master
.. Desktop install.log Person.class .viminfo
anaconda-ks.cfg donation install.log.syslog Person.scala word.txt
.android find.txt .java .pki .xauthAaKEyy
.bash_history frSite.properties johndoe .pulse-cookie .xauthiepFyO
.bash_logout .gconf log_test.txt .recently-used.xbel .xauthwDPGPY
.bash_profile .gconfd .m2 region_split_info_two.txt
.bashrc .gnome2 Main$$anonfun$1.class region_split_info.txt
bigdata .gnome2_private Main.class .scala_history
.cache .gvfs metastore_db StatsWithMissing.scala
.config hadoop_temp .mozilla .tcshrc
create HelloLinux.txt MyKafka.csv temp.csv
.cshrc .idea-build .mysql_history TestConstructor.class
.dbus .IdeaIC2018.1 myvalue TestConstructor.scala
- step 02.使用rsa算法生成ssh密码
[root@littlelawson ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #这就是保存key的路径
Created directory '/root/.ssh'.#因为不存在/root/.ssh文件,所以创建一个新的文件
Enter passphrase (empty for no passphrase): #不用输入
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
c5:04:34:16:71:86:78:e8:3e:66:16:3a:e7:33:42:fc root@littlelawson
The key's randomart image is:
+--[ RSA 2048]----+
| +B=+ |
| o.o* |
| . . o |
| o . |
| . o .S |
| = B |
| . O . |
| . E |
| . o |
+-----------------+
- step 03:验证是否成功生成密钥对
[root@littlelawson ~]# ls -a
. find.txt .m2 .ssh
.. frSite.properties Main$$anonfun$1.class StatsWithMissing.scala
anaconda-ks.cfg .gconf Main.class .tcshrc
.android .gconfd metastore_db temp.csv
.bash_history .gnome2 .mozilla TestConstructor.class
.bash_logout .gnome2_private MyKafka.csv TestConstructor.scala
.bash_profile .gvfs .mysql_history twitbase-master
.bashrc hadoop_temp myvalue .viminfo
bigdata HelloLinux.txt .oracle_jre_usage word.txt
.cache .idea-build Person.class .xauthAaKEyy
.config .IdeaIC2018.1 Person.scala .xauthiepFyO
create IdeaProjects .pki .xauthwDPGPY
.cshrc install.log .pulse-cookie y
.dbus install.log.syslog .recently-used.xbel yes
derby.log .java region_split_info_two.txt
Desktop johndoe region_split_info.txt
donation log_test.txt .scala_history
[root@littlelawson ~]# cd .ssh
- step 04.查看.ssh文件夹下的内容
[root@littlelawson .ssh]# ll
total 8
-rw-------. 1 root root 1675 Jun 17 23:00 id_rsa
-rw-r--r--. 1 root root 399 Jun 17 23:00 id_rsa.pub#需要发送到服务器的公钥
- step 05.将公钥发送到(需要登录到的那台)服务器【在这里,因为我需要登录本机,即
root@littlelawson
这台机器】
[root@littlelawson .ssh]# ssh-copy-id root@littlelawson
The authenticity of host 'littlelawson (192.168.211.3)' can't be established.
RSA key fingerprint is 93:5e:0a:d0:7c:6d:46:be:94:ad:9a:f0:67:12:d9:07.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'littlelawson,192.168.211.3' (RSA) to the list of known hosts.
root@littlelawson's password:
Now try logging into the machine, with "ssh 'root@littlelawson'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
- step 06.检验公钥是否传递成功【当前客户端生成的公钥会传递到(需连接到的那台)服务器的
.ssh/authorized_keys
文件下】
[root@littlelawson .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0mOqjW1LlPZwdKIhp7MW4rNqHzi58MrKeRx1Af5QQWcJBveM5jg6lAlrJSrpERqmobUtoOzAA1cGw+58ba5HCwh/T6IXe4kIPJQA78JAo/8FnOAJfRpOW80CNGbk/XP+E89wGImBN4dKR6a2tL56ZggTJfYvqhQ30Ij5XyQQwEnf9663xn96SePqCvLaSGtuFkrOgmHZSxZQ/XlNFghbkwzDSprKe92FDrTSTbrjaP3/9yKnsNR7lxPMbmHSCqoOPlEaKXjucuFNf+hDE3DJyqY1jOs2pym4Ad+zn4kGMQm5BeZ1fpCS9+M9iuAPjR2QdszYkg8Mt4RM63o9SXX4Tw== root@littlelawson
[root@littlelawson .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0mOqjW1LlPZwdKIhp7MW4rNqHzi58MrKeRx1Af5QQWcJBveM5jg6lAlrJSrpERqmobUtoOzAA1cGw+58ba5HCwh/T6IXe4kIPJQA78JAo/8FnOAJfRpOW80CNGbk/XP+E89wGImBN4dKR6a2tL56ZggTJfYvqhQ30Ij5XyQQwEnf9663xn96SePqCvLaSGtuFkrOgmHZSxZQ/XlNFghbkwzDSprKe92FDrTSTbrjaP3/9yKnsNR7lxPMbmHSCqoOPlEaKXjucuFNf+hDE3DJyqY1jOs2pym4Ad+zn4kGMQm5BeZ1fpCS9+M9iuAPjR2QdszYkg8Mt4RM63o9SXX4Tw== root@littlelawson
3.验证
如下开启hadoop环境,如果没有配置ssh免密登录,每次启动新节点都需要输入密码。
[root@littlelawson sbin]# ./start-all.sh
This script is Deprecated. Instead use start-dfs.sh and start-yarn.sh
Starting namenodes on [littlelawson]
littlelawson: starting namenode, logging to /usr/local/hadoop-2.6.4/logs/hadoop-root-namenode-littlelawson.out
littlelawson: starting datanode, logging to /usr/local/hadoop-2.6.4/logs/hadoop-root-datanode-littlelawson.out
Starting secondary namenodes [0.0.0.0]
The authenticity of host '0.0.0.0 (0.0.0.0)' can't be established.
RSA key fingerprint is 93:5e:0a:d0:7c:6d:46:be:94:ad:9a:f0:67:12:d9:07.
Are you sure you want to continue connecting (yes/no)? yes
0.0.0.0: Warning: Permanently added '0.0.0.0' (RSA) to the list of known hosts.
0.0.0.0: starting secondarynamenode, logging to /usr/local/hadoop-2.6.4/logs/hadoop-root-secondarynamenode-littlelawson.out
starting yarn daemons
starting resourcemanager, logging to /usr/local/hadoop-2.6.4/logs/yarn-root-resourcemanager-littlelawson.out
littlelawson: starting nodemanager, logging to /usr/local/hadoop-2.6.4/logs/yarn-root-nodemanager-littlelawson.out
查看是否完全启动:
[root@littlelawson sbin]# jps
3552 Jps
2900 DataNode
3239 ResourceManager
3335 NodeManager
2809 NameNode
3085 SecondaryNameNode
4.注:
ssh-copy-id -p [port]
这样就可以指定sshd服务的端口号啦