Centos6.5 ssh password-free login configuration (two-way)

1. Host list

Machine IP	the corresponding hostname
192.168.38.129	master
192.168.38.130	slave1
192.168.38.131	slave2

Note: hostnames cannot have underscores

2. Environment settings

2.1 Turn off the firewall (root privileges)

Close selinux. Go to /etc/selinux/config and change SELINUX=enforcing to SELINUX=disabled. Root privileges are required.

# su root
Password:
$ vim /etc/selinux/config
找到SELINUX并修改为SELINUX=disabled

Turn off firewall iptables

service iptables stop(服务器重启后会失效)
chkconfig iptables off（重启自动关闭防火墙）

2.2 Modify the sshd configuration file (root permissions)

$ vim /etc/ssh/sshd_config
　　找到以下内容，并去掉注释符“#”
　　RSAAuthentication yes
　　PubkeyAuthentication yes
　　AuthorizedKeysFile      .ssh/authorized_keys

2.3 Restart the sshd service (root privileges)

$ /sbin/service sshd restart
或 /etc/init.d/sshd restart

3. Generate public key and private key (129 server, just press Enter all the way)

Switch from root to the user hadoop to log in without a password, and execute the command.

[hadoop@master .ssh]$ pwd
/home/hadoop/.ssh
[hadoop@master .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
01:9b:62:62:01:2b:8e:cf:5d:a7:c0:b9:b9:0a:dd:09 hadoop@master
The key's randomart image is:
+--[ RSA 2048]----+
|...   .          |
| . .   +         |
|o o o o .        |
|+. + o   .       |
|..E + . S        |
| + + * o         |
|. + * .          |
| .   .           |
|  ...            |
+-----------------+
[hadoop@master .ssh]$

By default, two files are generated in the user hadoop directory (~/.ssh/)

[hadoop@master .ssh]$ ls -lt
total 8
-rw------- 1 hadoop hadoop 1675 Apr 13 20:35 id_rsa
-rw-r--r-- 1 hadoop hadoop  395 Apr 13 20:35 id_rsa.pub

3.1 Generate public key authentication files and change permissions

[hadoop@master .ssh]# cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[hadoop@master .ssh]# chmod 700 ~/.ssh/
[hadoop@master .ssh]# chmod 600 ~/.ssh/authorized_keys

3.2 Copy the generated public key authentication file to other node machines

[hadoop@master .ssh]$ scp ~/.ssh/id_rsa.pub hadoop@slave1:~/.ssh/
The authenticity of host 'slave1 (192.168.38.130)' can't be established.
RSA key fingerprint is 03:eb:14:6a:1d:a8:33:86:d7:c8:93:e0:8e:d0:4e:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave1,192.168.38.130' (RSA) to the list of known hosts.
hadoop@slave1's password: 输入你的密码回车
id_rsa.pub                                                                                                                                                                   100%  395     0.4KB/s   00:00    
[hadoop@master .ssh]$ scp ~/.ssh/id_rsa.pub hadoop@slave2:~/.ssh/
The authenticity of host 'slave2 (192.168.38.131)' can't be established.
RSA key fingerprint is 03:eb:14:6a:1d:a8:33:86:d7:c8:93:e0:8e:d0:4e:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave2,192.168.38.131' (RSA) to the list of known hosts.
hadoop@slave2's password: 输入你的密码回车
id_rsa.pub                                                                                                                                                                   100%  395     0.4KB/s   00:00    
[hadoop@master .ssh]$

3.3 If ssh slave1 fails, you still need to enter the password

If you have used the above methods, you still need to prompt for a password when entering ssh localhost. At this time, try the following method. By executing the ssh-copy-id command on the master node, the generated public key is automatically added to authorized_keys.

Or the server looks at the log file: /var/log/secure to find the reason

[hadoop@master .ssh]$ ssh-copy-id -i  id_rsa.pub "-p 22 hadoop@slave1"
hadoop@slave1's password: 输入hadoop用户的密码
Now try logging into the machine, with "ssh '-p 22 hadoop@slave1'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[hadoop@master .ssh]$ ssh-copy-id -i  id_rsa.pub "-p 22 hadoop@slave2"
hadoop@slave2's password: 输入hadoop用户的密码
Now try logging into the machine, with "ssh '-p 22 hadoop@slave2'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[hadoop@master .ssh]$

Observe the other two slave server .ssh directory listings

3.4 Testing

[hadoop@master .ssh]$ ssh slave1
Last login: Fri Apr 13 20:40:05 2018 from 192.168.38.1
[hadoop@slave1 ~]$ exit
logout
Connection to slave1 closed.

或者

或者ssh -v jay@slave1 (-v 调试模式,显示登陆信息)

Password-free login is successful. . . . .

4 Configure to log in to master from slave1 or slave2

4.1 Test, password-free login from slave1 to master

As shown in the image above, a password is still required. . . . .

4.2 Configure the private key and public key of the slave1 server

[hadoop@slave1 .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
b6:db:2d:f9:9d:d9:3e:e7:c8:1c:82:4a:16:ae:6e:07 hadoop@slave1
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|                 |
|        S        |
|      Eo o .     |
|       .= ... .  |
|      .+.+o. = B.|
|     oo.o .oo Bo*|
+-----------------+
[hadoop@slave1 .ssh]$ ll
total 12
-rw------- 1 hadoop hadoop  395 Apr 13 20:59 authorized_keys
-rw------- 1 hadoop hadoop 1675 Apr 13 21:25 id_rsa
-rw-r--r-- 1 hadoop hadoop  395 Apr 13 21:25 id_rsa.pub
[hadoop@slave1 .ssh]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[hadoop@slave1 .ssh]$ chmod 700 ~/.ssh/
[hadoop@slave1 .ssh]$ chmod 600 ~/.ssh/authorized_keys
[hadoop@slave1 .ssh]$ ll
total 12
-rw------- 1 hadoop hadoop  790 Apr 13 21:27 authorized_keys
-rw------- 1 hadoop hadoop 1675 Apr 13 21:25 id_rsa
-rw-r--r-- 1 hadoop hadoop  395 Apr 13 21:25 id_rsa.pub
[hadoop@slave1 .ssh]$ ssh-copy-id -i  id_rsa.pub "-p 22 hadoop@master"
hadoop@master's password: 
Now try logging into the machine, with "ssh '-p 22 hadoop@master'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[hadoop@slave1 .ssh]$

[hadoop@slave1 .ssh]$ ssh-copy-id -i  id_rsa.pub "-p 22 hadoop@slave2"
The authenticity of host 'slave2 (192.168.38.131)' can't be established.
RSA key fingerprint is 03:eb:14:6a:1d:a8:33:86:d7:c8:93:e0:8e:d0:4e:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave2,192.168.38.131' (RSA) to the list of known hosts.
hadoop@slave2's password: 
Now try logging into the machine, with "ssh '-p 22 hadoop@slave2'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[hadoop@slave1 .ssh]$ ssh slave2
Last login: Fri Apr 13 21:19:27 2018 from master
[hadoop@slave2 ~]$ exit
logout
Connection to slave2 closed.
[hadoop@slave1 .ssh]$