1. Host list
Machine IP | the corresponding hostname |
192.168.38.129 | master |
192.168.38.130 | slave1 |
192.168.38.131 | slave2 |
Note: hostnames cannot have underscores
2. Environment settings
2.1 Turn off the firewall (root privileges)
Close selinux. Go to /etc/selinux/config and change SELINUX=enforcing to SELINUX=disabled. Root privileges are required.
# su root
Password:
$ vim /etc/selinux/config
找到SELINUX并修改为SELINUX=disabled
Turn off firewall iptables
service iptables stop(服务器重启后会失效)
chkconfig iptables off(重启自动关闭防火墙)
2.2 Modify the sshd configuration file (root permissions)
$ vim /etc/ssh/sshd_config
找到以下内容,并去掉注释符“#”
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
2.3 Restart the sshd service (root privileges)
$ /sbin/service sshd restart
或 /etc/init.d/sshd restart
3. Generate public key and private key (129 server, just press Enter all the way)
Switch from root to the user hadoop to log in without a password, and execute the command.
[hadoop@master .ssh]$ pwd
/home/hadoop/.ssh
[hadoop@master .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
01:9b:62:62:01:2b:8e:cf:5d:a7:c0:b9:b9:0a:dd:09 hadoop@master
The key's randomart image is:
+--[ RSA 2048]----+
|... . |
| . . + |
|o o o o . |
|+. + o . |
|..E + . S |
| + + * o |
|. + * . |
| . . |
| ... |
+-----------------+
[hadoop@master .ssh]$
By default, two files are generated in the user hadoop directory (~/.ssh/)
[hadoop@master .ssh]$ ls -lt
total 8
-rw------- 1 hadoop hadoop 1675 Apr 13 20:35 id_rsa
-rw-r--r-- 1 hadoop hadoop 395 Apr 13 20:35 id_rsa.pub
3.1 Generate public key authentication files and change permissions
[hadoop@master .ssh]# cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[hadoop@master .ssh]# chmod 700 ~/.ssh/
[hadoop@master .ssh]# chmod 600 ~/.ssh/authorized_keys
3.2 Copy the generated public key authentication file to other node machines
[hadoop@master .ssh]$ scp ~/.ssh/id_rsa.pub hadoop@slave1:~/.ssh/
The authenticity of host 'slave1 (192.168.38.130)' can't be established.
RSA key fingerprint is 03:eb:14:6a:1d:a8:33:86:d7:c8:93:e0:8e:d0:4e:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave1,192.168.38.130' (RSA) to the list of known hosts.
hadoop@slave1's password: 输入你的密码回车
id_rsa.pub 100% 395 0.4KB/s 00:00
[hadoop@master .ssh]$ scp ~/.ssh/id_rsa.pub hadoop@slave2:~/.ssh/
The authenticity of host 'slave2 (192.168.38.131)' can't be established.
RSA key fingerprint is 03:eb:14:6a:1d:a8:33:86:d7:c8:93:e0:8e:d0:4e:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave2,192.168.38.131' (RSA) to the list of known hosts.
hadoop@slave2's password: 输入你的密码回车
id_rsa.pub 100% 395 0.4KB/s 00:00
[hadoop@master .ssh]$
3.3 If ssh slave1 fails, you still need to enter the password
If you have used the above methods, you still need to prompt for a password when entering ssh localhost. At this time, try the following method. By executing the ssh-copy-id command on the master node, the generated public key is automatically added to authorized_keys.
Or the server looks at the log file: /var/log/secure to find the reason
[hadoop@master .ssh]$ ssh-copy-id -i id_rsa.pub "-p 22 hadoop@slave1"
hadoop@slave1's password: 输入hadoop用户的密码
Now try logging into the machine, with "ssh '-p 22 hadoop@slave1'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[hadoop@master .ssh]$ ssh-copy-id -i id_rsa.pub "-p 22 hadoop@slave2"
hadoop@slave2's password: 输入hadoop用户的密码
Now try logging into the machine, with "ssh '-p 22 hadoop@slave2'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[hadoop@master .ssh]$
Observe the other two slave server .ssh directory listings
3.4 Testing
[hadoop@master .ssh]$ ssh slave1
Last login: Fri Apr 13 20:40:05 2018 from 192.168.38.1
[hadoop@slave1 ~]$ exit
logout
Connection to slave1 closed.
或者
或者ssh -v jay@slave1 (-v 调试模式,显示登陆信息)
Password-free login is successful. . . . .
4 Configure to log in to master from slave1 or slave2
4.1 Test, password-free login from slave1 to master
As shown in the image above, a password is still required. . . . .
4.2 Configure the private key and public key of the slave1 server
[hadoop@slave1 .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
b6:db:2d:f9:9d:d9:3e:e7:c8:1c:82:4a:16:ae:6e:07 hadoop@slave1
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| |
| |
| S |
| Eo o . |
| .= ... . |
| .+.+o. = B.|
| oo.o .oo Bo*|
+-----------------+
[hadoop@slave1 .ssh]$ ll
total 12
-rw------- 1 hadoop hadoop 395 Apr 13 20:59 authorized_keys
-rw------- 1 hadoop hadoop 1675 Apr 13 21:25 id_rsa
-rw-r--r-- 1 hadoop hadoop 395 Apr 13 21:25 id_rsa.pub
[hadoop@slave1 .ssh]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[hadoop@slave1 .ssh]$ chmod 700 ~/.ssh/
[hadoop@slave1 .ssh]$ chmod 600 ~/.ssh/authorized_keys
[hadoop@slave1 .ssh]$ ll
total 12
-rw------- 1 hadoop hadoop 790 Apr 13 21:27 authorized_keys
-rw------- 1 hadoop hadoop 1675 Apr 13 21:25 id_rsa
-rw-r--r-- 1 hadoop hadoop 395 Apr 13 21:25 id_rsa.pub
[hadoop@slave1 .ssh]$ ssh-copy-id -i id_rsa.pub "-p 22 hadoop@master"
hadoop@master's password:
Now try logging into the machine, with "ssh '-p 22 hadoop@master'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[hadoop@slave1 .ssh]$
[hadoop@slave1 .ssh]$ ssh-copy-id -i id_rsa.pub "-p 22 hadoop@slave2"
The authenticity of host 'slave2 (192.168.38.131)' can't be established.
RSA key fingerprint is 03:eb:14:6a:1d:a8:33:86:d7:c8:93:e0:8e:d0:4e:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave2,192.168.38.131' (RSA) to the list of known hosts.
hadoop@slave2's password:
Now try logging into the machine, with "ssh '-p 22 hadoop@slave2'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[hadoop@slave1 .ssh]$ ssh slave2
Last login: Fri Apr 13 21:19:27 2018 from master
[hadoop@slave2 ~]$ exit
logout
Connection to slave2 closed.
[hadoop@slave1 .ssh]$
4.3 The slave2 configuration method is the same as the slave1 step configuration