在使用Hadoop的時候,一般配置SSH使得我們可以無密碼登錄到主機,下面分別以Ubuntu和CentOS兩個平台來舉例說明如何配置SSH使得我們可以無密碼登錄到主機,當然,你得先安裝好SSH服務器,並開啟(關於如何在Linux平台下安裝好SSH請參加本博客的《Linux平台下安裝SSH》 http://www.linuxidc.com/Linux/2014-01/94793.htm)Ubuntu配置步驟如下所示:
[linuxidc@localhost ~]$ ssh-keygen -t dsa -P ''
Generating public/private dsa key pair.
Enter file in which to save the key (/home/linuxidc/.ssh/id_dsa):
Created directory '/home/linuxidc/.ssh'.
Your identification has been saved in /home/linuxidc/.ssh/id_dsa.
Your public key has been saved in /home/linuxidc/.ssh/id_dsa.pub.
The key fingerprint is:
bd:2c:ed:ab:6d:a9:b2:45:88:32:08:5a:d2:d9:ad:cc linuxidc@ubuntu
The key's randomart image is:
+--[ DSA 1024]----+
| |
| . o . |
|o + . . |
|o+ o o . . |
|o o E . S . |
| o . o . |
| o +. |
| .. +o |
| .oo++. |
+-----------------+
這樣就會在linuxidc用戶的/home/linuxidc/.ssh/目錄下生成id_dsa和id_dsa.pub兩個文件,輸出如下:
[linuxidc@ubuntu ~]$ cd /home/linuxidc/.ssh/
[linuxidc@ubuntu:~/.ssh]$ ls -l
total 8
-rw------- 1 linuxidc linuxidc 668 2013-10-21 02:51 id_dsa
-rw-r--r-- 1 linuxidc linuxidc 600 2013-10-21 02:51 id_dsa.pub
將id_dsa.pub裡面的內容加到用於認證的公鑰文件中,命令如下(注意:不要復制,一定要用cat去操作,不信你可以去試試。):
[linuxidc@ubuntu:~/.ssh]$ cat id_dsa.pub >> authorized_keys
輸入下面命令,如果顯示如下類似的信息,就說明配置好了!
[linuxidc@ubuntu:~/.ssh]$ ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is 22:9b:94:45:dc:f0:c8:02:03:b2:a1:30:d3:04:92:01.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
linux ubuntu 2.6.32-38-generic #83-Ubuntu SMP Wed Jan 4 11:12:07 UTC 2012
x86_64 GNU/linux
Ubuntu 10.04.4 LTS
Welcome to Ubuntu!
* Documentation: https://help.ubuntu.com/
242 packages can be updated.
213 updates are security updates.
New release 'precise' available.
Run 'do-release-upgrade' to upgrade to it.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
[linuxidc@localhost ~]$
但是實際上,很多人都沒有這麼順利的,一般的問題都是文件權限設置的不對,請把.ssh和authorized_keys的訪問權限分別設置為755個600(也就是只有自己對上面兩個文件有寫權限),命令如下:
[linuxidc@localhost ~]$ chmod 755 /home/linuxidc/.ssh
[linuxidc@localhost ~]$ chmod 600 /home/linuxidc/.ssh/authorized_keys
假如這台服務器上面還有test用戶,如何使得linuxidc用戶能夠無密碼登錄到test(IP地址為192.168.142.129)呢?執行下面命令
[linuxidc@localhost ~]$ cat /home/linuxidc/.ssh/id_dsa.pub |
ssh [email protected] 'cat - >> ~/.ssh/authorized_keys'
之後,在linuxidc用戶下執行下面命令
[linuxidc@localhost ~]$ ssh [email protected]
linux ubuntu 2.6.32-38-generic #83-Ubuntu SMP Wed Jan 4 11:12:07
UTC 2012 x86_64 GNU/linux
Ubuntu 10.04.4 LTS
Welcome to Ubuntu!
* Documentation: https://help.ubuntu.com/
240 packages can be updated.
213 updates are security updates.
New release 'precise' available.
Run 'do-release-upgrade' to upgrade to it.
Last login: Mon Oct 21 02:48:01 2013 from localhost
[test@localhost ~]$
如果出現上述類似的信息,說明成功了!登陸到test用戶了。注意上面的信息只有第一次登錄的時候才會顯示,以後登陸只會顯示下面類似的信息:
[linuxidc@localhost ~]$ ssh [email protected]
Last login: Mon Oct 21 02:49:51 2013 from localhost
[test@localhost ~]$
上面是以Ubuntu平台為例子,下面來說說怎麼在CentOS平台上面配置,(CentOS由於權限比Ubuntu的更加嚴格,所以配置起來比較麻煩),首先,我們需要設置一下/etc/ssh/sshd_config文件,請將/etc/ssh/sshd_config文件中下面三行的注釋去掉:
[root@localhost ~]# vim /etc/ssh/sshd_config
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
其余的步驟和開始的一樣如下所示:
[linuxidc@localhost ~]$ ssh-keygen -t dsa -P ''
Generating public/private dsa key pair.
Created directory '/home/linuxidc/.ssh'.
Your identification has been saved in /home/linuxidc/.ssh/dsa.
Your public key has been saved in /home/linuxidc/.ssh/dsa.pub.
The key fingerprint is:
15:57:37:f1:ee:05:26:3a:9e:e1:aa:b3:11:27:b3:1a [email protected]
The key's randomart image is:
+--[ DSA 1024]----+
| . ...oo|
| o .o|
| . . o .|
| . . o o |
| + S + o|
| * o + ..|
| E o + .|
| o.. . |
| . o+. |
+-----------------+
[linuxidc@localhost ~]$ cat ~/.ssh/dsa.pub >> ~/.ssh/authorized_keys
[linuxidc@localhost ~]$ ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is f3:f8:0b:26:a1:8e:14:55:34:ec:cb:99:f8:70:2c:d3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
Last login: Fri Aug 9 08:39:32 2013 from 192.168.142.1
[linuxidc@localhost ~]$
好了,配置完成了。
