红联Linux门户
Linux帮助

Linux(CentOS)SSH无密码验证登陆

发布时间:2015-06-11 15:45:19来源:linux网站作者:li8630

最近在搭建Hadoop集群,为了操作方便,需要Master用无密码验证的方式的SSH登陆Slave。


1.原理:
Master作为客户端,要实现无密码公钥认证,连接到服务器Salve上时,需要在Master上生成一个密钥对,包括一个公钥和一个私钥,而后将公钥复制到所有的Salve上。当Master通过SSH链接到Salve上时,Salve会生成一个随机数并用Master的公钥对随机数进行加密,并发送给Master。Master收到加密数之后再用私钥解密,并将解密数回传给Salve,Salve确认解密数无误之后就允许Master进行连接了。这就是一个公钥认证过程,期间不需要手工输入密码,重要的过程是将Master上产生的公钥复制到Salve上。


2.在Master上登陆Hadoop用户,执行以下命令,生成密钥对,并把公钥文件写入授权文件中,并赋值权限

[hadoop@master bin]$ ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
93:21:fb:20:01:c9:13:a3:28:01:6c:57:3b:a0:e0:e2 hadoop@master
The key's randomart image is:
+--[ RSA 2048]----+
|*.++..           |
|+==+. .          |
|*o...o. .        |
|+    ..o o       |
| E  . o S        |
|     . o .       |
|        .        |
|                 |
|                 |
+-----------------+
[hadoop@master bin]$  cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[hadoop@master bin]$ chmod 600 ~/.ssh/authorized_keys


3.切换root用户,配置sshd,取消被注释的公钥字段,
RSAAuthentication yes # 启用 RSA 认证
PubkeyAuthentication yes # 启用公钥私钥配对认证方式
AuthorizedKeysFile .ssh/authorized_keys # 公钥文件路径(和上面生成的文件同) 并保存设置,然后重启sshd,即可测试本机的SSH

[hadoop@master bin]$ su root
密码:
bash-4.1# vim /etc/ssh/sshd_config
bash-4.1# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]


4.本机测试:这里我用了localhost,IP地址,hostname来进行测试,可以发现均不需要输入密码。

[hadoop@master bin]$ ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is 3a:99:7f:41:68:bd:3b:80:43:bb:8a:5c:62:73:1f:45.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
[hadoop@master ~]$ ssh 172.16.1.17
The authenticity of host '172.16.1.17 (172.16.1.17)' can't be established.
RSA key fingerprint is 3a:99:7f:41:68:bd:3b:80:43:bb:8a:5c:62:73:1f:45.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.1.17' (RSA) to the list of known hosts.
Last login: Wed Jun 10 12:37:23 2015 from ::1
[hadoop@master ~]$ ssh master
sysconfig/       system-release
The authenticity of host 'master (172.16.1.17)' can't be established.
RSA key fingerprint is 3a:99:7f:41:68:bd:3b:80:43:bb:8a:5c:62:73:1f:45.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'master' (RSA) to the list of known hosts.
Last login: Wed Jun 10 12:38:37 2015 from 172.16.1.17


下面介绍Master用无密码验证的方式的SSH登陆Slave

1.首先在Slave上创建用户hadoop,并设置密码

-bash-4.1# useradd hadoop
-bash-4.1# ls -l /home
总用量 8
drwx------ 2 hadoop hadoop 4096 6月  10 12:58 hadoop
drwx------ 2 xc     xc     4096 7月   9 2013 xc
-bash-4.1# passwd hadoop
更改用户 hadoop 的密码 。
新的 密码:
重新输入新的 密码:
passwd: 所有的身份验证令牌已经成功更新。


2.切换到Master,并将Master上的公钥scp到Slave节点的Hadoop用户上

[hadoop@master ~]$ scp ~/.ssh/id_rsa.pub hadoop@slave2:~/
The authenticity of host 'slave2 (172.16.1.20)' can't be established.
RSA key fingerprint is 67:22:ba:43:ad:fe:a2:d4:ad:43:26:4b:71:d0:54:af.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave2,172.16.1.20' (RSA) to the list of known hosts.
hadoop@slave2's password:
id_rsa.pub                                                         100%  395     0.4KB/s   00:00
[hadoop@master ~]$


3.拷贝完后到Slave节点上,公钥追加授权文件,并修改权限

[hadoop@master ~]$ ssh hadoop@slave2
hadoop@slave2's password:
[hadoop@slave2 ~]$ ls
id_rsa.pub
[hadoop@slave2 ~]$ mkdir ~/.ssh
[hadoop@slave2 ~]$ chmod 700 ~/.ssh/
[hadoop@slave2 ~]$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
[hadoop@slave2 ~]$ chmod 600 ~/.ssh/authorized_keys
[hadoop@slave2 ~]$


4.然后切换至root用,修改sshd配置,并重启sshd服务。
1)在/etc/sys下添加下面两行代码

sysconfig/      system-release
sysctl.conf     system-release-cpe

2)然后修改 /etc/ssh/sshd_config文件,将下面三行注释(#)取消掉)

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

3)重启sshd服务

service sshd restart


5.回到Master下进行测试,发现可以不用输入密码,便可以ssh到Slave节点的Hadoop用户上。

[hadoop@master ~]$ ssh hadoop@slave2
Last login: Wed Jun 10 13:09:53 2015 from 172.16.1.17
[hadoop@slave2 ~]$


如何实现SSH无密码登录:http://www.linuxdiyf.com/linux/12157.html

如何设置Ubuntu 14.04的SSH无密码登录:http://www.linuxdiyf.com/linux/10625.html

Ubuntu和CentOS配置SSH无密码登录:http://www.linuxdiyf.com/linux/11400.html

Linux下实现SSH无密码验证登陆:http://www.linuxdiyf.com/linux/11394.html

CentOS下SSH无密码登录的配置:http://www.linuxdiyf.com/linux/3745.html