openSSH的安裝是學習hadoop必不可少的一步,如果ssh裝不好,hadoop的安裝會進行不下去。本人初學hadoop時發現以前安裝ssh走了一些彎路,現在又有了一些認識,所以重寫了這篇日志,供其他需要的朋友參考。
本文安裝的版本是OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014,已經試驗成功。
1. 通過cygwin安裝openSSH
cygwin怎么裝就不說了,不懂的可以見另一篇博客cygwin安裝
如下圖添加openssh,openssl組件即可安裝。 
2. 配置SSH服務
2.1.[以管理員身份運行]桌面上的Cygwin,必須的,不然沒權限創建sshd服務。這點以后運行Cygwin時請作為一個常識銘記在心,后面不再贅述。
2.2 查看ssh版本號
$ ssh -V OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
2.3 輸入
ssh-host-config
然后按照提示一步一步來
*** Info: Generating missing SSH host keys
ssh-keygen: generating new host keys: RSA1 RSA DSA ECDSA ED25519
*** Info: Creating default /etc/ssh_config file
*** Info: Creating default /etc/sshd_config file
*** Info: StrictModes is set to 'yes' by default.
*** Info: This is the recommended setting, but it requires that the POSIX
*** Info: permissions of the user's home directory, the user's .ssh
*** Info: directory, and the user's ssh key files are tight so that
*** Info: only the user has write permissions.
*** Info: On the other hand, StrictModes don't work well with default
*** Info: Windows permissions of a home directory mounted with the
*** Info: 'noacl' option, and they don't work at all if the home
*** Info: directory is on a FAT or FAT32 partition.
*** Query: Should StrictModes be used? (yes/no) no
*** Info: Privilege separation is set to 'sandbox' by default since
*** Info: OpenSSH 6.1. This is unsupported by Cygwin and has to be set
*** Info: to 'yes' or 'no'.
*** Info: However, using privilege separation requires a non-privileged account
*** Info: called 'sshd'.
*** Info: For more info on privilege separation read /usr/share/doc/openssh/README.privsep.
*** Query: Should privilege separation be used? (yes/no) no
*** Info: Updating /etc/sshd_config file
*** Query: Do you want to install sshd as a service?
*** Query: (Say "no" if it is already installed as a service) (yes/no) yes
*** Query: Enter the value of CYGWIN for the daemon: []
*** Info: On Windows Server 2003, Windows Vista, and above, the
*** Info: SYSTEM account cannot setuid to other users -- a capability
*** Info: sshd requires. You need to have or to create a privileged
*** Info: account. This script will help you do so.
*** Info: You appear to be running Windows XP 64bit, Windows 2003 Server,
*** Info: or later. On these systems, it's not possible to use the LocalSystem
*** Info: account for services that can change the user id without an
*** Info: explicit password (such as passwordless logins [e.g. public key
*** Info: authentication] via sshd).
*** Info: If you want to enable that functionality, it's required to create
*** Info: a new account with special privileges (unless a similar account
*** Info: already exists). This account is then used to run these special
*** Info: servers.
*** Info: Note that creating a new user requires that the current account
*** Info: have Administrator privileges itself.
*** Info: No privileged account could be found.
*** Info: This script plans to use 'cyg_server'.
*** Info: 'cyg_server' will only be used by registered services.
*** Query: Do you want to use a different name? (yes/no) no
*** Query: Create new privileged user account 'cyg_server'? (yes/no) yes
*** Info: Please enter a password for new user cyg_server. Please be sure
*** Info: that this password matches the password rules given on your system.
*** Info: Entering no password will exit the configuration.
*** Query: Please enter the password:
*** Query: Reenter:
*** Info: User 'cyg_server' has been created with password 'cyg_server'.
*** Info: If you change the password, please remember also to change the
*** Info: password for the installed services which use (or will soon use)
*** Info: the 'cyg_server' account.
*** Info: Also keep in mind that the user 'cyg_server' needs read permissions
*** Info: on all users' relevant files for the services running as 'cyg_server'.
*** Info: In particular, for the sshd server all users' .ssh/authorized_keys
*** Info: files must have appropriate permissions to allow public key
*** Info: authentication. (Re-)running ssh-user-config for each user will set
*** Info: these permissions correctly. [Similar restrictions apply, for
*** Info: instance, for .rhosts files if the rshd server is running, etc].
*** Info: The sshd service has been installed under the 'cyg_server'
*** Info: account. To start the service now, call `net start sshd' or
*** Info: `cygrunsrv -S sshd'. Otherwise, it will start automatically
*** Info: after the next reboot.
*** Info: Host configuration finished. Have fun!
上面會提示創建一個用戶cyg_server,並提示你輸入該用戶的密碼,我們這里輸入和用戶名一樣的密碼cyg_server,后面會用到。
請注意cyg_server用戶的創建是強制的,沒有這個用戶即使sshd裝好也不行的,后面使用的時候會出現Connection closed的錯誤,本人就在這里栽了跟頭,浪費了好多時間。
2.3 好了到服務里看一下,會多出來一個CYGWIN sshd,可以把它設置成手動啟動,然后我們啟動它。 
注意下圖,sshd必須要用cyg_server用戶登陸的,換成“本地系統賬戶”是不行的。本人在這里栽了跟頭,浪費了好多時間。 
2.4 系統會在Cygwin的home目錄下生成一個和你windows用戶名同名的目錄,此處假設用戶名為Administrator
如果home目錄下沒有和你windows用戶名同名的目錄的話,嘗試刪除環境變量HOME再試。
3.啟動OpenSSH服務的方法
A.在command控制台上啟動
net start sshd
net stop sshd
B.在Cygwin控制台上啟動
cygwin --start sshd
cygwin --stop sshd
4. 配置用戶密碼(廢棄,不建議使用)
輸入
ssh-user-config
*** Query: Shall I create a SSH2 DSA identity file for you? (yes/no) yes
** Query: Shall I create a SSH2 ECDSA identity file for you? (yes/no) yes
以上2個問題選yes,還有一個ssh1的就不要創建了。
注意密碼必須4位以上,不然會創建失敗。
我們輸入密碼'password',后面會用到。
成功的話在cygwin\home\Administrator\.ssh目錄下會有如圖所示的這些文件。 
5.測試(廢棄,不建議使用)
在command控制台上用
ssh Administrator@127.0.0.1
輸入密碼如果沒報錯,進去以后再執行ls都沒問題的話,說明OpenSSH安裝配置成功。
注意這里有2種輸密碼的方法,一種是Enter passphrase for key 'id_dsa', 'id_ecdsa',輸入之前的password可以進去
還有一種這2個密碼直接敲回車,表示不輸,然后會提示
Administrator@127.0.0.1's password:
這里注意要輸入之前cyg_server用戶的密碼,即cyg_server也可以進去
不行的話通過passwd Administrator命令自己改密碼吧
如果還進不去,可以試試防火牆設置里面將22號端口放開,SSH服務默認使用的是22號端口。
6.秘鑰方式登陸
這種方式無需輸入密碼,可以直接登陸。
參考資料
http://blog.chinaunix.net/uid-311680-id-2439725.html
6.1首先生成公鑰和私鑰
Administrator@PC-201308290023 ~
$ pwd
/home/Administrator
Administrator@PC-201308290023 ~
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/Administrator/.ssh/id_rsa):
Created directory '/home/Administrator/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/Administrator/.ssh/id_rsa.
Your public key has been saved in /home/Administrator/.ssh/id_rsa.pub.
The key fingerprint is:
0f:95:15:a7:4a:2b:f2:72:d4:e1:bd:f3:9b:c2:79:38 Administrator@PC-201308290023
The key's randomart image is:
+---[RSA 2048]----+
| o.. |
| o o |
| = . |
| = = |
| . S = . |
| + + . |
| . o ..oo |
| o Eo.. |
| ++. |
+-----------------+
6.2 拷貝公鑰到服務器
我們用之前的要輸入密碼的方式用scp命令將文件傳到服務器上
C:\Users\Administrator>scp id_rsa.pub Administrator@localhost:~/.ssh
Enter passphrase for key '/home/Administrator/.ssh/id_dsa':
setsockopt IPV6_TCLASS 8: Protocol not available:
id_rsa.pub 100% 411 0.4KB/s 00:00
6.3 將公鑰的文本信息附加到服務器authorized_keys文件的末尾(用cat命令)
C:\Users\Administrator>ssh Administrator@localhost
Enter passphrase for key '/home/Administrator/.ssh/id_dsa':
setsockopt IPV6_TCLASS 16: Protocol not available:
Last login: Mon May 5 21:56:42 2014 from 127.0.0.1
Administrator@PC-201308290023 ~
$ cd .ssh
Administrator@PC-201308290023 ~/.ssh
$ cat id_rsa.pub >> authorized_keys
Administrator@PC-201308290023 ~/.ssh
$ logout
Connection to localhost closed.
如果都是在localhost一台機器做實驗的話,6.2,6.3也可以簡化為
Administrator@PC-201308290023 ~
$ cd .ssh
Administrator@PC-201308290023 ~/.ssh
$ cat id_rsa.pub >> authorized_keys
6.4 可以使用密鑰登陸服務器了,這樣就無需輸入密碼了。
關閉重新登錄cygwin,第一次會提示
Administrator@PC-201308290023 ~
$ ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is 2b:91:c2:13:ea:5c:d0:5c:9c:2f:81:b6:62:c2:fc:ee.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
再次關閉重新登錄cygwin,以后就不會提示了。
Administrator@PC-201308290023 ~
$ ssh localhost
Last login: Tue Nov 11 22:35:18 2014 from ::1
輸入who和who am i確認一下是否成功。
Administrator@PC-201308290023 ~
$ who
Administrator pty1 2014-11-11 22:35 (::1)
Administrator@PC-201308290023 ~
$ who am i
Administrator pty1 2014-11-11 22:35 (::1)
7.常見錯誤
Connection closed by ::1
Error installing a service: CreateService: Win32 error 1057
這些錯誤是我碰到過的,碰到這些錯,表示你前面安裝步驟有誤,比如cyg_server用戶沒創建,或者是你曾經輸入過cygrunsrv -R sshd命令刪除過sshd。
如果是這樣,那就沒轍了,卸載cygwin重來吧,至少我還沒找到一個好方法,但是卸載重裝cygwin是有效的。
卸載方法:刪除cygwin目錄下的所有東東就可以了,當然,你可以保留之前download下來的安裝包,節省重新下載的時間。
補充:可能將這個文件C:\cygwin64\etc\passwd里面cyg_server這個用戶刪掉可以解決。本文沒試過,大家如果出這個錯可以作為最后一根救命稻草試一下。