ssh免密碼登錄,折騰了我一天~~~,如果用root權限的話挺簡單的,但是這樣着實有些不正規,畢竟我是專業的好伐~~
所以帶來了很多奇怪的問題,當解決了的時候發現,其實也沒那么麻煩。
以下是我最開始用root用戶做的117單向無密碼連接到118,119,120。這個是構建 hdfs-HA-Federation+yarn之前必須要做的。
在設置免密碼登錄之前,要把自己的hosts中配置好每一個ip對應的名字,方便將來切換和使用,將自己的hostname順便也改了吧,不改也是可以的。
1. 首先要使用下面的命令來生成ssh免密碼的密鑰:
[root@localhost ~]# ssh-keygen -t rsa -P ''
一路回車,如果之前有過,可以選擇yes覆蓋之前的密鑰~~
Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: ca:14:3d:fa:96:ba:41:17:c6:60:7d:dc:31:67:9e:b8 root@localhost.localdomain The key's randomart image is: +--[ RSA 2048]----+ | o. . .o.o | | . +. o .* . | | . *. . o | | + o . | | + S E | | + + . | | + + | | + | | o. | +-----------------+
2.進入該用戶的根目錄,會有隱藏的.ssh文件夾,進入后會看到有個id_rsa.pub,這個就是免密碼的密鑰。將這個密鑰追加到authorized_keys中。
[root@localhost .ssh]# cat id_rsa.pub >> authorized_keys
必須將authorized_keys修改權限為600,說實話我也不知道為啥。
[root@localhost .ssh]# chmod 600 authorized_keys
3.不管用什么方式,將生成的密鑰傳給要免密碼的服務器中(將密鑰分別給到118,119,120)。把自己密鑰給了哪台機器,自己就可以登錄哪台機器
[root@localhost .ssh]# scp id_rsa.pub root@192.168.75.118:/home/id_rsa.pub
復制過去之后重復上面的操作,將傳遞過來的id_rsa.pub中的值追加到生成的authorized_keys(其實直接復制到authorized_keys中就可以,同時也要將權限設置為600)
4.在root權限下,編輯sshd_config文件:
[root@localhost .ssh]# vim /etc/ssh/sshd_config
將RSAAuthentication 和PubkeyAuthentication 的注釋取消,並修改AuthorizedKeyFile的位置(這個位置是相對於進入用戶的位置,而不是root下的位置)
RSAAuthentication yes #啟用RSA認證 PubkeyAuthentication yes #啟用公鑰私鑰配對認證方式
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys# 公鑰文件路徑(和上面生成的文件同)
配置好之后重啟ssh服務:
[root@localhost .ssh]# service sshd restart
Redirecting to /bin/systemctl restart sshd.service
5.測試一下吧~~
[root@qiang117 ~]# ssh node117 Last login: Tue Aug 18 07:48:58 2015 [root@qiang117 ~]# exit logout Connection to node117 closed. [root@qiang117 ~]# ssh node118 Last login: Tue Aug 18 07:46:59 2015 from node117 [root@qiang118 ~]# exit logout Connection to node118 closed. [root@qiang117 ~]# ssh node119 Last login: Tue Aug 18 07:47:17 2015 from node117 [root@localhost ~]# exit logout Connection to node119 closed. [root@qiang117 ~]# ssh node120 Last login: Tue Aug 18 07:47:39 2015 from node117 [root@localhost ~]# exit logout Connection to node120 closed. [root@qiang117 ~]#
這個是后來用非root用戶做的免密碼登錄(需要注意的是,每個服務器的用戶名字應該是一樣的,事實證明不然連不上...)
[qiang@qiang117 ~]$ ssh node117 Last login: Tue Aug 18 08:59:20 2015 [qiang@qiang117 ~]$ ssh node118 Last login: Tue Aug 18 08:59:27 2015 from node117 [qiang@qiang118 ~]$ exit logout Connection to node118 closed. [qiang@qiang117 ~]$ ssh node119 Last login: Tue Aug 18 08:59:40 2015 from node117 [qiang@qiang119 ~]$ exit logout Connection to node119 closed. [qiang@qiang117 ~]$ ssh node120 Last login: Tue Aug 18 09:00:39 2015 from node120 [qiang@qiang120 ~]$ exit logout Connection to node120 closed. [qiang@qiang117 ~]$
創建好新的用戶之后,在該用戶根目錄下重新獲取密鑰,這與root用戶下生成的密鑰是不一樣的~