在使用Hadoop的时候,一般配置SSH使得我们可以无密码登录到主机,下面分别以Ubuntu和CentOS两个平台来举例说明如何配置SSH使得我们可以无密码登录到主机,当然,你得先安装好SSH服务器,并开启(关于如何在Linux平台下安装好SSH请参加本博客的《Linux平台下安装SSH》 )Ubuntu配置步骤如下所示:
[linuxidc@localhost ~]$ ssh-keygen -t dsa -P ''
Generating public/private dsa key pair.
Enter file in which to save the key (/home/linuxidc/.ssh/id_dsa):
Created directory '/home/linuxidc/.ssh'.
Your identification has been saved in /home/linuxidc/.ssh/id_dsa.
Your public key has been saved in /home/linuxidc/.ssh/id_dsa.pub.
The key fingerprint is:
bd:2c:ed:ab:6d:a9:b2:45:88:32:08:5a:d2:d9:ad:cc linuxidc@ubuntu
The key's randomart image is:
+--[ DSA 1024]----+
| |
| . o . |
|o + . . |
|o+ o o . . |
|o o E . S . |
| o . o . |
| o +. |
| .. +o |
| .oo++. |
+-----------------+
这样就会在linuxidc用户的/home/linuxidc/.ssh/目录下生成id_dsa和id_dsa.pub两个文件,输出如下:
[linuxidc@ubuntu ~]$ cd /home/linuxidc/.ssh/
[linuxidc@ubuntu:~/.ssh]$ ls -l
total 8
-rw------- 1 linuxidc linuxidc 668 2013-10-21 02:51 id_dsa
-rw-r--r-- 1 linuxidc linuxidc 600 2013-10-21 02:51 id_dsa.pub
将id_dsa.pub里面的内容加到用于认证的公钥文件中,命令如下(注意:不要复制,一定要用cat去操作,不信你可以去试试。):
[linuxidc@ubuntu:~/.ssh]$ cat id_dsa.pub >> authorized_keys
输入下面命令,如果显示如下类似的信息,就说明配置好了!
[linuxidc@ubuntu:~/.ssh]$ ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is 22:9b:94:45:dc:f0:c8:02:03:b2:a1:30:d3:04:92:01.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
linux ubuntu 2.6.32-38-generic #83-Ubuntu SMP Wed Jan 4 11:12:07 UTC 2012
x86_64 GNU/linux
Ubuntu 10.04.4 LTS
Welcome to Ubuntu!
* Documentation: https://help.ubuntu.com/
242 packages can be updated.
213 updates are security updates.
New release 'precise' available.
Run 'do-release-upgrade' to upgrade to it.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
[linuxidc@localhost ~]$
但是实际上,很多人都没有这么顺利的,一般的问题都是文件权限设置的不对,请把.ssh和authorized_keys的访问权限分别设置为755个600(也就是只有自己对上面两个文件有写权限),命令如下:
[linuxidc@localhost ~]$ chmod 755 /home/linuxidc/.ssh
[linuxidc@localhost ~]$ chmod 600 /home/linuxidc/.ssh/authorized_keys
假如这台服务器上面还有test用户,如何使得linuxidc用户能够无密码登录到test(IP地址为192.168.142.129)呢?执行下面命令
[linuxidc@localhost ~]$ cat /home/linuxidc/.ssh/id_dsa.pub |
ssh test@192.168.142.129 'cat - >> ~/.ssh/authorized_keys'
之后,在linuxidc用户下执行下面命令
[linuxidc@localhost ~]$ ssh test@192.168.142.129
linux ubuntu 2.6.32-38-generic #83-Ubuntu SMP Wed Jan 4 11:12:07
UTC 2012 x86_64 GNU/linux
Ubuntu 10.04.4 LTS
Welcome to Ubuntu!
* Documentation: https://help.ubuntu.com/
240 packages can be updated.
213 updates are security updates.
New release 'precise' available.
Run 'do-release-upgrade' to upgrade to it.
Last login: Mon Oct 21 02:48:01 2013 from localhost
[test@localhost ~]$
如果出现上述类似的信息,说明成功了!登陆到test用户了。注意上面的信息只有第一次登录的时候才会显示,以后登陆只会显示下面类似的信息:
[linuxidc@localhost ~]$ ssh test@192.168.142.129
Last login: Mon Oct 21 02:49:51 2013 from localhost
[test@localhost ~]$
上面是以Ubuntu平台为例子,下面来说说怎么在CentOS平台上面配置,(CentOS由于权限比Ubuntu的更加严格,所以配置起来比较麻烦),首先,我们需要设置一下/etc/ssh/sshd_config文件,请将/etc/ssh/sshd_config文件中下面三行的注释去掉: