SSH无密码登陆

一、环境

操作系统：CentOS

集群的ip:192.168.241.130 hadoopnamenode

192.168.241.131 hadoopdatanode1

192.168.241.132 hadoopdatanode2

用户：root,其他的也可以

   ssh在~/.ssh或者/root/.ssh的目录下

二、如果你在启动hadoop集群的时候发现有报The authenticity of host 'localhost (127.0.0.1)' can't be established.的错误那说明你的ssh无密码登陆失败了，所以，不能让集群正常的进行。

1、配置hadoopnamenode(hadoopdatanode1|hadoopdatanode2以hadoopnamenode为例) 无密码登陆localhost

a、获取密钥对：

[email protected]:~# ssh-keygen -t rsa或者是ssh-keygen（如果你的ssh目录下有id_rsa的话）

Generating public/private rsa key pair.

Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/hadoop/.ssh/id_rsa.

Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.

The key fingerprint is:

c8:5e:3e:c1:9b:52:6f:24:a5:e4:c1:1c:00:8d:fb:3b [email protected]

The key's randomart image is:

+--[ RSA 2048]----+

| .+... |

| . .o . |

| . = . |

| .. = + |

| .o S . |

| ..+ B |

| o.= o |

| E. o |

| . |

+-----------------+

       b、把秘钥对保存到authorkeys_keys中

[email protected]:~/.ssh# cat id_rsa.pub >> authorized_keys

    c、设置authorized_keys权限：

# chmod 600 authorized_keys

d、修改/etc/ssh/sshd_config文件中：

1.RSAAuthentication yes # 启用 RSA 认证

2.PubkeyAuthentication yes # 启用公钥私钥配对认证方式

3.AuthorizedKeysFile ~/.ssh/authorized_keys # 公钥文件路径

e、[email protected]:#ssh localhost验证是否可以无密码进入本地

2、配置hadoopnamenode 无密码登陆hadoopdatanode1和hadoopdatanode2(现以hadoopdatanode1为例)

a、将namenode上的公钥复制到datanode的机子上：

#scp ~/.ssh/authorized_keys [email protected]：~/.ssh/

这个命令还是要输入密码，这是正常的。

b、登陆hadoopdatanode1,将ssh目录的权限修改，即~/.ssh

chmod 700 ~/.ssh

c、把hadoopdatanode1的ssh目录下的id_rsa.pub的内容追加到authorized_keys中

#cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys

d、把hadoopdatanode1中的id_rsa.pub删除掉

#rm ~/.ssh/id_rsa.pub

e、可以在hadoopnamenode上登陆hadoopdatanode1

[email protected]:#ssh hadoopdatanode1

3、保证hadoopdatanode1或者是hadoopdatanode2无密码登陆hadoopnamenode(以hadoopdatanode1为例)

a、hadoopdatanode1的公钥追加到hadoopnamenode上

#ssh-keygen -t dsa

#cat ~/.ssh/id_dsa.pub authorized_keys

b、hadoopdatanode1上的id_dsa.pub复制到hadoopnamenode 的ssh目录下,并把内容追加到authorized_keys中

#scp ~/.ssh/id_dsa.pub [email protected]:~/.ssh/

#cat ~/.ssh/id_dsa.pub >>~/.ssh/authorized_keysc、验证hadoopdatanode1能否无密码登陆hadoopnamenode

[email protected]:#ssh hadoopnamenode

通过上面的操作是不是感觉特别的烦躁呢！其实总结就一句话，在authorized中要有hadoopnamenode的id_rsa.pub的秘钥还要有hadoopdatanode的id_dsa.pub的秘钥，也就是说将namenode的公钥和datanode的秘钥组合起来的authorized_keys就是让集群ssh无密码登陆，无论是master与slaver还是slaver与slaver之间，都是可以的。这是我研究出来的，希望对大家都有帮助。