1.主机列表
机器IP | 对应的主机名 |
192.168.38.129 | master |
192.168.38.130 | slave1 |
192.168.38.131 | slave2 |
注意:主机名不能有下划线
2.环境设置
2.1 关闭防火墙(root权限)
关闭selinux。到/etc/selinux/config下,把SELINUX=enforcing修改为SELINUX=disabled 。需要root权限。
# su root
Password:
$ vim /etc/selinux/config
找到SELINUX并修改为SELINUX=disabled
关闭防火墙iptables
service iptables stop(服务器重启后会失效)
chkconfig iptables off(重启自动关闭防火墙)
2.2 修改sshd的配置文件(root权限)
$ vim /etc/ssh/sshd_config
找到以下内容,并去掉注释符“#”
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
2.3 重启sshd服务(root权限)
$ /sbin/service sshd restart
或 /etc/init.d/sshd restart
3. 生成公钥和私钥(129服务器,只要一路回车就可以了)
从root切换回要免密码登录的用户hadoop,执行命令。
[hadoop@master .ssh]$ pwd
/home/hadoop/.ssh
[hadoop@master .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
01:9b:62:62:01:2b:8e:cf:5d:a7:c0:b9:b9:0a:dd:09 hadoop@master
The key's randomart image is:
+--[ RSA 2048]----+
|... . |
| . . + |
|o o o o . |
|+. + o . |
|..E + . S |
| + + * o |
|. + * . |
| . . |
| ... |
+-----------------+
[hadoop@master .ssh]$
默认在用户hadoop的目录(~/.ssh/)生成两个文件
[hadoop@master .ssh]$ ls -lt
total 8
-rw------- 1 hadoop hadoop 1675 Apr 13 20:35 id_rsa
-rw-r--r-- 1 hadoop hadoop 395 Apr 13 20:35 id_rsa.pub
3.1生成公钥认证文件,并更改权限
[hadoop@master .ssh]# cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[hadoop@master .ssh]# chmod 700 ~/.ssh/
[hadoop@master .ssh]# chmod 600 ~/.ssh/authorized_keys
3.2将生成的公钥认证文件复制到其他节点机器
[hadoop@master .ssh]$ scp ~/.ssh/id_rsa.pub hadoop@slave1:~/.ssh/
The authenticity of host 'slave1 (192.168.38.130)' can't be established.
RSA key fingerprint is 03:eb:14:6a:1d:a8:33:86:d7:c8:93:e0:8e:d0:4e:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave1,192.168.38.130' (RSA) to the list of known hosts.
hadoop@slave1's password: 输入你的密码回车
id_rsa.pub 100% 395 0.4KB/s 00:00
[hadoop@master .ssh]$ scp ~/.ssh/id_rsa.pub hadoop@slave2:~/.ssh/
The authenticity of host 'slave2 (192.168.38.131)' can't be established.
RSA key fingerprint is 03:eb:14:6a:1d:a8:33:86:d7:c8:93:e0:8e:d0:4e:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave2,192.168.38.131' (RSA) to the list of known hosts.
hadoop@slave2's password: 输入你的密码回车
id_rsa.pub 100% 395 0.4KB/s 00:00
[hadoop@master .ssh]$
3.3若ssh slave1 不通,仍然需要输入密码
若用过以上方法,输入 ssh localhost 还是需要提示输入密码,这个时候就试试以下方法,通过在master节点上执行ssh-copy-id的命令,将生成的公钥自动添加到authorized_keys中。
或者服务器查看日志文件:/var/log/secure查找原因
[hadoop@master .ssh]$ ssh-copy-id -i id_rsa.pub "-p 22 hadoop@slave1"
hadoop@slave1's password: 输入hadoop用户的密码
Now try logging into the machine, with "ssh '-p 22 hadoop@slave1'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[hadoop@master .ssh]$ ssh-copy-id -i id_rsa.pub "-p 22 hadoop@slave2"
hadoop@slave2's password: 输入hadoop用户的密码
Now try logging into the machine, with "ssh '-p 22 hadoop@slave2'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[hadoop@master .ssh]$
观察其他两条从服务器.ssh目录清单
3.4 测试
[hadoop@master .ssh]$ ssh slave1
Last login: Fri Apr 13 20:40:05 2018 from 192.168.38.1
[hadoop@slave1 ~]$ exit
logout
Connection to slave1 closed.
或者
或者ssh -v jay@slave1 (-v 调试模式,显示登陆信息)
免密登录成功。。。。。
4 配置从slave1或者slave2登录到master
4.1测试,从slave1免密登录到master
如上图所示,仍然需要输入密码。。。。。
4.2 配置slave1服务器的私钥和公钥
[hadoop@slave1 .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
b6:db:2d:f9:9d:d9:3e:e7:c8:1c:82:4a:16:ae:6e:07 hadoop@slave1
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| |
| |
| S |
| Eo o . |
| .= ... . |
| .+.+o. = B.|
| oo.o .oo Bo*|
+-----------------+
[hadoop@slave1 .ssh]$ ll
total 12
-rw------- 1 hadoop hadoop 395 Apr 13 20:59 authorized_keys
-rw------- 1 hadoop hadoop 1675 Apr 13 21:25 id_rsa
-rw-r--r-- 1 hadoop hadoop 395 Apr 13 21:25 id_rsa.pub
[hadoop@slave1 .ssh]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[hadoop@slave1 .ssh]$ chmod 700 ~/.ssh/
[hadoop@slave1 .ssh]$ chmod 600 ~/.ssh/authorized_keys
[hadoop@slave1 .ssh]$ ll
total 12
-rw------- 1 hadoop hadoop 790 Apr 13 21:27 authorized_keys
-rw------- 1 hadoop hadoop 1675 Apr 13 21:25 id_rsa
-rw-r--r-- 1 hadoop hadoop 395 Apr 13 21:25 id_rsa.pub
[hadoop@slave1 .ssh]$ ssh-copy-id -i id_rsa.pub "-p 22 hadoop@master"
hadoop@master's password:
Now try logging into the machine, with "ssh '-p 22 hadoop@master'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[hadoop@slave1 .ssh]$
[hadoop@slave1 .ssh]$ ssh-copy-id -i id_rsa.pub "-p 22 hadoop@slave2"
The authenticity of host 'slave2 (192.168.38.131)' can't be established.
RSA key fingerprint is 03:eb:14:6a:1d:a8:33:86:d7:c8:93:e0:8e:d0:4e:ae.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave2,192.168.38.131' (RSA) to the list of known hosts.
hadoop@slave2's password:
Now try logging into the machine, with "ssh '-p 22 hadoop@slave2'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[hadoop@slave1 .ssh]$ ssh slave2
Last login: Fri Apr 13 21:19:27 2018 from master
[hadoop@slave2 ~]$ exit
logout
Connection to slave2 closed.
[hadoop@slave1 .ssh]$