Method steps for linux Ubuntu under SSH no password authentication configuration

preface

SSH, short for Secure Shell, is currently a more reliable protocol designed to provide security for remote login sessions and other network services. More and more people are using remote login, and ssh security is definitely high, so let's take a look at how to implement the ssh password-free authentication configuration.

1. Preparation

First of all, make sure that ssh is installed in your linux system. By default, ssh client is only installed in ubuntu system 1, so we need to manually install ssh server:

sudo apt-get install openssh-server

2. Basic principles of SSH

2.1 basic principles

The reason SSH is secure is that it USES public key encryption. The process is as follows:

The remote host receives the user's login request and sends its own public key to the user. The user USES the public key to encrypt the login password and send it back. The remote host USES its own private key to decrypt the login password, and if the password is correct, allows the user to log in.

2.1 basic usage

The default port number of SSH is :22. You can change the default port number to other according to your own needs, and use iptables filtering to restrict the login of ip of remote SSH. The common usage is as follows:

#  Use the default 22 port 
ssh root@192.168.0.1
#  If the modified SSH The default port number (for example: modified to 1000 ), you need to specify the port number when you log in 10000
ssh root@192.168.0.1 -p 10000

3. Configure SSH non-secure login

3.1 mainly used in Hadoop cluster configuration:

Hadoop needs to manage the remote Hadoop daemons during the Hadoop run. After Hadoop is started, NameNode USES SSH (Secure Shell) to start and stop the various daemons on each DataNode. Therefore, we need to configure SSH to use the form of cryptographic public key authentication, so that NameNode can use SSH to log in without password and start the DataName process. In the same way, DataNode can log in to NameNode with SSH without password.

1. First, run ssh localhost to generate the /home/ username /.ssh directory, then execute the following command to append the generated "id_rsa.pub" (remember to append, not overwrite) to the authorized key. The effect is to enable the current user to log in SSH without secret to himself:

 cd ~/.ssh　　#  If the folder cannot be found, execute first 1 Under the  "ssh localhost"
 ssh-keygen -t rsa
 #  will id_rsa.pub Appended to the authorized_keys
 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

2. If you want to log in to other hosts without any secret, just append the generated "id_rsa.pub" to "~/.ssh /authorized_keys" of other hosts. The method we use here is to first copy the "~/.ssh/id_rsa.pub" from the machine to the host where you want to log in, and then append "~/.ssh/id_rsa.pub" to the "~/.ssh /authorized_keys" from the corresponding host using the "cat" command.

#  Suppose our host name is: A , user name: hadoop . ip : 192.168.0.1
#  Want no secret SSH Login hostname: B .   User name: hadoop . ip : 192.168.0.2

#  First, let's use A In the hadoop Users copy  " ~/.ssh/id_rsa.pub "  to B the  " /home/hadoop/tmp/ "  directory 
scp ~/.ssh/id_rsa.pub hadoop@192.168.0.2:/home/hadoop/tmp
#  Here, ip You can also change it to a host name 

#  And then, ssh landing B That will be  " /home/hadoop/tmp/id_rsa.pub "  Appended to the  " ~/.ssh/authorized_keys "  . 
cat /home/hadoop/tmp/id_rsa.pub >> ~/.ssh/authorized_keys

Now we can use SSH in A to log in hadoop users of B in A, and we can do the same for other hosts if we want to log in B in A. It is important to note that when configuring the hadoop cluster, Master and Slave need to be able to log on to each other without SSH.

conclusion