Linux(CentOS)SSH無密碼驗證登陸

最近在搭建Hadoop叢集，為了操作方便，需要Master用無密碼驗證的方式的SSH登陸Slave。

1.原理：
Master作為用戶端，要實現無密碼公鑰認證，連線到伺服器Salve上時，需要在Master上生成一個金鑰對，包括一個公鑰和一個私鑰，而後將公鑰複製到所有的Salve上。當Master通過SSH連結到Salve上時，Salve會生成一個亂數並用Master的公鑰對亂數進行加密，並行送給Master。Master收到加密數之後再用私鑰解密，並將解密數回傳給Salve，Salve確認解密數無誤之後就允許Master進行連線了。這就是一個公鑰認證過程，期間不需要手工輸入密碼，重要的過程是將Master上產生的公鑰複製到Salve上。

2.在Master上登陸Hadoop使用者，執行以下命令，生成金鑰對，並把公鑰檔案寫入授權檔案中，並賦值許可權

[hadoop@master bin]$ ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
93:21:fb:20:01:c9:13:a3:28:01:6c:57:3b:a0:e0:e2 hadoop@master
The key's randomart image is:
+--[ RSA 2048]----+
|*.++..           |
|+==+. .          |
|*o...o. .        |
|+    ..o o       |
| E  . o S        |
|     . o .       |
|        .        |
|                 |
|                 |
+-----------------+
[hadoop@master bin]$  cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[hadoop@master bin]$ chmod 600 ~/.ssh/authorized_keys

3 切換root使用者，設定sshd，取消被註釋的公鑰欄位，
RSAAuthentication yes # 啟用 RSA 認證
PubkeyAuthentication yes # 啟用公鑰私鑰配對認證方式
AuthorizedKeysFile .ssh/authorized_keys # 公鑰檔案路徑（和上面生成的檔案同） 並儲存設定，然後重新啟動sshd，即可測試本機的SSH

[hadoop@master bin]$ su root
密碼：
bash-4.1# vim /etc/ssh/sshd_config
bash-4.1# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

4.本機測試：這裡我用了localhost，IP地址，hostname來進行測試，可以發現均不需要輸入密碼。

[hadoop@master bin]$ ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is 3a:99:7f:41:68:bd:3b:80:43:bb:8a:5c:62:73:1f:45.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
[hadoop@master ~]$ ssh 172.16.1.17
The authenticity of host '172.16.1.17 (172.16.1.17)' can't be established.
RSA key fingerprint is 3a:99:7f:41:68:bd:3b:80:43:bb:8a:5c:62:73:1f:45.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.1.17' (RSA) to the list of known hosts.
Last login: Wed Jun 10 12:37:23 2015 from ::1
[hadoop@master ~]$ ssh master
sysconfig/       system-release
The authenticity of host 'master (172.16.1.17)' can't be established.
RSA key fingerprint is 3a:99:7f:41:68:bd:3b:80:43:bb:8a:5c:62:73:1f:45.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'master' (RSA) to the list of known hosts.
Last login: Wed Jun 10 12:38:37 2015 from 172.16.1.17

下面介紹Master用無密碼驗證的方式的SSH登陸Slave

1.首先在Slave上建立使用者hadoop，並設定密碼

-bash-4.1# useradd hadoop
-bash-4.1# ls -l /home
總用量 8
drwx------ 2 hadoop hadoop 4096 6月  10 12:58 hadoop
drwx------ 2 xc     xc     4096 7月   9 2013 xc
-bash-4.1# passwd hadoop
更改使用者 hadoop 的密碼 。
新的 密碼：
重新輸入新的 密碼：
passwd： 所有的身份驗證令牌已經成功更新。

2.切換到Master，並將Master上的公鑰scp到Slave節點的Hadoop使用者上

[hadoop@master ~]$ scp ~/.ssh/id_rsa.pub hadoop@slave2:~/
The authenticity of host 'slave2 (172.16.1.20)' can't be established.
RSA key fingerprint is 67:22:ba:43:ad:fe:a2:d4:ad:43:26:4b:71:d0:54:af.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave2,172.16.1.20' (RSA) to the list of known hosts.
hadoop@slave2's password:
id_rsa.pub                                                         100%  395     0.4KB/s   00:00
[hadoop@master ~]$

• 1

3.拷貝完後到Slave節點上，公鑰追加授權檔案，並修改許可權

[hadoop@master ~]$ ssh hadoop@slave2
hadoop@slave2's password:
[hadoop@slave2 ~]$ ls
id_rsa.pub
[hadoop@slave2 ~]$ mkdir ~/.ssh
[hadoop@slave2 ~]$ chmod 700 ~/.ssh/
[hadoop@slave2 ~]$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
[hadoop@slave2 ~]$ chmod 600 ~/.ssh/authorized_keys
[hadoop@slave2 ~]$

4.然後切換至root用，修改sshd設定，並重新啟動sshd服務。
1)在/etc/sys下新增下面兩行程式碼

sysconfig/      system-release
sysctl.conf     system-release-cpe

2）然後修改 /etc/ssh/sshd_config檔案，將下面三行注釋(#)取消掉)

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

3)重新啟動sshd服務

service sshd restart

5.回到Master下進行測試，發現可以不用輸入密碼，便可以ssh到Slave節點的Hadoop使用者上。

[hadoop@master ~]$ ssh hadoop@slave2
Last login: Wed Jun 10 13:09:53 2015 from 172.16.1.17
[hadoop@slave2 ~]$

SSH服務遠端存取Linux伺服器登陸慢 http://www.linuxidc.com/Linux/2011-08/39742.htm

提高Ubuntu的SSH登陸認證速度的辦法 http://www.linuxidc.com/Linux/2014-09/106810.htm

開啟SSH服務讓Android手機遠端存取 Ubuntu 14.04  http://www.linuxidc.com/Linux/2014-09/106809.htm

如何為Linux系統中的SSH新增雙重認證 http://www.linuxidc.com/Linux/2014-08/105998.htm

在 Linux 中為非 SSH 使用者設定 SFTP 環境 http://www.linuxidc.com/Linux/2014-08/105865.htm

Linux 上SSH 服務的設定和管理 http://www.linuxidc.com/Linux/2014-06/103627.htm

SSH入門學習基礎教學 http://www.linuxidc.com/Linux/2014-06/103008.htm

SSH免密碼登入詳解  http://www.linuxidc.com/Linux/2015-03/114709.htm

本文永久更新連結地址：http://www.linuxidc.com/Linux/2015-06/118693.htm