In many cases the administrator
has to log on to the remote nodes in the network. in case of a small network it
is easy way to co-ordinate them one by one. If we consider a Data Center, it
may consist of thousands of nodes connected together and it will be a difficult
job to go and work with each nodes. We can make use of SSH (Secure SHELL).
It is one of the most trusted open source network protocol that can be used to
log on to the remote node/machine in the same network. We can use it to
transfer files across nodes using a secure protocol called SCP (Secure
Copy).
We can use open
SSH either of the two ways, one using the remote machine password and the
another one is using password less ssh
login using the ssh Keys. Let's see how to setup password-less login using SSH
keys to connect to remote Linux servers without entering
password.
Setup
SSH Password less Login
Hadoop cluster constitute a large number of
linux machines. It is difficult to go and configure each machines in the
cluster as they are large in number. So It is better to setup password less SSH
login from the admin machine to all the linux machines in the network so that
remotely we can administrate the cluster and synchronize the cluster
configuration files using SCP protocol etc..
Let's have a look at the network configuration.
192.168.1.101 n1.xyz.com n1
192.168.1.102 n2.xyz.com n2
192.168.1.103 n3.xyz.com n3
192.168.1.104 n4.xyz.com n4
192.168.1.105 n5.xyz.com n5
|
Here 192.168.1.101 is the admin machine. We
need to setup the SSH Password Less Login from this machine to all other nodes.
Install Open SSH clients on
all the nodes.
Install open SSH server on the admin machine from which the administrator
can log on to the client machine without password (Password less SSH).
#yum -y
install openssh-clients
|
Step 1: Create Authentication
SSH-Kegen Keys on admin machine– (192.168.1.101)
First login into admin
server 192.168.1.101 with user root and generate a pair of public
keys using following command.
[root@n1 ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): (Press Enter) Enter passphrase (empty for no passphrase): (Press Enter) Enter same passphrase again: (Press Enter) |
Step 2:
Create .ssh Directory on all the remaining nodes
Use SSH from server 192.168.1.101
to connect server 192.168.1.102 using root as user and create .ssh
directory under it, using following command.
[root@n1 ~]# ssh root@192.168.1.102 mkdir -p .ssh The authenticity of host '192.168.40.102 (192.168.40.102)' can't be established. RSA key fingerprint is d1:d4:0a:d8:af:87:e3:a4:72:1d:63:a2:e4:13:68:a1. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.40.102' (RSA) to the list of known hosts. root@192.168.40.102's password:(Enter Your Password Here) [root@n1 ~]# |
Step 3: Upload Generated Public Keys to all the
remaining nodes
Use SSH from server 192.168.1.101
and upload new generated public key (id_rsa.pub) on server 192.168.1.102
under root‘s .ssh directory as a file name authorized_keys.
[root@n1 ~]# cat .ssh/id_rsa.pub | ssh root@192.168.1.102 'cat >> .ssh/authorized_keys' root@192.168.40.102's password: Enter Your Password Here |
Step 4:
Set Permissions on all the remaining nodes
Due to different SSH versions on servers, we need to set permissions on
.ssh directory and authorized_keys file.
[root@n1 ~]$ ssh root@192.168.1.102 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
root@192.168.1.102's password: [Enter Your Password Here]
|
Step 5: Login from 192.168.1.101 to 192.168.1.*
node without Password
From now onwards you
can log into 192.168.1.102 as root user from server 192.168.1.101
as root user without password.
[root@n1 ~]$ ssh root@192.168.1.102 |
Step 6: Let's disable the SSH Strict_Host_key_Checking to avoid RSA key fingerprint verification.
Uncomment the line # StrictHostKeyChecking
ask and change the value from
ask to no
# vi
/etc/ssh/ssh_config
StrictHostKeyChecking
no
|