Saturday, 4 January 2014

Password Less SSH Authentication On All The Nodes Of Hadoop Cluster



In many cases the administrator has to log on to the remote nodes in the network. in case of a small network it is easy way to co-ordinate them one by one. If we consider a Data Center, it may consist of thousands of nodes connected together and it will be a difficult job to go and work with each nodes. We can make use of SSH (Secure SHELL). It is one of the most trusted open source network protocol that can be used to log on to the remote node/machine in the same network. We can use it to transfer files across nodes using a secure protocol called SCP (Secure Copy).  
We can use open SSH either of the two ways, one using the remote machine password and the another one is using password less ssh login using the ssh Keys. Let's see how to setup password-less login using SSH keys to connect to remote Linux servers without entering password.

Setup SSH Password less Login
Hadoop cluster constitute a large number of linux machines. It is difficult to go and configure each machines in the cluster as they are large in number. So It is better to setup password less SSH login from the admin machine to all the linux machines in the network so that remotely we can administrate the cluster and synchronize the cluster configuration files using SCP protocol etc..
Let's have a look at the network configuration.

192.168.1.101 n1.xyz.com n1
192.168.1.102 n2.xyz.com n2
192.168.1.103 n3.xyz.com n3
192.168.1.104 n4.xyz.com n4
192.168.1.105 n5.xyz.com n5

Here 192.168.1.101 is the admin machine. We need to setup the SSH Password Less Login from this machine to all other nodes.
Install Open SSH clients on all the nodes.
Install open SSH server on the admin machine from which the administrator can log on to the client machine without password (Password less SSH).

#yum -y  install openssh-clients

 

Step 1: Create Authentication SSH-Kegen Keys on admin machine– (192.168.1.101)

First login into admin server 192.168.1.101 with user root and generate a pair of public keys using following command.

[root@n1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): (Press Enter)
Enter passphrase (empty for no passphrase): (Press Enter)
Enter same passphrase again: (Press Enter)

Step 2: Create .ssh Directory on all the remaining nodes

Use SSH from server 192.168.1.101 to connect server 192.168.1.102 using root as user and create .ssh directory under it, using following command.

[root@n1 ~]# ssh root@192.168.1.102 mkdir -p .ssh
The authenticity of host '192.168.40.102 (192.168.40.102)' can't be established.
RSA key fingerprint is d1:d4:0a:d8:af:87:e3:a4:72:1d:63:a2:e4:13:68:a1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.40.102' (RSA) to the list of known hosts.
root@192.168.40.102's password:(Enter Your Password Here) 
[root@n1 ~]# 

Step 3: Upload Generated Public Keys to all the remaining nodes

Use SSH from server 192.168.1.101 and upload new generated public key (id_rsa.pub) on server 192.168.1.102 under root‘s .ssh directory as a file name authorized_keys.

[root@n1 ~]# cat .ssh/id_rsa.pub | ssh root@192.168.1.102 'cat >> .ssh/authorized_keys'
root@192.168.40.102's password: Enter Your Password Here

Step 4: Set Permissions on all the remaining nodes

Due to different SSH versions on servers, we need to set permissions on .ssh directory and authorized_keys file.
[root@n1 ~]$ ssh root@192.168.1.102 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
root@192.168.1.102's password: [Enter Your Password Here]

Step 5: Login from 192.168.1.101 to 192.168.1.* node without Password

From now onwards you can log into 192.168.1.102 as root user from server 192.168.1.101 as root user without password.
[root@n1 ~]$ ssh root@192.168.1.102

Step 6: Let's disable the SSH Strict_Host_key_Checking to avoid RSA key fingerprint verification.

Uncomment the line # StrictHostKeyChecking ask and change the value from ask to no

# vi /etc/ssh/ssh_config
StrictHostKeyChecking no

Step 2 to step 6 has to be done every node.