4臺機器做爲實例,機器的用戶名都是hadoop,ip地址分別是:
192.168.8.231 nn1.hadoop
192.168.8.232 nn2.hadoop
192.168.8.233 dn1.hadoop
192.168.8.234 dn2.hadoop
192.168.8.235 dn3.hadoop
**
乾貨(不想看解釋可直接拷貝命令)
分別在每臺機器上執行如下命令:
ssh-keygen
ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub hadoop@nn1.hadoop
ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub hadoop@nn2.hadoop
ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub hadoop@dn1.hadoop
ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub hadoop@dn2.hadoop
ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub hadoop@dn3.hadoop
配置結束
**
開始解釋了
上面的命令其實只有兩個步驟,生成密鑰文件,拷貝公鑰文件到其他機器
1.ssh的安裝與配置(每臺臺機器做同樣的設置)
1.1 ssh服務的安裝
打開終端,輸入:
sudo apt-get install openssh-server
sudo apt-get install openssh-client
程序自動安裝。
1.2 ssh服務的配置
關閉防火牆:sudo ufw disable
生成本機密鑰文件,執行命令:
ssh-keygen
按提示先yes然後回車回車 就會生成/root/.ssh/id_rsa和/root/.ssh/id_rsa.pub文件
ssh-keygen命令就是生成本機的密鑰文件和私鑰文件,無密碼登錄就是將本機的公鑰文件發送到遠程機器,本機就可以無密碼登錄到遠程機器了。
那麼,本機發給遠程機器的公鑰文件如何存儲呢?
存儲在遠程機器的.ssh目錄下authorized_keys文件中(如果不存在可以手工創建)
以ssh登錄本機爲例,將剛纔生成的公鑰文件內容放在authorized_keys文件中,實現ssh本機無密碼登錄,也可以驗證剛纔安裝的ssh服務是否正確:
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
這個命令就是把公鑰文件id_rsa.pub存放至authorized_keys文件中,也可以使用
ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub hadoop@nn1.hadoop
把本機的公鑰文件拷貝到目標機器,並且將內容追加到遠程機器的authorized_keys中(因爲方便,所以後面的例子都使用ssh-copy-id命令)
驗證本機是否可以無密碼登錄
ssh localhost
.ssh 目錄權限要求700 authorized_keys權限要求600
2.無密碼登錄其他主機(每臺服務器都要做)
修改hosts文件:
sudo gedit /etc/hosts
向其他機器複製公鑰文件,併合併到authorized_keys文件:
ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub hadoop@nn1.hadoop
ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub hadoop@nn2.hadoop
ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub hadoop@dn1.hadoop
ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub hadoop@dn2.hadoop
ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub hadoop@dn3.hadoop
驗證ssh登錄
ssh hadoop@nn1.hadoop
ssh hadoop@nn2.hadoop
ssh hadoop@dn1.hadoop
ssh hadoop@dn2.hadoop
ssh hadoop@dn3.hadoop