1. Preparation
1) Use the client tool (secureCRT or xshell) to connect to the linux server. It is recommended to open multiple servers at the same time and send the same command to multiple servers at the same time.
2. Production key file
2) Edit the hosts file on each server: vi / etc/hosts
3) Add the following contents to the document (the following contents are examples):
#127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 #::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.160 hadoop01 192.168.1.161 hadoop02 192.168.1.162 hadoop03 192.168.1.163 hadoop04 192.168.1.164 hadoop05
4) Enter the storage directory of rsa public key and private key: CD / root / ssh/
#If the server is newly installed, you need to manually create the directory: MKDIR - P / root / ssh/
5) Delete ID under directory_ rsa,id_rsa.pub file: RM - RF id_rsa,rm -rf id_rsa.pub
#Confirm whether it is used by other servers before deleting
6) A new public and private key file is generated on each server: SSH keygen - t RSA
Enter the command three times in a row
7) Copy id_rsa.pub file content to authorized_ In the keys file: cat id_rsa.pub >> authorized_keys
#The new server needs to create authorized manually_ keys: touch authorized_keys
3. Configure cluster security free
After the production of each server's public and private keys is completed, you need to copy their keys to other servers. Take Hadoop 01 host as an example:
1) Log in to the Hadoop 1 server and enter the path where the public and private keys are stored: CD / root / ssh/
2) Copy the contents of other public key files (id_rsa.pub) to other servers:
ssh-copy-id -i hadoop02 #Copy the public key to the authorized of Hadoop 02_ In keys ssh-copy-id -i hadoop03 #Copy the public key to the authorized of Hadoop 03_ In keys ssh-copy-id -i hadoop04 #Copy the public key to the authorized of Hadoop 04_ In keys ssh-copy-id -i hadoop05 #Copy public key to authorized of Hadoop 05_ In keys #If hosts is not configured, you can also directly replace hostname with IP. #For example, replace the SSH copy ID - I Hadoop 02 command with SSH copy ID - I 192.168 one point one six one
3) Similarly, the same operation is performed on several other servers to copy the local public key to the authorized server on other servers_ In the keys file, the final authorized_ The keys file is as follows:
[root@hadoop01 .ssh]# more authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp7jp4a1/deK4B/eZW8kdiCQvzpKe4Id0uP0DdONFW85r 20rpH4ZpNSB7JNYFiqjMUPQ/2EWLXh7xoa9UntKsMVVcZr3BTiXRZ0Gx7IDacwz8Cq0qYrwUCMTKt7QF xK5RwXyuZqDFjc2yC3/ZoqeyeLERFTll3ZLGeFsXhJjlkPTvtnvx0zX6lacPZL4VguoM5YHw3KaJg8bd qehJzbQoPS8sm00ES4iygbR+Ixz1cnGTrtNU1S3lh4/y0PC6spMs9Z2Mf097FTLQJXJDiGqU9Tq3MHvl srZFx92H4yeiJuYWJaZImuiq/feRIo30Dig6obEfuAn13vevdXozcXNlYQ== root@hadoop03 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwpEgmBzfGw1mrKy3Ho8k/h4jrZlRdIzuLs6PKqDPV/Cw 2kjSYXV7tyGklUYWPWr1Dt6kw5+Ojr7zv+cFnFWKzTTAJz3V4md0RyQ11Kb+IJA7b88SRHcVLlNF2GDX N2pVqh9lf6Zu6zfpnAjCg/mU8qzTrZfFZdzPtBppimMq+l0bolvgnxEEkpFTNkpHB8+cD732WL+KiW52 7nt0LGBbVbZz9mUa+0bsPGK7ySfk1SPUkGyNXXqVjEydyjvRY8bob7Q3mFX3MpDT696R8n7U7hQ7u4b8 gbe3rIuQcWwGseEQrGjIDhLb9am3dbgDuFeg73RJqFZMOp2y6zQF3jQIew== root@hadoop02 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmc2M6Bzw1cPaDwjbtgynJPWRKv9pDnHjBSn5BDbIX0po 8GHHGr1pvYMGu4XWlIa76O44+bmF32K/9ECzBcNVL6a+aN5HWdUPpE6zagFUcaewXu2p4+FCZWpoTZbj zHKGeay35Id+mpltZUWZlR5lOX+G/veNzuZNpKXnVYoZdAaJ3XlH6IVhKlGOuZkXxvD7e+YD4oxZw+4o iaav/QtAhZHXWcAt2eVj9xw+j/3Ip5ImmIWHv5/AOFrgiY6c6U+2g5xOGONINbh9CxQ1L4HbQVAx8hYC stWUm0LfFAcMwXDwb8RAFj+cH+D/xG6CrORLb4UfroJHa6N64rx/5dmz7w== root@hadoop04 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxAsHr8Jp4vXI7bPGmSsO/+bT43GsxQ4GKdGf8qLPsFY+ /KluWl0TrRLwBVHGc94gpN2JOqtvKYYDSHw4Fj6KPSk/6Nt8CutZAwASoVxzexTFMOSwNFpTMsLc7Oza Q3XG6v6PgtBEJqdUdl4zIFAZnkZjKmZp8SWG1jGo/vl3jsbrnmFQFeH04MdVcm9r1wvl80bdF9YvYEtg ymHO4/tANKWSNKGw2EcthNWyQiN4hIYOoBQaUA3FlAXyqcD2+Q+2frf0gNF5KfKKLXmmlAuS9Oi6JqFJ f1BLmMquI4n02owzU0zlkj3Px5IcCfQbDQ/JedHcjxEKP2S+9m3yxG4h2Q== root@hadoop05 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyS1PbXTgFqHcGV/k0QUZni5xB5+q71qx4r5xto+WLkVQ MiS3gR/VYZoyDLrQRVf5t0JiliCgHeU0MG/ASd1LPbsVYCX5V9cmcm1hMByDKJ6FwIxz5cY4y1dBpwAZ 2E24CQWfZuevaeIFnL80RGGLhRgCxbLb3aPvRZuV34utD+5kgAFJwYCQYN4KnFG1S5e4X6U5J3FsCDby GD7dhtWWktMV2SAnWjrmULguaVRqO0sDIEiVSc9+KKqAmlOab+5SbZAI5+3hzJog5c3i4f5fHXWnxYqy LNo3yYSWraV5KcYIlNPqX6iJKvjLWbNDwD3+70u4nWjBSXXufhff71LdHw== root@hadoop01
4) authorized_keys file: chmod 600 / root / ssh/authorized_keys
#The effect is as follows. At this time, the password free setting in the cluster has been completed.
[root@hadoop01 .ssh]# ls -al total 28 drwx------. 2 root root 4096 Oct 24 12:27 . dr-xr-x---. 22 root root 4096 Oct 24 19:20 .. -rw-------. 1 root root 1975 Oct 24 12:27 authorized_keys -rw-------. 1 root root 1675 Oct 24 12:23 id_rsa -rw-r--r--. 1 root root 395 Oct 24 12:23 id_rsa.pub -rw-r--r--. 1 root root 2020 Oct 24 12:10 known_hosts
4. Another idea
If the number of machines is too large, you can consider copying the public keys of other servers to Hadoop 1 first and then authorizing them_ The keys file is transferred to other servers. The operation is as follows:
1) Log in to other hosts and copy the contents of public key files of other hosts to authorized on Hadoop 01 host_ In the keys file, the command is as follows:
ssh-copy-id -i hadoop01 #Log in to Hadoop 02 and copy the public key to authorized of Hadoop 01_ In keys ssh-copy-id -i hadoop01 #Log in to Hadoop 03 and copy the public key to authorized of Hadoop 01_ In keys ssh-copy-id -i hadoop01 #Log in to Hadoop 04 and copy the public key to authorized of Hadoop 01_ In keys ssh-copy-id -i hadoop01 #Log in to Hadoop 05 and copy the public key to authorized of Hadoop 01_ In keys
2) Inspection contents:
[root@hadoop01 .ssh]# more authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp7jp4a1/deK4B/eZW8kdiCQvzpKe4Id0uP0DdONFW85r 20rpH4ZpNSB7JNYFiqjMUPQ/2EWLXh7xoa9UntKsMVVcZr3BTiXRZ0Gx7IDacwz8Cq0qYrwUCMTKt7QF xK5RwXyuZqDFjc2yC3/ZoqeyeLERFTll3ZLGeFsXhJjlkPTvtnvx0zX6lacPZL4VguoM5YHw3KaJg8bd qehJzbQoPS8sm00ES4iygbR+Ixz1cnGTrtNU1S3lh4/y0PC6spMs9Z2Mf097FTLQJXJDiGqU9Tq3MHvl srZFx92H4yeiJuYWJaZImuiq/feRIo30Dig6obEfuAn13vevdXozcXNlYQ== root@hadoop03 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwpEgmBzfGw1mrKy3Ho8k/h4jrZlRdIzuLs6PKqDPV/Cw 2kjSYXV7tyGklUYWPWr1Dt6kw5+Ojr7zv+cFnFWKzTTAJz3V4md0RyQ11Kb+IJA7b88SRHcVLlNF2GDX N2pVqh9lf6Zu6zfpnAjCg/mU8qzTrZfFZdzPtBppimMq+l0bolvgnxEEkpFTNkpHB8+cD732WL+KiW52 7nt0LGBbVbZz9mUa+0bsPGK7ySfk1SPUkGyNXXqVjEydyjvRY8bob7Q3mFX3MpDT696R8n7U7hQ7u4b8 gbe3rIuQcWwGseEQrGjIDhLb9am3dbgDuFeg73RJqFZMOp2y6zQF3jQIew== root@hadoop02 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmc2M6Bzw1cPaDwjbtgynJPWRKv9pDnHjBSn5BDbIX0po 8GHHGr1pvYMGu4XWlIa76O44+bmF32K/9ECzBcNVL6a+aN5HWdUPpE6zagFUcaewXu2p4+FCZWpoTZbj zHKGeay35Id+mpltZUWZlR5lOX+G/veNzuZNpKXnVYoZdAaJ3XlH6IVhKlGOuZkXxvD7e+YD4oxZw+4o iaav/QtAhZHXWcAt2eVj9xw+j/3Ip5ImmIWHv5/AOFrgiY6c6U+2g5xOGONINbh9CxQ1L4HbQVAx8hYC stWUm0LfFAcMwXDwb8RAFj+cH+D/xG6CrORLb4UfroJHa6N64rx/5dmz7w== root@hadoop04 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxAsHr8Jp4vXI7bPGmSsO/+bT43GsxQ4GKdGf8qLPsFY+ /KluWl0TrRLwBVHGc94gpN2JOqtvKYYDSHw4Fj6KPSk/6Nt8CutZAwASoVxzexTFMOSwNFpTMsLc7Oza Q3XG6v6PgtBEJqdUdl4zIFAZnkZjKmZp8SWG1jGo/vl3jsbrnmFQFeH04MdVcm9r1wvl80bdF9YvYEtg ymHO4/tANKWSNKGw2EcthNWyQiN4hIYOoBQaUA3FlAXyqcD2+Q+2frf0gNF5KfKKLXmmlAuS9Oi6JqFJ f1BLmMquI4n02owzU0zlkj3Px5IcCfQbDQ/JedHcjxEKP2S+9m3yxG4h2Q== root@hadoop05 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyS1PbXTgFqHcGV/k0QUZni5xB5+q71qx4r5xto+WLkVQ MiS3gR/VYZoyDLrQRVf5t0JiliCgHeU0MG/ASd1LPbsVYCX5V9cmcm1hMByDKJ6FwIxz5cY4y1dBpwAZ 2E24CQWfZuevaeIFnL80RGGLhRgCxbLb3aPvRZuV34utD+5kgAFJwYCQYN4KnFG1S5e4X6U5J3FsCDby GD7dhtWWktMV2SAnWjrmULguaVRqO0sDIEiVSc9+KKqAmlOab+5SbZAI5+3hzJog5c3i4f5fHXWnxYqy LNo3yYSWraV5KcYIlNPqX6iJKvjLWbNDwD3+70u4nWjBSXXufhff71LdHw== root@hadoop01
3) After confirmation, log in to Hadoop 01 and copy the authorization file to other servers:
scp /root/.ssh/authorized_keys hadoop02:/root/.ssh/ #Copy to Hadoop 02 scp /root/.ssh/authorized_keys hadoop03:/root/.ssh/ #Copy to Hadoop 03 scp /root/.ssh/authorized_keys hadoop04:/root/.ssh/ #Copy to Hadoop 04 scp /root/.ssh/authorized_keys hadoop05:/root/.ssh/ #Copy to Hadoop 05
#So far, the password free login has been set. Note that you need to enter the password for the first ssh login, and you can log in without password when you visit again.