hadoop-SSH免密登入配置

王智剛發表於2022-03-19

一:配置基礎環境

一、修改主機名

修改 master 機器主機名

[root@server ~]# hostnamectl set-hostname master-wzg
[root@server ~]# bash
[root@master-wzg ~]# hostname
master-wzg

修改 slave1 機器主機名

[root@client ~]# hostnamectl set-hostname slave1-wzg
[root@client ~]# bash
[root@slave1-wzg ~]# hostname
slave1-wzg

修改 slave2 機器主機名

[root@localhost ~]# hostnamectl set-hostname slave2-wzg
[root@localhost ~]# bash
[root@slave2-wzg ~]# hostname
slave2-wzg

二、配置網路環境

master-wzg的IP為10.10.10.128
slave1-wzg的IP為10.10.10.129
slave2-wzg的IP為10.10.10.130
子網掩碼均為255.255.255.0
所有閘道器均為10.10.10.2
DNS均設定為114.114.114.114

master節點:(slave1和slave2的IP為10.10.10.129和10.10.10.130)

[root@server ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=da1a701d-8cee-4e1d-9423-56280232e595
DEVICE=ens33
ONBOOT=yes
IPADDR=10.10.10.128
PREFIX=24
GATEWAY=10.10.10.2
DNS1=114.114.114.114

[root@server ~]# systemctl restart network

檢視 master IP地址

[root@master-wzg ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:af:2f:d2 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.128/24 brd 10.10.10.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::9ef7:e697:cc63:418b/64 scope link 
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
    link/ether 52:54:00:08:d4:17 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
    link/ether 52:54:00:08:d4:17 brd ff:ff:ff:ff:ff:ff

檢視 slave1 IP地址

[root@slave1-wzg ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:91:3d:e2 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.129/24 brd 10.10.10.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::8f79:feb9:1325:f537/64 scope link 
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
    link/ether 52:54:00:58:7d:55 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
    link/ether 52:54:00:58:7d:55 brd ff:ff:ff:ff:ff:ff

檢視 slave1 IP地址

[root@slave2-wzg ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:2a:a9:80 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.130/24 brd 10.10.10.255 scope global ens32
       valid_lft forever preferred_lft forever
    inet6 fe80::2e7b:ba70:8834:5425/64 scope link 
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
    link/ether 52:54:00:5a:cb:78 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
    link/ether 52:54:00:5a:cb:78 brd ff:ff:ff:ff:ff:ff
[root@slave2-wzg ~]# 

三、配置域名解析

分別修改“/etc/hosts”配置檔案

10.10.10.128 master-wzg master.example.com
10.10.10.129 slave1-wzg slave1.example.com
10.10.10.130 slave2-wzg slave2.example.com

master節點:

[root@master-wzg ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.10.128    master-wzg      master.example.com
10.10.10.129    slave1-wzg      slave1.example.com
10.10.10.130    slave2-wzg      slave2.example.com

slave1節點:

[root@slave1-wzg ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.10.128    master-wzg      master.example.com
10.10.10.129    slave1-wzg      slave1.example.com
10.10.10.130    slave2-wzg      slave2.example.com

slave2節點:

[root@slave2-wzg ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.10.128    master-wzg      master.example.com
10.10.10.129    slave1-wzg      slave1.example.com
10.10.10.130    slave2-wzg      slave2.example.com

配置完成後,各節點之間可以相互ping同

[root@master-wzg ~]# ping master-wzg
PING master-wzg (10.10.10.128) 56(84) bytes of data.
64 bytes from master-wzg (10.10.10.128): icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from master-wzg (10.10.10.128): icmp_seq=2 ttl=64 time=0.029 ms
^C
--- master-wzg ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.029/0.033/0.038/0.007 ms
[root@master-wzg ~]# ping slave1-wzg 
PING slave1-wzg (10.10.10.129) 56(84) bytes of data.
64 bytes from slave1-wzg (10.10.10.129): icmp_seq=1 ttl=64 time=1.12 ms
64 bytes from slave1-wzg (10.10.10.129): icmp_seq=2 ttl=64 time=0.451 ms
^C
--- slave1-wzg ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.451/0.787/1.123/0.336 ms
[root@master-wzg ~]# ping slave2-wzg  
PING slave2-wzg (10.10.10.130) 56(84) bytes of data.
64 bytes from slave2-wzg (10.10.10.130): icmp_seq=1 ttl=64 time=1.28 ms
64 bytes from slave2-wzg (10.10.10.130): icmp_seq=2 ttl=64 time=0.903 ms
64 bytes from slave2-wzg (10.10.10.130): icmp_seq=3 ttl=64 time=0.489 ms
^C
--- slave2-wzg ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 0.489/0.891/1.282/0.324 ms

二:SSH 無密碼驗證配置

一、生成 SSH 金鑰,並配置自我免密登入

步驟一、配置 SSH 服務配置檔案

使用 root 使用者登入,修改 SSH 配置檔案"/etc/ssh/sshd_config"的內容,需要將PubkeyAuthentication yes前面的#號刪除,啟用公鑰私鑰配對認證方式。設定完後需要重啟 SSH 服務,才能使配置生效。

(在所有節點上執行)

[root@master-wzg ~]# vi /etc/ssh/sshd_config
PubkeyAuthentication yes
[root@master-wzg ~]# systemctl restart sshd

步驟二、建立 hadoop 使用者

(在所有節點上執行)

[root@master-wzg ~]# useradd hadoop
[root@master-wzg ~]# echo 'hadoop' | passwd --stdin hadoop 
Changing password for user hadoop.
passwd: all authentication tokens updated successfully.

步驟三、切換 hadoop 使用者,生成祕鑰對

(在所有節點上執行)

[root@master-wzg ~]# su - hadoop
[hadoop@master-wzg ~]$ ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): 
Created directory '/home/hadoop/.ssh'.
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
cc:31:89:1c:69:69:6b:8c:5b:b8:61:64:12:f5:7a:62 hadoop@master-wzg
The key's randomart image is:
+--[ RSA 2048]----+
|  .o. .o         |
|  . oo=o .       |
|   + *+.+        |
|    =.=o o       |
|   .E*. S        |
|   .oo           |
|                 |
|                 |
|                 |
+-----------------+

檢視.ssh檔案下是否有兩個剛生產的無密碼金鑰對

[hadoop@master-wzg ~]$ cd ~/.ssh/
[hadoop@master-wzg .ssh]$ ll
total 8
-rw-------. 1 hadoop hadoop 1679 Mar 19 12:05 id_rsa
-rw-r--r--. 1 hadoop hadoop  399 Mar 19 12:05 id_rsa.pub

步驟四、將 id_rsa.pub 追加到授權 key 檔案中

(在所有節點上執行)

[hadoop@master-wzg .ssh]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[hadoop@master-wzg .ssh]$ ll ~/.ssh/
total 12
-rw-rw-r--. 1 hadoop hadoop  399 Mar 19 12:07 authorized_keys
-rw-------. 1 hadoop hadoop 1679 Mar 19 12:05 id_rsa
-rw-r--r--. 1 hadoop hadoop  399 Mar 19 12:05 id_rsa.pub

步驟五、修改檔案"authorized_keys"許可權

(在所有節點上執行)

修改後 authorized_keys 檔案的許可權為600,表示所有者可讀寫,其他使用者沒有訪問許可權。如果該檔案許可權太大,ssh 服務會拒絕工作,出現無法通過金鑰檔案進行登入認證的情況。

[hadoop@master-wzg .ssh]$ chmod 600 ~/.ssh/authorized_keys
[hadoop@master-wzg .ssh]$ ll ~/.ssh/
total 12
-rw-------. 1 hadoop hadoop  399 Mar 19 12:07 authorized_keys
-rw-------. 1 hadoop hadoop 1679 Mar 19 12:05 id_rsa
-rw-r--r--. 1 hadoop hadoop  399 Mar 19 12:05 id_rsa.pub

步驟六、驗證 SSH 登入本機

通過ssh localhost命令,在 hadoop 使用者下驗證能否巢狀登入本機,若可以不輸入密碼登入,則本機通過金鑰登入認證成功。

首次登入時會提示系統無法確認 host 主機的真實性,只知道它的公鑰指紋,詢問使用者是否還想繼續連線。需要輸入“yes”,表示繼續登入。第二次再登入同一個主機,則不會再出現該提示。

(在所有節點上執行)

[hadoop@master-wzg .ssh]$ cd
[hadoop@master-wzg ~]$ ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is e6:c6:14:00:9c:6e:33:68:0a:b5:bb:6a:54:c4:ba:8d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
Last login: Sat Mar 19 12:05:30 2022
[hadoop@master-wzg ~]$ exit
logout
Connection to localhost closed.

slave1節點上做相同操作

[root@slave1-wzg ~]# systemctl restart sshd
[root@slave1-wzg ~]# useradd hadoop
[root@slave1-wzg ~]# echo 'hadoop' | passwd --stdin hadoop
Changing password for user hadoop.
passwd: all authentication tokens updated successfully.
[root@slave1-wzg ~]# su - hadoop
[hadoop@slave1-wzg ~]$ ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): 
Created directory '/home/hadoop/.ssh'.
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
c5:cb:e1:e4:20:4f:9a:d9:4f:42:d4:0b:a2:b1:8d:53 hadoop@slave1-wzg
The key's randomart image is:
+--[ RSA 2048]----+
|        ..       |
|    . E....      |
|     B..+.=.     |
|    = .X B.o     |
|     .+ S *      |
|         +       |
|          .      |
|                 |
|                 |
+-----------------+
[hadoop@slave1-wzg ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[hadoop@slave1-wzg ~]$ chmod 600 ~/.ssh/authorized_keys
[hadoop@slave1-wzg ~]$ cd
[hadoop@slave1-wzg ~]$ ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is 03:f0:73:9b:d5:ea:a4:28:9f:f1:83:e4:26:8b:00:5f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
Last login: Sat Mar 19 12:05:33 2022
[hadoop@slave1-wzg ~]$ exit
logout
Connection to localhost closed.

slave2節點上做相同操作

[root@slave2-wzg ~]# systemctl restart sshd
[root@slave2-wzg ~]# useradd hadoop
[root@slave2-wzg ~]# echo 'hadoop' | passwd --stdin hadoop
更改使用者 hadoop 的密碼 。
passwd:所有的身份驗證令牌已經成功更新。
[root@slave2-wzg ~]# su - hadoop
[hadoop@slave2-wzg ~]$ ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): 
Created directory '/home/hadoop/.ssh'.
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
88:77:d5:c6:d6:09:3c:3e:e4:95:55:4a:41:f0:f0:63 hadoop@slave2-wzg
The key's randomart image is:
+--[ RSA 2048]----+
|           .+o+++|
|           o+Boo |
|          .+=oE  |
|     . . . o+. . |
|    . o S    .   |
|     . .         |
|                 |
|                 |
|                 |
+-----------------+
[hadoop@slave2-wzg ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[hadoop@slave2-wzg ~]$ 
[hadoop@slave2-wzg ~]$ chmod 600 ~/.ssh/authorized_keys
[hadoop@slave2-wzg ~]$ ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is d8:9e:43:3d:35:a1:a5:41:7c:a0:44:23:93:1b:52:b5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
Last login: Sat Mar 19 12:05:35 2022
[hadoop@slave2-wzg ~]$ exit
登出
Connection to localhost closed.

二:配置master免密登入slave1和slave2節點

步驟一、將Master節點的公鑰複製到每個Slave節點

hadoop 使用者登入,通過 scp 命令實現金鑰拷貝。

首次遠端連線時系統會詢問使用者是否要繼續連線。需要輸入“yes”,表示繼續。因為目前尚未完成金鑰認證的配置,所以使用 scp 命令拷貝檔案需要輸入 slave1 節點 hadoop使用者的密碼。

(master節點)

[hadoop@master-wzg ~]$ scp ~/.ssh/id_rsa.pub hadoop@slave1-wzg:~/
The authenticity of host 'slave1-wzg (10.10.10.129)' can't be established.
ECDSA key fingerprint is 03:f0:73:9b:d5:ea:a4:28:9f:f1:83:e4:26:8b:00:5f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave1-wzg,10.10.10.129' (ECDSA) to the list of known hosts.
hadoop@slave1-wzg's password: 
id_rsa.pub                                    100%  399     0.4KB/s   00:00    
[hadoop@master-wzg ~]$ scp ~/.ssh/id_rsa.pub hadoop@slave2:~/
ssh: Could not resolve hostname slave2: Name or service not known
lost connection
[hadoop@master-wzg ~]$ scp ~/.ssh/id_rsa.pub hadoop@slave2-wzg:~/
The authenticity of host 'slave2-wzg (10.10.10.130)' can't be established.
ECDSA key fingerprint is d8:9e:43:3d:35:a1:a5:41:7c:a0:44:23:93:1b:52:b5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave2-wzg,10.10.10.130' (ECDSA) to the list of known hosts.
hadoop@slave2-wzg's password: 
id_rsa.pub                                    100%  399     0.4KB/s   00:00    

步驟二、在Slave節點將公鑰複製到檔案

在每個 Slave 節點把 Master 節點複製的公鑰複製到 authorized_keys 檔案,並刪除 id_rsa.pub 檔案hadoop 使用者登入 slave1 和 slave2 節點,執行命令。

(slave1和slave2節點)

[hadoop@slave1-wzg ~]$ cat ~/id_rsa.pub >>~/.ssh/authorized_keys
[hadoop@slave1-wzg ~]$ rm -f ~/id_rsa.pub

[hadoop@slave2-wzg ~]$ cat ~/id_rsa.pub >>~/.ssh/authorized_keys
[hadoop@slave2-wzg ~]$ rm -f ~/id_rsa.pub

步驟三、驗證Master到每個Slave節點無密碼登入

hadoop 使用者登入 master 節點,執行 SSH 命令登入 slave1 和 slave2 節點。可以觀察到不需要輸入密碼即可實現 SSH 登入。

(master節點)

[hadoop@master-wzg ~]$ ssh slave1-wzg 
Last login: Sat Mar 19 12:09:53 2022 from localhost
[hadoop@slave1-wzg ~]$ exit
logout
Connection to slave1-wzg closed.
[hadoop@master-wzg ~]$ ssh slave2-wzg                             
Last login: Sat Mar 19 12:09:57 2022 from localhost
[hadoop@slave2-wzg ~]$ exit
logout
Connection to slave2-wzg closed.

三:配置slave節點免密登入master和對方

步驟一、將 Slave1和Slave2 節點的公鑰儲存到Master

使用 ssh-copy-id hadoop@master-wzg 一條命令更方便

(slave1節點)

[hadoop@slave1-wzg ~]$ ssh-copy-id hadoop@master-wzg
The authenticity of host 'master-wzg (10.10.10.128)' can't be established.
ECDSA key fingerprint is e6:c6:14:00:9c:6e:33:68:0a:b5:bb:6a:54:c4:ba:8d.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
hadoop@master-wzg's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'hadoop@master-wzg'"
and check to make sure that only the key(s) you wanted were added.

[hadoop@slave1-wzg ~]$ ssh-copy-id hadoop@slave2-wzg
The authenticity of host 'slave2-wzg (10.10.10.130)' can't be established.
ECDSA key fingerprint is d8:9e:43:3d:35:a1:a5:41:7c:a0:44:23:93:1b:52:b5.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
hadoop@slave2-wzg's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'hadoop@slave2-wzg'"
and check to make sure that only the key(s) you wanted were added.

(slave2節點)

[hadoop@slave2-wzg ~]$ ssh-copy-id hadoop@master-wzg
The authenticity of host 'master-wzg (10.10.10.128)' can't be established.
ECDSA key fingerprint is e6:c6:14:00:9c:6e:33:68:0a:b5:bb:6a:54:c4:ba:8d.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
hadoop@master-wzg's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'hadoop@master-wzg'"
and check to make sure that only the key(s) you wanted were added.

[hadoop@slave2-wzg ~]$ ssh-copy-id hadoop@slave1-wzg
The authenticity of host 'slave1-wzg (10.10.10.129)' can't be established.
ECDSA key fingerprint is 03:f0:73:9b:d5:ea:a4:28:9f:f1:83:e4:26:8b:00:5f.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
hadoop@slave1-wzg's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'hadoop@slave1-wzg'"
and check to make sure that only the key(s) you wanted were added.

步驟二、檢視各節點的公鑰

檢視 Master 節點 authorized_keys 檔案

[hadoop@master-wzg ~]$ cat ~/.ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz0hVATPM5X3Wr4J9vVLeNihrcix++wQ0S7EtCcnhLI1fZfqLbGs7lApUt1UzejdDAopO2CYi93knzkmTDD7evJ1H5caz+4qZl3Owd5+8XCBpCU9EtJFIU5yLgl93gjSIJ/GpKOGaHlp/KPHXNn9uRvidDNUKumRq2fJDfYkFxCsvQEg+j2t6SNvUvBQ53txmPYBWAJkr8jRgudilRszCDsRpwnYGDIbigWowtnktCYz7zc/s0aqbdXoqkOtcA4H/OwwdAB0SX8HXfnNA1PwHMPPeERsQqTIgU82Tj1UKsibcNhD7F4r12CS3ity+d9GvuwQ4YooUsbsPzVr0YAk6p hadoop@master-wzg
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9XSD+SmFjeVz3DCZLzGJV+5/EVEV1D8mkNTDcPzVsoGZn1g5wuqaGm1PJ3HYffhkHp1SsgDH5hMxeeV25+3jsyzaMT3qlm7kG/Cz+DwhM1UyeKfVh5Pev46UfG1i3GeMBmP1Lx6EbN50sAVTWKJuGg2Y9gfdIHv/9BL9A9JJlap4tOKqfMcsMivEZAL8gSUv7PGQp3tfqxaFu6ZqOWDDuC06+8q2NDfZQmw6n4W1kdXYLR9iP8STc7IedlEJ8vHoNifJE/QW2uSq+yhxgPF+TPo3mq0iJa5L27cUHVOcbFstJ/cXAKMFre43mnDCK4br7ajFWgLuDyafOg831rGFJ hadoop@slave1-wzg
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDKt6zf1MvvzHIrV/q+r7diZxT7M9VH1YSfhu0OA1g0kM+bXAGcJsEOMyJ4Z+qjINPdhj/Y3qGVIeiRoCS30JnVPHNtFALmTejqwLW9OUNY8/SMRI6C2efeBHFP8F1lNToHGwm94mgqQReKKQ47CRKd7QykxFqJ+TcZNuwTUhOrFEK0aV/9cPZndELs63k3Y9Hf1fqbWWOLEtcYRXOKIuRXodLqASMfZ4bOaTQxQ4BJ6HxrFZyShnO+CFLIXGaz0hyt2Pbo8qqt+W/g+/dLgFYb4Ej8SyFUAztj74haU1SJeO+QNMYf7XdnRFyH/h75OZqGL5RgnhTQQ3Ej7qOBdnl hadoop@slave2-wzg
[hadoop@master-wzg ~]$ 

檢視 Slave1 節點 authorized_keys 檔案

[hadoop@slave1-wzg ~]$ cat ~/.ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9XSD+SmFjeVz3DCZLzGJV+5/EVEV1D8mkNTDcPzVsoGZn1g5wuqaGm1PJ3HYffhkHp1SsgDH5hMxeeV25+3jsyzaMT3qlm7kG/Cz+DwhM1UyeKfVh5Pev46UfG1i3GeMBmP1Lx6EbN50sAVTWKJuGg2Y9gfdIHv/9BL9A9JJlap4tOKqfMcsMivEZAL8gSUv7PGQp3tfqxaFu6ZqOWDDuC06+8q2NDfZQmw6n4W1kdXYLR9iP8STc7IedlEJ8vHoNifJE/QW2uSq+yhxgPF+TPo3mq0iJa5L27cUHVOcbFstJ/cXAKMFre43mnDCK4br7ajFWgLuDyafOg831rGFJ hadoop@slave1-wzg
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz0hVATPM5X3Wr4J9vVLeNihrcix++wQ0S7EtCcnhLI1fZfqLbGs7lApUt1UzejdDAopO2CYi93knzkmTDD7evJ1H5caz+4qZl3Owd5+8XCBpCU9EtJFIU5yLgl93gjSIJ/GpKOGaHlp/KPHXNn9uRvidDNUKumRq2fJDfYkFxCsvQEg+j2t6SNvUvBQ53txmPYBWAJkr8jRgudilRszCDsRpwnYGDIbigWowtnktCYz7zc/s0aqbdXoqkOtcA4H/OwwdAB0SX8HXfnNA1PwHMPPeERsQqTIgU82Tj1UKsibcNhD7F4r12CS3ity+d9GvuwQ4YooUsbsPzVr0YAk6p hadoop@master-wzg
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDKt6zf1MvvzHIrV/q+r7diZxT7M9VH1YSfhu0OA1g0kM+bXAGcJsEOMyJ4Z+qjINPdhj/Y3qGVIeiRoCS30JnVPHNtFALmTejqwLW9OUNY8/SMRI6C2efeBHFP8F1lNToHGwm94mgqQReKKQ47CRKd7QykxFqJ+TcZNuwTUhOrFEK0aV/9cPZndELs63k3Y9Hf1fqbWWOLEtcYRXOKIuRXodLqASMfZ4bOaTQxQ4BJ6HxrFZyShnO+CFLIXGaz0hyt2Pbo8qqt+W/g+/dLgFYb4Ej8SyFUAztj74haU1SJeO+QNMYf7XdnRFyH/h75OZqGL5RgnhTQQ3Ej7qOBdnl hadoop@slave2-wzg
[hadoop@slave1-wzg ~]$ 

檢視 Slave2 節點 authorized_keys 檔案

[hadoop@slave2-wzg ~]$ cat ~/.ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDKt6zf1MvvzHIrV/q+r7diZxT7M9VH1YSfhu0OA1g0kM+bXAGcJsEOMyJ4Z+qjINPdhj/Y3qGVIeiRoCS30JnVPHNtFALmTejqwLW9OUNY8/SMRI6C2efeBHFP8F1lNToHGwm94mgqQReKKQ47CRKd7QykxFqJ+TcZNuwTUhOrFEK0aV/9cPZndELs63k3Y9Hf1fqbWWOLEtcYRXOKIuRXodLqASMfZ4bOaTQxQ4BJ6HxrFZyShnO+CFLIXGaz0hyt2Pbo8qqt+W/g+/dLgFYb4Ej8SyFUAztj74haU1SJeO+QNMYf7XdnRFyH/h75OZqGL5RgnhTQQ3Ej7qOBdnl hadoop@slave2-wzg
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz0hVATPM5X3Wr4J9vVLeNihrcix++wQ0S7EtCcnhLI1fZfqLbGs7lApUt1UzejdDAopO2CYi93knzkmTDD7evJ1H5caz+4qZl3Owd5+8XCBpCU9EtJFIU5yLgl93gjSIJ/GpKOGaHlp/KPHXNn9uRvidDNUKumRq2fJDfYkFxCsvQEg+j2t6SNvUvBQ53txmPYBWAJkr8jRgudilRszCDsRpwnYGDIbigWowtnktCYz7zc/s0aqbdXoqkOtcA4H/OwwdAB0SX8HXfnNA1PwHMPPeERsQqTIgU82Tj1UKsibcNhD7F4r12CS3ity+d9GvuwQ4YooUsbsPzVr0YAk6p hadoop@master-wzg
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9XSD+SmFjeVz3DCZLzGJV+5/EVEV1D8mkNTDcPzVsoGZn1g5wuqaGm1PJ3HYffhkHp1SsgDH5hMxeeV25+3jsyzaMT3qlm7kG/Cz+DwhM1UyeKfVh5Pev46UfG1i3GeMBmP1Lx6EbN50sAVTWKJuGg2Y9gfdIHv/9BL9A9JJlap4tOKqfMcsMivEZAL8gSUv7PGQp3tfqxaFu6ZqOWDDuC06+8q2NDfZQmw6n4W1kdXYLR9iP8STc7IedlEJ8vHoNifJE/QW2uSq+yhxgPF+TPo3mq0iJa5L27cUHVOcbFstJ/cXAKMFre43mnDCK4br7ajFWgLuDyafOg831rGFJ hadoop@slave1-wzg
[hadoop@slave2-wzg ~]$ 

可以看到每個節點 authorized_keys 檔案中包括 master、slave1、slave2 三個節點的公鑰。

步驟三、驗證每個Slave節點無密碼登入Master和對方

驗證 Slave1 節點到 Master 節點無密碼登入

[hadoop@slave1-wzg ~]$ ssh master-wzg 
Last login: Sat Mar 19 12:09:48 2022 from localhost
[hadoop@master-wzg ~]$ exit
logout
Connection to master-wzg closed.
[hadoop@slave1-wzg ~]$ ssh slave2-wzg                     
Last login: Sat Mar 19 12:13:40 2022 from master-wzg
[hadoop@slave2-wzg ~]$ exit
logout
Connection to slave2-wzg closed.

驗證 Slave2 節點到 Master 節點無密碼登入

[hadoop@slave2-wzg ~]$ ssh master-wzg 
Last login: Sat Mar 19 12:15:40 2022 from slave1-wzg
[hadoop@master-wzg ~]$ exit
登出
Connection to master-wzg closed.
[hadoop@slave2-wzg ~]$ ssh slave1-wzg 
Last login: Sat Mar 19 12:13:30 2022 from master-wzg
[hadoop@slave1-wzg ~]$ exit
登出
Connection to slave1-wzg closed.

即可實現三臺節點(Master 、Slave1、Slave2 )相互免密登入

宣告:未經許可,不得轉載

相關文章