Linux（CentOS）SSH无密码验证登陆

最近在搭建Hadoop集群，为了操作方便，需要Master用无密码验证的方式的SSH登陆Slave。1.原理：
Master作为客户端，要实现无密码公钥认证，连接到服务器Salve上时，需要在Master上生成一个密钥对，包括一个公钥和一个私钥，而后将公钥复制到所有的Salve上。当Master通过SSH链接到Salve上时，Salve会生成一个随机数并用Master的公钥对随机数进行加密，并发送给Master。Master收到加密数之后再用私钥解密，并将解密数回传给Salve，Salve确认解密数无误之后就允许Master进行连接了。这就是一个公钥认证过程，期间不需要手工输入密码，重要的过程是将Master上产生的公钥复制到Salve上。2.在Master上登陆Hadoop用户，执行以下命令，生成密钥对，并把公钥文件写入授权文件中，并赋值权限

[hadoop@master bin]$ ssh-keygen -t rsa -P ""Generating public/private rsa key pair.Enter file in which to save the key （/home/hadoop/.ssh/id_rsa）:Your identification has been saved in /home/hadoop/.ssh/id_rsa.Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.The key fingerprint is:93:21:fb:20:01:c9:13:a3:28:01:6c:57:3b:a0:e0:e2 hadoop@masterThe key"s randomart image is:+--[ RSA 2048]----+|*.++.. ||+==+. .||*o...o. .||+..o o || E. o S|| . o . ||.|| || |+-----------------+[hadoop@master bin]$cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys[hadoop@master bin]$ chmod 600 ~/.ssh/authorized_keys

3 切换root用户，配置sshd，取消被注释的公钥字段，
RSAAuthentication yes # 启用 RSA 认证
PubkeyAuthentication yes # 启用公钥私钥配对认证方式
AuthorizedKeysFile .ssh/authorized_keys # 公钥文件路径（和上面生成的文件同）并保存设置，然后重启sshd，即可测试本机的SSH

[hadoop@master bin]$ su root密码：bash-4.1# vim /etc/ssh/sshd_configbash-4.1# service sshd restartStopping sshd: [OK]Starting sshd: [OK]

4.本机测试：这里我用了localhost，IP地址，hostname来进行测试，可以发现均不需要输入密码。

[hadoop@master bin]$ ssh localhostThe authenticity of host "localhost （::1）" can"t be established.RSA key fingerprint is 3a:99:7f:41:68:bd:3b:80:43:bb:8a:5c:62:73:1f:45.Are you sure you want to continue connecting （yes/no）？ yesWarning: Permanently added "localhost" （RSA） to the list of known hosts.[hadoop@master ~]$ ssh 172.16.1.17The authenticity of host "172.16.1.17 （172.16.1.17）" can"t be established.RSA key fingerprint is 3a:99:7f:41:68:bd:3b:80:43:bb:8a:5c:62:73:1f:45.Are you sure you want to continue connecting （yes/no）？ yesWarning: Permanently added "172.16.1.17" （RSA） to the list of known hosts.Last login: Wed Jun 10 12:37:23 2015 from ::1[hadoop@master ~]$ ssh mastersysconfig/ system-releaseThe authenticity of host "master （172.16.1.17）" can"t be established.RSA key fingerprint is 3a:99:7f:41:68:bd:3b:80:43:bb:8a:5c:62:73:1f:45.Are you sure you want to continue connecting （yes/no）？ yesWarning: Permanently added "master" （RSA） to the list of known hosts.Last login: Wed Jun 10 12:38:37 2015 from 172.16.1.17

下面介绍Master用无密码验证的方式的SSH登陆Slave1.首先在Slave上创建用户hadoop，并设置密码

-bash-4.1# useradd hadoop-bash-4.1# ls -l /home总用量 8drwx------ 2 hadoop hadoop 4096 6月10 12:58 hadoopdrwx------ 2 xc xc 4096 7月 9 2013 xc-bash-4.1# passwd hadoop更改用户 hadoop 的密码 。新的 密码：重新输入新的 密码：passwd： 所有的身份验证令牌已经成功更新。

2.切换到Master，并将Master上的公钥scp到Slave节点的Hadoop用户上

[hadoop@master ~]$ scp ~/.ssh/id_rsa.pub hadoop@slave2:~/The authenticity of host "slave2 （172.16.1.20）" can"t be established.RSA key fingerprint is 67:22:ba:43:ad:fe:a2:d4:ad:43:26:4b:71:d0:54:af.Are you sure you want to continue connecting （yes/no）？ yesWarning: Permanently added "slave2,172.16.1.20" （RSA） to the list of known hosts.hadoop@slave2"s password:id_rsa.pub 100%395 0.4KB/s 00:00[hadoop@master ~]$

3.拷贝完后到Slave节点上，公钥追加授权文件，并修改权限

[hadoop@master ~]$ ssh hadoop@slave2hadoop@slave2"s password:[hadoop@slave2 ~]$ lsid_rsa.pub[hadoop@slave2 ~]$ mkdir ~/.ssh[hadoop@slave2 ~]$ chmod 700 ~/.ssh/[hadoop@slave2 ~]$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys[hadoop@slave2 ~]$ chmod 600 ~/.ssh/authorized_keys[hadoop@slave2 ~]$

4.然后切换至root用，修改sshd配置，并重启sshd服务。
1）在/etc/sys下添加下面两行代码sysconfig/system-releasesysctl.conf system-release-cpe2）然后修改 /etc/ssh/sshd_config文件，将下面三行注释（#）取消掉）RSAAuthentication yesPubkeyAuthentication yesAuthorizedKeysFile.ssh/authorized_keys3）重启sshd服务service sshd restart5.回到Master下进行测试，发现可以不用输入密码，便可以ssh到Slave节点的Hadoop用户上。[hadoop@master ~]$ ssh hadoop@slave2Last login: Wed Jun 10 13:09:53 2015 from 172.16.1.17[hadoop@slave2 ~]$SSH服务远程访问Linux服务器登陆慢 http://www.linuxidc.com/Linux/2011-08/39742.htm提高Ubuntu的SSH登陆认证速度的办法 http://www.linuxidc.com/Linux/2014-09/106810.htm开启SSH服务让Android手机远程访问 Ubuntu 14.04 http://www.linuxidc.com/Linux/2014-09/106809.htm如何为Linux系统中的SSH添加双重认证 http://www.linuxidc.com/Linux/2014-08/105998.htm在 Linux 中为非 SSH 用户配置 SFTP 环境 http://www.linuxidc.com/Linux/2014-08/105865.htmLinux 上SSH 服务的配置和管理 http://www.linuxidc.com/Linux/2014-06/103627.htmSSH入门学习基础教程 http://www.linuxidc.com/Linux/2014-06/103008.htmSSH免密码登录详解 http://www.linuxidc.com/Linux/2015-03/114709.htm本文永久更新链接地址