RHEL7.2 SSH无密码登录非root用户
1 修改三台虚拟机的/ect/hosts文件
[hadoop@hadoop01 ~]$ cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 [hadoop@hadoop01 ~]$ su - root 密码: 上一次登录:六 11月 4 15:52:36 CST 2017pts/0 上 ABRT has detected 1 problem(s). For more info run: abrt-cli list --since 1509781956 [root@hadoop01 ~]# vi /etc/hosts [root@hadoop01 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.169.101 hadoop01 192.168.169.102 hadoop02 192.168.169.103 hadoop03
2 修改三台虚拟机的/etc/ssh/sshd_config
[root@hadoop01 ~]# vi /etc/ssh/sshd_config [root@hadoop01 ~]# cat /etc/ssh/sshd_config | grep uth | grep -v "#" RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys
将前面的#号去掉
3 修改三台虚拟机的/etc/selinux/config
[root@hadoop01 ~]# vi /etc/selinux/config [root@hadoop01 ~]# cat /etc/selinux/config | grep SELINUX= | grep -v "#" SELINUX=disabled
4 重启虚机三台虚拟机
[root@hadoop01 ~]# reboot
5 配置SSH无密码登录
三台虚拟机依次操作如下:
192.168.168.101
[hadoop@hadoop01 ~]$ ssh-keygen Generating public/private dsa key pair. Created directory '/hadoop/.ssh'. Your identification has been saved in /hadoop/.ssh/id_dsa. Your public key has been saved in /hadoop/.ssh/id_dsa.pub. The key fingerprint is: c1:4b:6d:30:2b:57:b9:f8:dc:33:b6:d9:05:f8:79:31 hadoop@hadoop01 The key's randomart image is: +--[ DSA 1024]----+ | o .. | | . *. | | . *.o. . | | +.+. . .E | | So . . oo| | o = o o| | . * o | | o . | | | +-----------------+ [hadoop@hadoop01 ~]$ chmod 700 .ssh [hadoop@hadoop01 ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys [hadoop@hadoop01 ~]$ chmod 600 ~/.ssh/authorized_keys [hadoop@hadoop01 ~]$ ssh hadoop01 The authenticity of host 'hadoop01 (192.168.169.101)' can't be established. ECDSA key fingerprint is 7a:41:d1:c6:30:98:21:51:40:b7:ac:13:a4:0d:05:5c. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'hadoop01,192.168.169.101' (ECDSA) to the list of known hosts. Last login: Sun Nov 5 10:24:11 2017 from 192.168.169.1 [hadoop@hadoop01 ~]$ exit 登出 Connection to hadoop01 closed. [hadoop@hadoop01 ~]$ ssh hadoop01 Last login: Sun Nov 5 10:26:02 2017 from hadoop01
192.168.168.102
[hadoop@hadoop02 ~]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/hadoop/.ssh/id_rsa): Created directory '/hadoop/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /hadoop/.ssh/id_rsa. Your public key has been saved in /hadoop/.ssh/id_rsa.pub. The key fingerprint is: ee:ba:9f:68:d8:ab:27:ea:f7:42:ff:0c:47:80:fe:63 hadoop@hadoop02 The key's randomart image is: +--[ RSA 2048]----+ | | | . | | . . | | . . | | . S | | .. o | | . +E o | | =.=B . | | .oo.B*** | +-----------------+ [hadoop@hadoop02 ~]$ chmod 700 .ssh [hadoop@hadoop02 ~]$ scp -rp ~/.ssh/id_rsa.pub hadoop@hadoop01:/hadoop/.ssh/id_rsa.pub.102 The authenticity of host 'hadoop01 (192.168.169.101)' can't be established. ECDSA key fingerprint is 7a:41:d1:c6:30:98:21:51:40:b7:ac:13:a4:0d:05:5c. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'hadoop01,192.168.169.101' (ECDSA) to the list of known hosts. hadoop@hadoop01's password: id_rsa.pub
192.168.169.103
hadoop@hadoop03 ~]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/hadoop/.ssh/id_rsa): Created directory '/hadoop/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /hadoop/.ssh/id_rsa. Your public key has been saved in /hadoop/.ssh/id_rsa.pub. The key fingerprint is: dc:c2:8d:14:b0:bf:64:a7:2f:41:44:34:1b:66:2b:b2 hadoop@hadoop03 The key's randomart image is: +--[ RSA 2048]----+ | .+O | | +.* | | . o.+ | | o *.+ | | E .S + | | o.= | | o. | | .. | | .. | +-----------------+ [hadoop@hadoop03 ~]$ chmod 700 .ssh [hadoop@hadoop03 ~]$ scp -rp ~/.ssh/id_rsa.pub hadoop@hadoop01:/hadoop/.ssh/id_rsa.pub.103 The authenticity of host 'hadoop01 (192.168.169.101)' can't be established. ECDSA key fingerprint is 7a:41:d1:c6:30:98:21:51:40:b7:ac:13:a4:0d:05:5c. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'hadoop01,192.168.169.101' (ECDSA) to the list of known hosts. hadoop@hadoop01's password: id_rsa.pub
192.168.169.101
[hadoop@hadoop01 ~]$ cat ~/.ssh/id_rsa.pub.102 >> ~/.ssh/authorized_keys [hadoop@hadoop01 ~]$ cat ~/.ssh/id_rsa.pub.103 >> ~/.ssh/authorized_keys [hadoop@hadoop01 ~]$ scp -rp ~/.ssh/authorized_keys hadoop@hadoop02:/hadoop/.ssh/ The authenticity of host 'hadoop02 (192.168.169.102)' can't be established. ECDSA key fingerprint is f7:ef:fb:e5:7e:0f:59:40:63:23:99:9a:ca:e2:03:e8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'hadoop02,192.168.169.102' (ECDSA) to the list of known hosts. hadoop@hadoop02's password: authorized_keys 100% 397 0.4KB/s 00:00 [hadoop@hadoop01 ~]$ scp -rp ~/.ssh/authorized_keys hadoop@hadoop03:/hadoop/.ssh/ The authenticity of host 'hadoop03 (192.168.169.103)' can't be established. ECDSA key fingerprint is 25:a7:16:1f:49:91:0f:ba:f8:ba:68:bb:1e:e0:1c:44. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'hadoop03,192.168.169.103' (ECDSA) to the list of known hosts. hadoop@hadoop03's password: authorized_keys 100% 397 0.4KB/s 00:00
6 验证
192.168.169.101
[hadoop@hadoop01 ~]$ ssh hadoop02 Last login: Sun Nov 5 13:42:56 2017 from 192.168.169.1 [hadoop@hadoop02 ~]$ exit 登出 Connection to hadoop02 closed. [hadoop@hadoop01 ~]$ ssh hadoop03 Last login: Sun Nov 5 13:42:58 2017 from 192.168.169.1 [hadoop@hadoop03 ~]$
192.168.169.102
[hadoop@hadoop02 ~]$ ssh hadoop01 Last login: Sun Nov 5 13:44:08 2017 from 192.168.169.1 [hadoop@hadoop01 ~]$ exit 登出 Connection to hadoop01 closed. [hadoop@hadoop02 ~]$ ssh hadoop03 The authenticity of host 'hadoop03 (192.168.169.103)' can't be established. ECDSA key fingerprint is 25:a7:16:1f:49:91:0f:ba:f8:ba:68:bb:1e:e0:1c:44. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'hadoop03,192.168.169.103' (ECDSA) to the list of known hosts. Last login: Sun Nov 5 13:51:57 2017 from hadoop01 [hadoop@hadoop03 ~]$
192.168.169.103
[hadoop@hadoop03 ~]$ ssh hadoop01 Last login: Sun Nov 5 13:52:30 2017 from hadoop02 [hadoop@hadoop01 ~]$ exit 登出 Connection to hadoop01 closed. [hadoop@hadoop03 ~]$ ssh hadoop02 The authenticity of host 'hadoop02 (192.168.169.102)' can't be established. ECDSA key fingerprint is f7:ef:fb:e5:7e:0f:59:40:63:23:99:9a:ca:e2:03:e8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'hadoop02,192.168.169.102' (ECDSA) to the list of known hosts. Last login: Sun Nov 5 13:51:50 2017 from hadoop01 [hadoop@hadoop02 ~]$