CentOS7+CDH5.14.0安装全流程记录，图文详解全程实测-2设置SSH免密登录

因为hadoop集群在安装的时候需要集群中所有机器的权限。

所以我们需要打通所有节点的ssh无密码登陆，思路是生成每台机子的密钥，集中在一个文件中，再分发到每台机子上。

为了确保下面的命令能顺利执行，请先重启所有节点并且保证所有节点能够通过主机名ping通。

配置免密登录有两种方式，一种简单的：

1、执行命令，生成秘钥：　　ssh-keygen -t rsa

2、进入.ssh目录：　　cd ~/.ssh

3、拷贝到要免密码登陆的机器，要免密登陆那个机器，就写该机器的ip。3台机器的话两两之间都要做了免密登陆： ssh-copy-id 192.168.43.102

至此免密登录配置完成（验证免密登录成功，请看文末）。

另外一种是复杂的，但是思路比较清晰：

1、两台机子（正常生产环境至少需要3台，这里只做安装测试所以只用了两天）都分别使用ssh-keygen -t rsa 然后一直回车生成密钥。

[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:HkNnC66AyS+s2Y1TU+/XwhrVIily33esuA32V1jzTz0 root@localhost.master
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|        o o      |
| . o  .o = o   ..|
|  + o.o.S + .  o+|
| . .o+ =.* . ..E=|
|  o.....+.+.. ooo|
| +.+    .o+*.o. .|
|o o..   .ooo+.   |
+----[SHA256]-----+
[root@localhost ~]# 

我们可以看到/root/.ssh目录下有了密钥文件id_rsa以及公钥文件id_rsa.pub。

[root@localhost ~]# cd /root/.ssh
[root@localhost .ssh]# ls
id_rsa  id_rsa.pub

2、两个节点中分别把公钥id_rsa.pub复制一份命名为authorized_keys_master、authorized_keys_slave1

也就是

master中执行  cp id_rsa.pub  authorized_keys_master

slave1中执行  cp id_rsa.pub  authorized_keys_slave1

[root@localhost .ssh]# cp id_rsa.pub authorized_keys_master
[root@localhost .ssh]# ls
authorized_keys_master  id_rsa  id_rsa.pub

3、把从节点slave1的公钥传送到master节点的/root/.ssh文件夹中，slave1中使用命令

　　scp  authorized_keys_slave1    root@master:/root/.ssh

[root@localhost .ssh]# scp authorized_keys_slave1 root@master:/root/.ssh
The authenticity of host 'master (192.168.10.101)' can't be established.
ECDSA key fingerprint is SHA256:Hep4xj/6A8J2IGNte74dTnqI5gY6Sd4Xgsq6oTkmUDA.
ECDSA key fingerprint is MD5:08:7e:a9:4a:91:99:a1:89:95:02:c7:76:e3:52:4f:d3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'master,192.168.10.101' (ECDSA) to the list of known hosts.
root@master's password:
authorized_keys_slave1                        100%  403   238.8KB/s   00:00    

4、这个时候我们在master中的root/.ssh目录会看到authorized_keys_master、authorized_keys_slave1两个文件。

把它们合并追加到authorized_keys文件中。

cat authorized_keys_master>> authorized_keys

cat authorized_keys_slave1>> authorized_keys

[root@localhost .ssh]# cat authorized_keys_master>>authorized_keys
[root@localhost .ssh]# cat authorized_keys_slave1>>authorized_keys
[root@localhost .ssh]# ls
authorized_keys         authorized_keys_slave1  id_rsa.pub
authorized_keys_master  id_rsa
[root@localhost .ssh]# cat authorized_keys 

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtUYN328WOb28y1urRl1uccKFlM2m0JDukJmclJzA/BQ/VqAjQ4DftZbTUApfkrYRsXAQJAV0wEkkDityl86So1r7MBg4uzq1kRJalrMUVJHEn2u7W7yBfY/o8jqzRKzgMy9ILw95iti1I0k/x8N35JTVC5t2qhQFqT3Op398Onj1lMWHVyj0QRc1C9zthe0L9WR4SIq/goGYVbiLM6XMyAzfI6Pk9OEpEI6UPb+/QFKmVOJ7RxnHGat2VaYQP7c5nL4fPu4bLOmMfeuAXeiRy9y2rRBl9PKS2/kwaP+ORqVK2fakwnIOjTo3HilMTVFpDhvMBhP4xsiXN3qIRoPk5 root@localhost.master

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfW91xcfffp+v/nJh3J44PNLvta84xUC6fAoTKxgZwlUlWuwZXjUgy+AhWMG5F2Ejv/jymIKwAGDV1luNSBj51JOloy2nuW85JlRKplROjJjBiJWxpvw814xSb1XiyOsyKiWAkWqBds1zg8V0xlm31stOxkBTUOKFSX8blIAM3XfaBUYFxqt1LSPQ1wZDDLOwrV46kuFwsgf/cR8cZhQeuayv1oTKdsj0aUFWvMaVYLIj3LfJoSMUzC5mUMiLZoBgw5TZHdK9BDwFMY5SKH1jLo1Vq9moVq7wxcUEovODJQGLwPL/xf7TkVSg16GrJ5OPbczy2MoTgSgjtXExsdLUX root@localhost.slave1

我们可以看到这个通行证authorized_keys中已经有了两台机子的公钥。

5、把这个通行证authorized_keys分发到其他节点----slave1   scp authorized_keys root@slave1:/root/.ssh

[root@localhost .ssh]# scp authorized_keys root@slave1:/root/.ssh
The authenticity of host 'slave1 (192.168.10.102)' can't be established.
ECDSA key fingerprint is SHA256://I9GnbQerDF/YSyPYbLnYFzY0vtDHGHZTgCjZeRvJY.
ECDSA key fingerprint is MD5:51:03:f2:82:95:50:8e:e4:e1:81:de:06:21:e0:27:b6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'slave1,192.168.10.102' (ECDSA) to the list of known hosts.
root@slave1's password:
authorized_keys                               100%  806   918.9KB/s   00:00   

6、测试节点之间相互ssh

例如在master中

ssh slave1

exit

不再需要输入登录密码

[root@localhost .ssh]# ssh slave1
Last login: Sat Jan 26 08:42:38 2019
[root@localhost ~]# exit
登出
Connection to slave1 closed.

至此，SSH免密互相访问完成。