1、在实际生产环境中为Hadoop配置无秘钥登录非常有必要
# 在没有配置时: [liuwl@linux-66-64 hadoop-2.5.0]$ jps 26163 Jps [liuwl@linux-66-64 hadoop-2.5.0]$ sbin/start-yarn.sh starting yarn daemons starting resourcemanager, logging to /home/liuwl/opt/modules/hadoop-2.5.0/logs/yarn-liuwl-resourcemanager-linux-66-64.liuwl.com.out liuwl@linux-66-64.liuwl.com's password: # 启动 nodemanager 需要密码 linux-66-64.liuwl.com: starting nodemanager, logging to /home/liuwl/opt/modules/hadoop-2.5.0/logs/yarn-liuwl-nodemanager-linux-66-64.liuwl.com.out [liuwl@linux-66-64 hadoop-2.5.0]$ jps 27134 ResourceManager 27475 Jps 27417 NodeManager [liuwl@linux-66-64 hadoop-2.5.0]$ sbin/stop-yarn.sh stopping yarn daemons stopping resourcemanager liuwl@linux-66-64.liuwl.com's password: # 关闭 nodemanager 需要密码 linux-66-64.liuwl.com: stopping nodemanager no proxyserver to stop
# 可想,实际生产中无秘钥登录的重要性
2、生成公钥与私钥
# 做好无秘钥登录用户选择(在每个用户下都会有个二.ssh文件夹,默认为空) [liuwl@linux-66-64 .ssh]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/liuwl/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/liuwl/.ssh/id_rsa. Your public key has been saved in /home/liuwl/.ssh/id_rsa.pub. The key fingerprint is: 12:26:91:a1:da:29:91:a7:ec:3e:1a:f6:92:f5:7d:cc liuwl@linux-66-64.liuwl.com The key's randomart image is: +--[ RSA 2048]----+ | oo | | . ... | |o o . o | |.* . o . | |+.o . S | |.. . . | |.oo . . o | |o=. . . E | |o.o. . | +-----------------+ [liuwl@linux-66-64 .ssh]$ ls id_rsa id_rsa.pub # 私钥与公钥
3、发送到节点(机器)上
[liuwl@linux-66-64 .ssh]$ hostname linux-66-64.liuwl.com [liuwl@linux-66-64 .ssh]$ ssh-copy-id linux-66-64.liuwl.com The authenticity of host 'linux-66-64.liuwl.com (192.168.0.111)' can't be established. # 第一次设置需要提示是否确定 RSA key fingerprint is 93:26:f9:f8:57:d1:0d:cb:5f:69:87:26:f6:77:f8:e0. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'linux-66-64.liuwl.com,192.168.0.111' (RSA) to the list of known hosts. liuwl@linux-66-64.liuwl.com's password: # 输入密码 Now try logging into the machine, with "ssh 'linux-66-64.liuwl.com'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [liuwl@linux-66-64 .ssh]$ ls authorized_keys id_rsa id_rsa.pub known_hosts # authorized_keys 也是公钥,注意秘钥权限不能随便乱改
[liuwl@linux-66-64 .ssh]$ ll total 16 -rw------- 1 liuwl liuwl 409 Oct 14 00:43 authorized_keys -rw------- 1 liuwl liuwl 1675 Oct 14 00:40 id_rsa -rw-r--r-- 1 liuwl liuwl 409 Oct 14 00:40 id_rsa.pub -rw-r--r-- 1 liuwl liuwl 417 Oct 14 00:43 known_hosts [liuwl@linux-66-64 .ssh]$ cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5d/DiNJ8BRdsoTlfZqMMY+RUWeUel9oOfSGg/EdVifgryHHpUGc/PziuDZAZb0R/zV9HebYgIZ8YDsJvUOZleUP6n2p+8kRqJGsKCru2lM8lVPtkICZq+KUHHzMvavgwa2K6r9kITc1LMr8plBzdfPkN4uygYK6otLdlAn9qAGAv47FTGcbMJuUhB4e3MKqVg5z5ZFI3FRE3MmLoazVLQ3kCOHlSzUdmJ9ZyAQRdSP9OTSbtL81KSxFIJbvgZ2qoTDL26mjg4rTntvwyXoxPWQ/9twWbJ9Sov1k1SZVHfZ8XnHFsCTF0YzFrxD/UZQUpWnR5/T+/cR2mtU/n08+rtQ== liuwl@linux-66-64.liuwl.com [liuwl@linux-66-64 .ssh]$ cat known_hosts linux-66-64.liuwl.com,192.168.0.111 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuJR7MP7Bo21+OGDD2GKGYuyJoJKlDOfrIWQwClCsEn2tdgRW0IFAQkIgo4bcaRTUxJ8ctJom3Qi+NykIe1lqMA2ONTcclNKh/a8teXvd/DOhnol+OXJypL/S2vSRviR/QOerq7KWXiixzAjxBSTQtvYvMBY/fGfHu6wXy/DVViaTu0MdsWLAQlpwkfRe+D0rlDJIQqVTemdX8zxqPsEednlDuk7YlntC1e/A3bds2r2hGLX6PV8M9g5ef3dmw3s5LZD89Bh/8LlzEr42zEGApgKICrn+Wm8FCbrG2BrUOOz3srf4Y2aaNicZ4sm0X8FepPDYUWKW7lFxLv4YLRcG1w== [liuwl@linux-66-64 .ssh]$ cat id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEA5d/DiNJ8BRdsoTlfZqMMY+RUWeUel9oOfSGg/EdVifgryHHp UGc/PziuDZAZb0R/zV9HebYgIZ8YDsJvUOZleUP6n2p+8kRqJGsKCru2lM8lVPtk ICZq+KUHHzMvavgwa2K6r9kITc1LMr8plBzdfPkN4uygYK6otLdlAn9qAGAv47FT GcbMJuUhB4e3MKqVg5z5ZFI3FRE3MmLoazVLQ3kCOHlSzUdmJ9ZyAQRdSP9OTSbt L81KSxFIJbvgZ2qoTDL26mjg4rTntvwyXoxPWQ/9twWbJ9Sov1k1SZVHfZ8XnHFs CTF0YzFrxD/UZQUpWnR5/T+/cR2mtU/n08+rtQIBIwKCAQATtBgTCrosUncGgUKx BqlKZAc658DLL/KdAuHpvPi0DfUfzz/iUf4bXKE0XM766J09fTIDHj1Etd19m6Mk MQFiKmXwaDbETwHIm3XjqbCQaYbbZgFElZQj8ONachoB2sJSWOtuKIuu5bX9CRIx RE1/vZN52cSakqC/CGe+YrFQfRxVPmFaK+xd2ao8rUCAY4TIiWtN+n3UOPeJP/C7 GqlvGN6Bi6in69qdz07MRuHylUHnR91UGH3loJom2EjZzYMPNXsWikn+utWemhnd cXpOpuVDzgco7arb2m1TKzGmA3JAg0F/ttP+2iRIbCsmuBlOlUF817gDxIDzKJOZ GFKrAoGBAPkHzjR3aKlHBprlFfHJa6YzFh8ZU/jMfX22FGkwqT7mxgSL/HHDl8RZ yrZs2vaFFDRNzjnH8qaKkcfQkfvzUReZVNMDh804iJ6jjLwCNdl0lbC8kpiUVHeV VErIpKEObgVXrnge6b0cYzq+bn+TYN7oSbGUHwYZ5E/Zb9dNp0z5AoGBAOxOtgQx CF1DncQJNyo4CzeCQ6ESk9ecpcbludwI/6j3O4RvyjFimqtHmSRE7nALHcPKZ509 Z5Ge2HnlTpKHEUJWw4ff6Qm4/eIuaZ3vf+L5ido4ugRgq2fPu0RhTg3eXjKpck0Y SA3+3TRjjggN6yMyssxjTAErRMvHBqvhYe+dAoGBAKOmCynKz7+yVMwwJF0PVV6W mYImlkRpH0P7Tz3PhSlV0pVGDErCXGsWb0St7vnFKojFakM6QF7QFqfg1PYGSztk wraNSpzNYRfKj66/n7rI9KdXWQUuRiKylnpJVj3ziiDElzj+XxXfdGhugyCirV9I MG1hVjc1lgiWM418LByjAoGAPMPIZ3pSm6OsObk6EiurHOb7co+/ndfS21+k0i4z HNHcGr2pBWJ/iyEKH0Ts2vuLT5pyakL9X/WlYSxWCGvf3dvL4RxR3e29oI+XgGIo Mwz3j+KzfXfxj7kS5bKfCuForfEOw14D5ld6tbMzJqR+SuEmqZXgWBJwxq+FX2XX Wt8CgYEAgEVzR3Zt3+AcvwGGKoz33JnyD6+DiFDS8jJFyVg0SDVWn+pfiWJ1Qrgs JbrYrBoTxncNTZgyVzfMqaptLEpOkldWOfcnqn1WaWSfw06x5fCIwpnee3qZtPf6 h05Q81dKC2Wx4BP+gUdPQgINRt9Eln8m3cDVZROZKrQes7IKuvU= -----END RSA PRIVATE KEY----- [liuwl@linux-66-64 .ssh]$ cat id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5d/DiNJ8BRdsoTlfZqMMY+RUWeUel9oOfSGg/EdVifgryHHpUGc/PziuDZAZb0R/zV9HebYgIZ8YDsJvUOZleUP6n2p+8kRqJGsKCru2lM8lVPtkICZq+KUHHzMvavgwa2K6r9kITc1LMr8plBzdfPkN4uygYK6otLdlAn9qAGAv47FTGcbMJuUhB4e3MKqVg5z5ZFI3FRE3MmLoazVLQ3kCOHlSzUdmJ9ZyAQRdSP9OTSbtL81KSxFIJbvgZ2qoTDL26mjg4rTntvwyXoxPWQ/9twWbJ9Sov1k1SZVHfZ8XnHFsCTF0YzFrxD/UZQUpWnR5/T+/cR2mtU/n08+rtQ== liuwl@linux-66-64.liuwl.com
4、测试一下
[liuwl@linux-66-64 hadoop-2.5.0]$ sbin/start-yarn.sh starting yarn daemons starting resourcemanager, logging to /home/liuwl/opt/modules/hadoop-2.5.0/logs/yarn-liuwl-resourcemanager-linux-66-64.liuwl.com.out linux-66-64.liuwl.com: starting nodemanager, logging to /home/liuwl/opt/modules/hadoop-2.5.0/logs/yarn-liuwl-nodemanager-linux-66-64.liuwl.com.out [liuwl@linux-66-64 hadoop-2.5.0]$ jps 25171 NodeManager 25072 ResourceManager 25331 Jps
OK!