0% found this document useful (0 votes)
162 views6 pages

SSH Key Generation Reference

The document describes how to configure passwordless SSH access on a single node Hadoop installation and a Hadoop cluster. For a single node installation on Ubuntu: SSH key authentication is configured for the 'hduser' to access localhost without a password. SSH keys are generated, the public key is added to the authorized_keys file to enable access. For a Hadoop cluster on CentOS: SSH key authentication is configured from the admin node to all other nodes to allow passwordless access. Keys are generated on the admin node and distributed, permissions are set on the .ssh directory and keys file to enable passwordless login from the admin node to all nodes in the cluster.

Uploaded by

Babjee Reddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
162 views6 pages

SSH Key Generation Reference

The document describes how to configure passwordless SSH access on a single node Hadoop installation and a Hadoop cluster. For a single node installation on Ubuntu: SSH key authentication is configured for the 'hduser' to access localhost without a password. SSH keys are generated, the public key is added to the authorized_keys file to enable access. For a Hadoop cluster on CentOS: SSH key authentication is configured from the admin node to all other nodes to allow passwordless access. Keys are generated on the admin node and distributed, permissions are set on the .ssh directory and keys file to enable passwordless login from the admin node to all nodes in the cluster.

Uploaded by

Babjee Reddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

On Ubuntu:

Hadoop requires SSH access to manage its nodes. So for this


single node installation of Hadoop we need to configure the SSH
access to localhost. We will be creating this access for
the hduser we created in the previous step.

$ sudo apt-get install openssh-server

After the SSH server installation. we have to generate an SSH key


for the hduser.

$ su - hduser

$ ssh-keygen -t rsa -P ""


Here the second command will generate a key pair with an empty
password.

Note: Empty key is not recommended but here we are putting the key as
empty as we don't want to enter the password every time hadoop
interacts with its nodes.

Now since the key pair is generated we have to enable SSH access
to local machine with this newly created key. For that you have
put the below command.

hduser@ubuntu:~$ cat $HOME/.ssh/id_rsa.pub >> $HOME/.ssh/authorized_keys

The step is also needed to save your local machine’s host key
fingerprint to the hduseruser’s known_hosts file. If you have any
special SSH configuration for your local machine like a non-
standard SSH port, you can define host-specific SSH options
in$HOME/.ssh/config

Finally you can check for the same using command:

$ ssh localhost
On CentOS:
Password Less SSH Authentication On All The Nodes Of Hadoop Cluster

In many cases the administrator has to log on to the remote nodes in the
network. in case of a small network it is easy way to co-ordinate them one
by one. If we consider a Data Center, it may consist of thousands of nodes
connected together and it will be a difficult job to go and work with each
nodes. We can make use of SSH (Secure SHELL). It is one of the most
trusted open source network protocol that can be used to log on to the
remote node/machine in the same network. We can use it to transfer files
across nodes using a secure protocol called SCP (Secure Copy).
We can use open SSH either of the two ways, one using the remote machine
password and the another one is using password less ssh login using the
ssh Keys. Let's see how to setup password-less login using SSH keys to
connect to remote Linux servers without entering password.

Setup SSH Password less Login


Hadoop cluster constitute a large number of linux machines. It is difficult
to go and configure each machines in the cluster as they are large in
number. So It is better to setup password less SSH login from the admin
machine to all the linux machines in the network so that remotely we can
administrate the cluster and synchronize the cluster configuration files
using SCP protocol etc..
Let's have a look at the network configuration.

192.168.1.101 n1.xyz.com n1
192.168.1.102 n2.xyz.com n2
192.168.1.103 n3.xyz.com n3
192.168.1.104 n4.xyz.com n4
192.168.1.105 n5.xyz.com n5

Here 192.168.1.101 is the admin machine. We need to setup the SSH


Password Less Login from this machine to all other nodes.
Install Open SSH clients on all the nodes.
Install open SSH server on the admin machine from which the
administrator can log on to the client machine without password (Password
less SSH).
#yum -y install openssh-clients

Step 1: Create Authentication SSH-Kegen Keys on admin machine–


(192.168.1.101)
First login into admin server 192.168.1.101 with user root and generate a pair
of public keys using following command.

[root@n1 ~]# ssh-keygen -t rsa


Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): (Press Enter)
Enter passphrase (empty for no passphrase): (Press Enter)
Enter same passphrase again: (Press Enter)

Step 2: Create .ssh Directory on all the remaining nodes


Use SSH from server 192.168.1.101 to connect
server 192.168.1.102 using root as user and create .ssh directory under it,
using following command.

[root@n1 ~]# ssh [email protected] mkdir -p .ssh


The authenticity of host '192.168.40.102 (192.168.40.102)' can't be established.
RSA key fingerprint is d1:d4:0a:d8:af:87:e3:a4:72:1d:63:a2:e4:13:68:a1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.40.102' (RSA) to the list of known hosts.
[email protected]'s password:
[root@n1 ~]# (Enter Your Password Here)
Step 3: Upload Generated Public Keys to all the remaining nodes
Use SSH from server 192.168.1.101 and upload new generated public key
(id_rsa.pub) on server 192.168.1.102 under root‘s .sshdirectory as a file
name authorized_keys.

[root@n1 ~]# cat .ssh/id_rsa.pub | ssh [email protected] 'cat >> .ssh/authorized_keys'


[email protected]'s password: Enter Your Password Here
Step 4: Set Permissions on all the remaining nodes
Due to different SSH versions on servers, we need to set permissions on
.ssh directory and authorized_keys file.

[root@n1 ~]$ ssh [email protected] "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
[email protected]'s password: [Enter Your Password Here]
Step 5: Login from 192.168.1.101 to 192.168.1.* node without Password
From now onwards you can log into 192.168.1.102 as root user from
server 192.168.1.101 as root user without password.

[root@n1 ~]$ ssh [email protected]


Step 6: Let's disable the SSH Strict_Host_key_Checking to avoid RSA key
fingerprint verification.
Uncomment the line # StrictHostKeyChecking ask and change the value
from ask to no
# vi /etc/ssh/ssh_config
StrictHostKeyChecking no

You might also like