Hadoop SSH免密码登录以及失败解决方案
1.创建ssh-key
这里我们采用rsa方式,使用如下命令:
xiaosi@xiaosi:~$ssh-keygen-trsa-f~/.ssh/id_rsa Generatingpublic/privatersakeypair. Createddirectory'/home/xiaosi/.ssh'. Enterpassphrase(emptyfornopassphrase): Entersamepassphraseagain: Youridentificationhasbeensavedin/home/xiaosi/.ssh/id_rsa. Yourpublickeyhasbeensavedin/home/xiaosi/.ssh/id_rsa.pub. Thekeyfingerprintis: SHA256:n/sFaAT94A/xxxxxxxxxxxxxxxxxxxxxxxxiaosi@xiaosi Thekey'srandomartimageis: +---[xxxxx]----+ |o=....| |o.=...| |*.*o.| |+.4.=E+..| |.SBo=.h+| |ogo..oo.| |or+j..| |...+o=.| |...o=+| +----[xxxxx]-----+
备注:
这里会提示输入passphrase,一定不要输入任何字符,回车即可。
2.生成authorized_keys文件
xiaosi@xiaosi:~$cat~/.ssh/id_rsa.pub>>~/.ssh/authorized_keys
备注:
记得要把authorized_keys文件放到.ssh目录下,与rsa等文件放在一起,否则免登录失败,debug如下(ssh-vvvlocalhost进行调试,查找错误原因):
xiaosi@xiaosi:~$ssh-vvvlocalhost OpenSSH_7.2p2Ubuntu-4ubuntu1,OpenSSL1.0.2g-fips1Mar2016 debug1:Readingconfigurationdata/etc/ssh/ssh_config debug1:/etc/ssh/ssh_configline19:Applyingoptionsfor* debug2:resolving"localhost"port22 debug2:ssh_connect_direct:needpriv0 debug1:Connectingtolocalhost[127.0.0.1]port22. debug1:Connectionestablished. debug1:identityfile/home/xiaosi/.ssh/id_rsatype1 debug1:key_load_public:Nosuchfileordirectory debug1:identityfile/home/xiaosi/.ssh/id_rsa-certtype-1 debug1:key_load_public:Nosuchfileordirectory debug1:identityfile/home/xiaosi/.ssh/id_dsatype-1 debug1:key_load_public:Nosuchfileordirectory debug1:identityfile/home/xiaosi/.ssh/id_dsa-certtype-1 debug1:key_load_public:Nosuchfileordirectory debug1:identityfile/home/xiaosi/.ssh/id_ecdsatype-1 debug1:key_load_public:Nosuchfileordirectory debug1:identityfile/home/xiaosi/.ssh/id_ecdsa-certtype-1 debug1:key_load_public:Nosuchfileordirectory debug1:identityfile/home/xiaosi/.ssh/id_ed25519type-1 debug1:key_load_public:Nosuchfileordirectory debug1:identityfile/home/xiaosi/.ssh/id_ed25519-certtype-1 debug1:Enablingcompatibilitymodeforprotocol2.0 debug1:LocalversionstringSSH-2.0-OpenSSH_7.2p2Ubuntu-4ubuntu1 debug1:Remoteprotocolversion2.0,remotesoftwareversionOpenSSH_7.2p2Ubuntu-4ubuntu1 debug1:match:OpenSSH_7.2p2Ubuntu-4ubuntu1patOpenSSH*compat0x04000000 debug2:fd3settingO_NONBLOCK debug1:Authenticatingtolocalhost:22as'xiaosi' debug3:hostkeys_foreach:readingfile"/home/xiaosi/.ssh/known_hosts" debug3:record_hostkey:foundkeytypeECDSAinfile/home/xiaosi/.ssh/known_hosts:1 debug3:load_hostkeys:loaded1keysfromlocalhost debug3:order_hostkeyalgs:preferhostkeyalgs:ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug3:sendpacket:type20 debug1:SSH2_MSG_KEXINITsent debug3:receivepacket:type20 debug1:SSH2_MSG_KEXINITreceived debug2:localclientKEXINITproposal debug2:KEXalgorithms:curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c debug2:hostkeyalgorithms:ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2:ciphersctos:chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2:ciphersstoc:chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2:MACsctos:umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2:MACsstoc:umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2:compressionctos:none,zlib@openssh.com,zlib debug2:compressionstoc:none,zlib@openssh.com,zlib debug2:languagesctos: debug2:languagesstoc: debug2:first_kex_follows0 debug2:reserved0 debug2:peerserverKEXINITproposal debug2:KEXalgorithms:curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 debug2:hostkeyalgorithms:ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 debug2:ciphersctos:chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2:ciphersstoc:chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2:MACsctos:umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2:MACsstoc:umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2:compressionctos:none,zlib@openssh.com debug2:compressionstoc:none,zlib@openssh.com debug2:languagesctos: debug2:languagesstoc: debug2:first_kex_follows0 debug2:reserved0 debug1:kex:algorithm:curve25519-sha256@libssh.org debug1:kex:hostkeyalgorithm:ecdsa-sha2-nistp256 debug1:kex:server->clientcipher:chacha20-poly1305@openssh.comMAC:<implicit>compression:none debug1:kex:client->servercipher:chacha20-poly1305@openssh.comMAC:<implicit>compression:none debug3:sendpacket:type30 debug1:expectingSSH2_MSG_KEX_ECDH_REPLY debug3:receivepacket:type31 debug1:Serverhostkey:ecdsa-sha2-nistp256SHA256:378enl3ckhdpObP8fnsHr1EXz4d1q2Jde+jUplkub/Y debug3:hostkeys_foreach:readingfile"/home/xiaosi/.ssh/known_hosts" debug3:record_hostkey:foundkeytypeECDSAinfile/home/xiaosi/.ssh/known_hosts:1 debug3:load_hostkeys:loaded1keysfromlocalhost debug1:Host'localhost'isknownandmatchestheECDSAhostkey. debug1:Foundkeyin/home/xiaosi/.ssh/known_hosts:1 debug3:sendpacket:type21 debug2:set_newkeys:mode1 debug1:rekeyafter134217728blocks debug1:SSH2_MSG_NEWKEYSsent debug1:expectingSSH2_MSG_NEWKEYS debug3:receivepacket:type21 debug2:set_newkeys:mode0 debug1:rekeyafter134217728blocks debug1:SSH2_MSG_NEWKEYSreceived debug2:key:/home/xiaosi/.ssh/id_rsa(0x5602df5e80c0) debug2:key:/home/xiaosi/.ssh/id_dsa((nil)) debug2:key:/home/xiaosi/.ssh/id_ecdsa((nil)) debug2:key:/home/xiaosi/.ssh/id_ed25519((nil)) debug3:sendpacket:type5 debug3:receivepacket:type7 debug1:SSH2_MSG_EXT_INFOreceived debug1:kex_input_ext_info:server-sig-algs=<rsa-sha2-256,rsa-sha2-512> debug3:receivepacket:type6 debug2:service_accept:ssh-userauth debug1:SSH2_MSG_SERVICE_ACCEPTreceived debug3:sendpacket:type50 debug3:receivepacket:type51 debug1:Authenticationsthatcancontinue:publickey,password debug3:startover,passedadifferentlistpublickey,password debug3:preferredgssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3:authmethod_lookuppublickey debug3:remainingpreferred:keyboard-interactive,password debug3:authmethod_is_enabledpublickey debug1:Nextauthenticationmethod:publickey debug1:OfferingRSApublickey:/home/xiaosi/.ssh/id_rsa debug3:send_pubkey_test debug3:sendpacket:type50 debug2:wesentapublickeypacket,waitforreply debug3:receivepacket:type51 debug1:Authenticationsthatcancontinue:publickey,password debug1:Tryingprivatekey:/home/xiaosi/.ssh/id_dsa debug3:nosuchidentity:/home/xiaosi/.ssh/id_dsa:Nosuchfileordirectory debug1:Tryingprivatekey:/home/xiaosi/.ssh/id_ecdsa debug3:nosuchidentity:/home/xiaosi/.ssh/id_ecdsa:Nosuchfileordirectory debug1:Tryingprivatekey:/home/xiaosi/.ssh/id_ed25519 debug3:nosuchidentity:/home/xiaosi/.ssh/id_ed25519:Nosuchfileordirectory debug2:wedidnotsendapacket,disablemethod debug3:authmethod_lookuppassword debug3:remainingpreferred:,password debug3:authmethod_is_enabledpassword debug1:Nextauthenticationmethod:password xiaosi@localhost'spassword:
3.验证
xiaosi@xiaosi:~$sshlocalhost Theauthenticityofhost'localhost(127.0.0.1)'can'tbeestablished. ECDSAkeyfingerprintisSHA256:378enl3ckhdpObP8fnsHr1EXz4d1q2Jde+jUplkub/Y. Areyousureyouwanttocontinueconnecting(yes/no)?yes Warning:Permanentlyadded'localhost'(ECDSA)tothelistofknownhosts. sign_and_send_pubkey:signingfailed:agentrefusedoperation xiaosi@localhost'spassword:
4.authorized_keys权限
我们可以看到还是让我输入密码,很大可能是authorized_keys文件权限的问题,我们给该文件赋予一定权限:
xiaosi@xiaosi:~$chmod600~/.ssh/authorized_keys
再次验证:
xiaosi@xiaosi:~$sshlocalhost WelcometoUbuntu16.04LTS(GNU/Linux4.4.0-24-genericx86_64) *Documentation:https://help.ubuntu.com/ 0个可升级软件包。 0个安全更新。 Lastlogin:ThuJun1608:05:502016from127.0.0.1
到此表示OK了。
备注:
或者第一次需要输入密码,以后再次登陆就不需要输入密码了。
感谢阅读,希望能帮助到大家,谢谢大家对本站的支持!