最近按照网上的教程安装hadoop集群,设置服务器免密登录出现问题,卡住了,最后使用ssh -vvv命令找到问题并解决

记录下ssh免密登录设置过程

1.先查看/home/user/.ssh/文件下是否存在公钥私钥文件,如果有就不用执行第二步再次生成公钥私钥

2.在每台服务器执行命令ssh-keygen -t rsa,三次回车后，该目录下将会产生id_rsa，id_rsa.pub私钥公钥文件。

3.登录第一台服务器,进入.ssh目录

cat id_rsa.pub >> authorized_keys

4.将另外几台服务器公钥写入第一台服务器authorized_keys文件中

登录hadoop02,执行命令将公钥拷贝到hadoop01的authorized_keys中,同样将其他几台服务器公钥都拷贝到authorized_keys中

ssh-copy-id -i user@hadoop01 

5.将第一台服务器写好了各台服务器公钥的authorized_keys拷贝到其他服务器上替换原来的authorized_keys文件

6.执行 ssh hadoop01看看登录是否需要密码

我到这一步之前都很顺利,但是一直提示输入密码,尝试很多次,修改权限,重新生成秘钥公钥还是失败,不知道问题在哪?

使用ssh -vvv hadoop01 调试命令,很快就找到了问题并解决了

这是一段ssh登录正常的debug日志,可以看到ssh登录的认证过程

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to nplsvr01 [00.00.000.00] port 22.
debug1: Connection established.
debug1: identity file /home/hadoop/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/hadoop/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/hadoop/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/hadoop/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/hadoop/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/hadoop/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/hadoop/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/hadoop/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to nplsvr01:22 as 'hadoop'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: asdfasdfasdfasdf
debug1: Host 'nplsvr01' is known and matches the ECDSA host key.
debug1: Found key in /home/hadoop/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/hadoop/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug1: Authentication succeeded (publickey).
Authenticated to nplsvr01 ([00.00.000.000]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8

通过看debug日志很快就找到问题
失败日志片段

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/hadoop/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/hadoop/.ssh/id_dsa
debug3: no such identity: /home/hadoop/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/hadoop/.ssh/id_ecdsa
debug3: no such identity: /home/hadoop/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/hadoop/.ssh/id_ed25519
debug3: no such identity: /home/hadoop/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password

Next authentication method: publickey 从这段日志可以看到,有进行公钥认证,但是认证失败,然后就接着去password认证,就是提示你输入密码,到这里有很大可能性是authorized_keys文件权限问题,设置authorized_keys文件权限为600

$ chmod 600 ~/.ssh/authorized_keys

然后再次验证,发现ok了

[hadoop@nplsvr03 ~]$ ssh hadoop01
Last login: Tue Jun 26 19:06:50 2018 from 10.86.18.117
[hadoop@nplsvr01 ~]$