If you are an admin to a clustered environment and frequently need to remote login (via ssh) to the cluster from your local node (eg laptop) OR from one node in the cluster to other nodes in the same cluster, you may have wondered --"Wouldn't it be nice to not have to provide password every time you login to a remote system?" Well to answer that its possible to enable what is called password-less ssh (secure shell) session between the nodes and it can be achieved in 3 easy steps.
1- Generate public keys on each node
2- Copy the public key of every node to every other node in the cluster in their 'authorized_keys' file
3- And test it out.
In the following example, we are taking a two node cluster and want to enable password-less ssh between the two nodes in the cluster.
Node 1 IP Address - 10.10.80.102
Node 2 IP Address - 10.10.80.103
On Node 1:
Step 1: Generate Public keys
[root@10.10.80.102 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
e8:f8:fe:c7:f2:c6:89:3d:51:78:
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| . . + |
| . S E . . |
| o . o ...|
| . . = = +|
| . o O . .+|
| .o..=.. ....|
+-----------------+
[root@10.10.80.102~]#
Then go to ~/.ssh directory and verify the public key file is present.
[root@10.10.80.102 ~]# cd .ssh
[root@10.10.80.102 .ssh]# ls -l
total 8
-rw-------. 1 root root 1675 Feb 27 02:53 id_rsa
-rw-r--r--. 1 root root 394 Feb 27 02:53 id_rsa.pub
[root@10.10.80.102 .ssh]#
Step 2:
Copy the public key of every node to every other node in the cluster in their 'authorized_keys' file
Then copy over the public key file (of Node 1 ie 10.10.80.102) over to Node 2 (10.10.80.103 in this case) in the file called ~/.ssh/authorized_keys with permissions 600. A handy tool called ssh-copy-id does it for you as shown below.
[root@10.10.80.102 .ssh]# ssh-copy-id -i id_rsa.pub 10.10.80.103
The authenticity of host '10.10.80.103 (10.10.80.103)' can't be established.
RSA key fingerprint is 06:80:d2:e9:05:c8:28:4d:bb:b3:
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.80.103' (RSA) to the list of known hosts.
root@10.10.80.103's password:
Now try logging into the machine, with "ssh '10.10.80.103'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@10.10.80.102 .ssh]#
Step 3:
Test it out
[root@10.10.80.102 .ssh]# ssh root@10.10.80.103
Last login: Wed Feb 27 02:49:08 2013 from 10.250.0.54
[root@10.10.80.103 ~]# [[[ no password asked ]]]
Now just repeat steps 1, 2, 3 on all nodes on your cluster. And you are all set !!
No comments:
Post a Comment