Passwordless SSH

Setting passwordless ssh for  users on Linux

In this tutorial, I will be explaining how to setup passwordless ssh on multiple nodes
In Data warehousing world when you come across distributed Massively parallel processing
database products which are deployed in cluster environment, you will definitely need
passwordless ssh access to the nodes through your admin user of the Database.
Most of the time passwordless access is only needed from Master to Slave nodes


This tutorial we are going to setup passwordless ssh access for the admin user.
You can also use this tutorial for setting passwordless access to hadoop user before
installing hadoop.

We will be referring our Admin user by name : hduser
we will be referring the Master node by      : node1
We will be referring the slave node by       : node2

The Linux OS used by me is Centos 6.3 on both the nodes

Lets start the tutorial ......

1. What is ssh
   ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.


2. Check whether your Centos system has ssh-client

[root@node1 ~]rpm -qa | grep ssh

3. adding a user(admin) for Hadoop

[root@node1 ~]groupadd hadoop
[root@node1 ~]useradd -g hadoop hduser
[root@node1 ~]passwd hduser

   Note - add group/user hduser on both Master(node1) and slave(node2) with same password

4. Now we will be setting up passwordless ssh for hduser from node1(Master) to connect to node2(Slave)

   Step 1.Generate DSA public, private key
 
          Login to node1 as hduser

[root@node1 ~]su - hdser
Genrate keys
[hduser@node1 ~]ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
Enter file in which to save the key (/home/hduser/.ssh/id_dsa)
Enter passphrase (empty for no passphrase): press enter
Enter same passphrase again: press enter
Your identification has been saved in /home/hduser/.ssh/id_dsa.
Your public key has been saved in /home/hduser/.ssh/id_dsa.pub.
The key fingerprint is:
04:be:15:ca:1d:0a:1e:e2:a7:e5:de:98:4f:b1:a6:01

          Note : The above command generated two keys. public and private. Never distribute the
          private key.

   Step 2.Create a ssh directory on node2

[hduser@node1 ~] ssh hduser@xx.xxx.xx.xx mkdir -p .ssh

          The above command will ssh the node2 and create a directory .ssh under /home/hduser
          This command will ask for a password, give password for hduser

   Step 3.Copy the public key  
          You will have to copy the public key generated in the first step above to all the
          nodes you want to connect to. In our case we will copy to node2

[hduser@node1 ~] scp ~/.ssh/id_dsa.pub hduser@xx.xxx.xx.xx:~/.ssh/id_dsa.pub

          This will prompt you for password, give the password for hduser.
          The public key has been copied to node2 under the mentioned directory

   Step 4.Authorize the public key by adding it to list of Authorized keys
          Login to node2 with hduser

[hduser@node2 ~] cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

          In the above command we concatenate the contents of id_dsa.pub to file named authorized_key
          Logout from node2

   Step 5.Test you passwordless ssh
          Login to node1 with hduser

[root@node1 ~] ssh hduser@xx.xxx.xx.xx

          This should not ask for password

5. In case, If you want a passwordless ssh access to localhost


   Step 1.Generate DSA public, private key
 
Login to node1 as hduser

[root@node1 ~]su - hdser
Genrate keys
[hduser@node1 ~]ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
Enter file in which to save the key (/home/hduser/.ssh/id_dsa)
Enter passphrase (empty for no passphrase): press enter
Enter same passphrase again: press enter
Your identification has been saved in /home/hduser/.ssh/id_dsa.
Your public key has been saved in /home/hduser/.ssh/id_dsa.pub.
The key fingerprint is:
04:be:15:ca:1d:0a:1e:e2:a7:e5:de:98:4f:b1:a6:01

          Note : The above command generated two keys. public and private. Never distribute the
          private key.


    Step 2.Authorize the public key
       

[hduser@node1 ~] cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

   
          Test passwordless access to localhost
          [hduser@node1 ~] ssh localhost
          This is should not ask for password

Some troubleshooting tips :

Reverse DNS not set up
Connecting from the command line, you might enter something like this:

ssh my.example.com
and get some output like this:

Connecting to my.example.com...
reverse mapping checking getaddrinfo for 192-168-1-243.foo.bar.net failed - POSSIBLE BREAK-IN ATTEMPT!
chris@my.example.com's password:

solution : You will have to add your node2 IPaddress to the hosts file, in order to stop this error message

[root@node1 ~] vi /etc/hosts

after adding the hosts file should look like this.

127.0.0.1 localhost.localdomain localhost
192.168.1.243 node2

This should fix the error.