hadoop-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Boudnik <...@yahoo-inc.com>
Subject Re: fail to setup passphraseless ssh and need some help
Date Thu, 02 Jul 2009 16:23:43 GMT
Hmm, publickey seems to be allowed. Well, as the last resort, I'd suggest to 
make sure that your public key and the one in the ~/.ssh/authorized_keys are 
actually identical.

On 7/1/09 11:09 PM, fred wang wrote:
> sorry, should incopy ssh_config(instead of sshd_config)
>
>
> vi /etc/ssh/ssh_config
>
> #  1. command line options
>
> #  2. user-specific file
>
> #  3. system-wide file
>
> # Any configuration value is only changed the first time it is set.
>
> # Thus, host-specific definitions should be at the beginning of the
>
> # configuration file, and defaults at the end.
>
>
>
> # Site-wide defaults for some commonly used options.  For a comprehensive
>
> # list of available options, their meanings and defaults, please see the
>
> # ssh_config(5) man page.
>
>
>
> Host *
>
> #   ForwardAgent no
>
> #   ForwardX11 no
>
> #   ForwardX11Trusted yes
>
> #   RhostsRSAAuthentication no
>
> #   RSAAuthentication yes
>
> #   PasswordAuthentication yes
>
> #   HostbasedAuthentication no
>
> #   GSSAPIAuthentication no
>
> #   GSSAPIDelegateCredentials no
>
> #   GSSAPIKeyExchange no
>
> #   GSSAPITrustDNS no
>
> #   BatchMode no
>
> #   CheckHostIP yes
>
> #   AddressFamily any
>
> #   ConnectTimeout 0
>
> #   StrictHostKeyChecking ask
>
> #   IdentityFile ~/.ssh/identity
>
> #   IdentityFile ~/.ssh/id_rsa
>
> #   IdentityFile ~/.ssh/id_dsa
>
> #   Port 22
>
> #   Protocol 2,1
>
> #   Cipher 3des
>
> #   Ciphers
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
>
> #   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
>
> #   EscapeChar ~
>
> #   Tunnel no
>
> #   TunnelDevice any:any
>
> #   PermitLocalCommand no
>
>      SendEnv LANG LC_*
>
>      HashKnownHosts yes
>
>      GSSAPIAuthentication yes
>
>      GSSAPIDelegateCredentials no
>
>
> On Thu, Jul 2, 2009 at 1:51 PM, fred wang<fredwang222@gmail.com>  wrote:
>
>> Here is the output of ssh -v localhost  and the configuration of
>> ssh_config,
>>
>> xxx@xxx-desktop:~$ ssh -v localhost
>>
>> OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
>>
>> debug1: Reading configuration data /etc/ssh/ssh_config
>>
>> debug1: Applying options for *
>>
>> debug1: Connecting to localhost [127.0.0.1] port 22.
>>
>> debug1: Connection established.
>>
>> debug1: identity file /home/xxx/.ssh/identity type -1
>>
>> debug1: identity file /home/xxx/.ssh/id_rsa type -1
>>
>> debug1: identity file /home/xxx/.ssh/id_dsa type 2
>>
>> debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7p1
>> Debian-8ubuntu1.2
>>
>> debug1: match: OpenSSH_4.7p1 Debian-8ubuntu1.2 pat OpenSSH*
>>
>> debug1: Enabling compatibility mode for protocol 2.0
>>
>> debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2
>>
>> debug1: SSH2_MSG_KEXINIT sent
>>
>> debug1: SSH2_MSG_KEXINIT received
>>
>> debug1: kex: server->client aes128-cbc hmac-md5 none
>>
>> debug1: kex: client->server aes128-cbc hmac-md5 none
>>
>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>>
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>>
>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>>
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>>
>> debug1: Host 'localhost' is known and matches the RSA host key.
>>
>> debug1: Found key in /home/xxx/.ssh/known_hosts:1
>>
>> debug1: ssh_rsa_verify: signature correct
>>
>> debug1: SSH2_MSG_NEWKEYS sent
>>
>> debug1: expecting SSH2_MSG_NEWKEYS
>>
>> debug1: SSH2_MSG_NEWKEYS received
>>
>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>>
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>>
>> debug1: Authentications that can continue: publickey,password
>>
>> debug1: Next authentication method: publickey
>>
>> debug1: Trying private key: /home/xxx/.ssh/identity
>>
>> debug1: Trying private key: /home/xxx/.ssh/id_rsa
>>
>> debug1: Offering public key: /home/xxx/.ssh/id_dsa
>>
>> debug1: Authentications that can continue: publickey,password
>>
>> debug1: Next authentication method: password
>>
>> xxx@localhost's password:
>>
>>
>>
>>
>>
>>
>>
>> xxx@xxx:~$ vi /etc/ssh/sshd_config
>>
>> #KerberosOrLocalPasswd yes
>>
>> #KerberosTicketCleanup yes
>>
>>
>>
>> # GSSAPI options
>>
>> #GSSAPIAuthentication no
>>
>> #GSSAPICleanupCredentials yes
>>
>>
>>
>> X11Forwarding yes
>>
>> X11DisplayOffset 10
>>
>> PrintMotd no
>>
>> PrintLastLog yes
>>
>> TCPKeepAlive yes
>>
>> #UseLogin no
>>
>>
>>
>> #MaxStartups 10:30:60
>>
>> #Banner /etc/issue.net
>>
>>
>>
>> # Allow client to pass locale environment variables
>>
>> AcceptEnv LANG LC_*
>>
>>
>>
>> Subsystem sftp /usr/lib/openssh/sftp-server
>>
>>
>>
>> UsePAM yes
>>
>>
>>
>> On Thu, Jul 2, 2009 at 1:18 PM, Konstantin Boudnik<cos@yahoo-inc.com>wrote:
>>
>>> Yet another possibility is that your SSH daemon isn't configured to accept
>>> publickey as a valid authorization mean.
>>>
>>> Try to do ssh -v localhost and check if there's something similar to the
>>> following:
>>>
>>> debug1: Authentications that can continue:
>>> publickey,password,keyboard-interactive
>>> debug1: Next authentication method: publickey
>>> debug1: Trying private key: /home/xxx/.ssh/identity
>>> debug1: Trying private key: /home/xxx/.ssh/id_rsa
>>> debug1: Offering public key: /home/xxx/.ssh/id_dsa
>>> debug1: Server accepts key: pkalg ssh-dss blen 435
>>> debug1: read PEM private key done: type DSA
>>> debug1: Authentication succeeded (publickey).
>>>
>>> Cos
>>>
>>>
>>> On 7/1/09 10:11 PM, fred wang wrote:
>>>
>>>> I have setup ./.ssh/authorized keys has permssion 600, but it didn't
>>>> work.
>>>> Thanks anyway
>>>>
>>>> ls -l .ssh/authorized_keys
>>>> -rw------- 1 xxx xxx 1222 2009-07-02 13:08 .ssh/authorized_keys
>>>>
>>>> On Thu, Jul 2, 2009 at 12:15 AM, Konstantin Boudnik<cos@yahoo-inc.com
>>>>> wrote:
>>>> Make sure that your ~/.ssh/authorized_keys has permissions 600
>>>>> Cos
>>>>>
>>>>>
>>>>> On 7/1/09 7:35 AM, fred wang wrote:
>>>>>
>>>>> Hi all,
>>>>>>    I failed to setup passphraseless ssh(I mean, I still need to input
>>>>>> password to do ssh localhost) when I tried to configure Hadoop to
run
>>>>>> on
>>>>>> psuedo-distributed operation,  could anyone help me solve this issue?
>>>>>> Thanks!
>>>>>>
>>>>>> (1)I use the Putty0.6 to remote access to Ubuntu by SSH.
>>>>>>
>>>>>> (2) execution steps and ouput
>>>>>>
>>>>>> $ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
>>>>>> Generating public/private dsa key pair.
>>>>>> Your identification has been saved in /home/xxx/.ssh/id_dsa.
>>>>>> Your public key has been saved in /home/xxx/.ssh/id_dsa.pub.
>>>>>> The key fingerprint is:
>>>>>> a9:39:4c:9b:22:f9:a4:77:70:24:fa:bf:12:f5:81:81 xxx
>>>>>>
>>>>>>
>>>>>> **note: it doesn't have message  'Enter passphrase (empty for no
>>>>>> passphrase):
>>>>>>      Enter same passphrase again: ' which appear in some introductory
>>>>>> paper.
>>>>>> "
>>>>>>
>>>>>> $ cat ~/.ssh/id_dsa.pub>>    ~/.ssh/authorized_keys
>>>>>> no output
>>>>>>
>>>>>> $ ssh localhost
>>>>>> The authenticity of host 'localhost (127.0.0.1)' can't be established.
>>>>>> RSA key fingerprint is 4f:a1:ff:ed:0c:46:3e:a9:8c:97:bc:b7:46:3e:35:d2.
>>>>>> Are you sure you want to continue connecting (yes/no)? yes
>>>>>> Warning: Permanently added 'localhost' (RSA) to the list of known
>>>>>> hosts.
>>>>>> xxx@localhost's password:
>>>>>>
>>>>>>

Mime
View raw message