hadoop-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fred wang <fredwang...@gmail.com>
Subject Re: fail to setup passphraseless ssh and need some help
Date Fri, 03 Jul 2009 14:31:58 GMT
I remove the ~/.ssh and regenerate the key and it seems I still need to
provide password when I ssh localhost. Thank you very much even it couldn't
be fixed finally.

But I found there is some warning information:

ssh localhost

The authenticity of host 'localhost (127.0.0.1)' can't be established.

RSA key fingerprint is 4f:a1:ff:ed:0c:46:3e:a9:8c:97:bc:b7:46:3e:35:d2.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'localhost' (RSA) to the list of known hosts.


On 7/1/09 11:09 PM, fred wang wrote:

>  sorry, should incopy ssh_config(instead of sshd_config)
>>
>>
>> vi /etc/ssh/ssh_config
>>
>> #  1. command line options
>>
>> #  2. user-specific file
>>
>> #  3. system-wide file
>>
>> # Any configuration value is only changed the first time it is set.
>>
>> # Thus, host-specific definitions should be at the beginning of the
>>
>> # configuration file, and defaults at the end.
>>
>>
>>
>> # Site-wide defaults for some commonly used options.  For a comprehensive
>>
>> # list of available options, their meanings and defaults, please see the
>>
>> # ssh_config(5) man page.
>>
>>
>>
>> Host *
>>
>> #   ForwardAgent no
>>
>> #   ForwardX11 no
>>
>> #   ForwardX11Trusted yes
>>
>> #   RhostsRSAAuthentication no
>>
>> #   RSAAuthentication yes
>>
>> #   PasswordAuthentication yes
>>
>> #   HostbasedAuthentication no
>>
>> #   GSSAPIAuthentication no
>>
>> #   GSSAPIDelegateCredentials no
>>
>> #   GSSAPIKeyExchange no
>>
>> #   GSSAPITrustDNS no
>>
>> #   BatchMode no
>>
>> #   CheckHostIP yes
>>
>> #   AddressFamily any
>>
>> #   ConnectTimeout 0
>>
>> #   StrictHostKeyChecking ask
>>
>> #   IdentityFile ~/.ssh/identity
>>
>> #   IdentityFile ~/.ssh/id_rsa
>>
>> #   IdentityFile ~/.ssh/id_dsa
>>
>> #   Port 22
>>
>> #   Protocol 2,1
>>
>> #   Cipher 3des
>>
>> #   Ciphers
>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
>>
>> #   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
>>
>> #   EscapeChar ~
>>
>> #   Tunnel no
>>
>> #   TunnelDevice any:any
>>
>> #   PermitLocalCommand no
>>
>>     SendEnv LANG LC_*
>>
>>     HashKnownHosts yes
>>
>>     GSSAPIAuthentication yes
>>
>>     GSSAPIDelegateCredentials no
>>
>>
>> On Thu, Jul 2, 2009 at 1:51 PM, fred wang<fredwang222@gmail.com>  wrote:
>>
>> Here is the output of ssh -v localhost  and the configuration of
>>> ssh_config,
>>>
>>> xxx@xxx-desktop:~$ ssh -v localhost
>>>
>>> OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
>>>
>>> debug1: Reading configuration data /etc/ssh/ssh_config
>>>
>>> debug1: Applying options for *
>>>
>>> debug1: Connecting to localhost [127.0.0.1] port 22.
>>>
>>> debug1: Connection established.
>>>
>>> debug1: identity file /home/xxx/.ssh/identity type -1
>>>
>>> debug1: identity file /home/xxx/.ssh/id_rsa type -1
>>>
>>> debug1: identity file /home/xxx/.ssh/id_dsa type 2
>>>
>>> debug1: Remote protocol version 2.0, remote software version
>>> OpenSSH_4.7p1
>>> Debian-8ubuntu1.2
>>>
>>> debug1: match: OpenSSH_4.7p1 Debian-8ubuntu1.2 pat OpenSSH*
>>>
>>> debug1: Enabling compatibility mode for protocol 2.0
>>>
>>> debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2
>>>
>>> debug1: SSH2_MSG_KEXINIT sent
>>>
>>> debug1: SSH2_MSG_KEXINIT received
>>>
>>> debug1: kex: server->client aes128-cbc hmac-md5 none
>>>
>>> debug1: kex: client->server aes128-cbc hmac-md5 none
>>>
>>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>>>
>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>>>
>>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>>>
>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>>>
>>> debug1: Host 'localhost' is known and matches the RSA host key.
>>>
>>> debug1: Found key in /home/xxx/.ssh/known_hosts:1
>>>
>>> debug1: ssh_rsa_verify: signature correct
>>>
>>> debug1: SSH2_MSG_NEWKEYS sent
>>>
>>> debug1: expecting SSH2_MSG_NEWKEYS
>>>
>>> debug1: SSH2_MSG_NEWKEYS received
>>>
>>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>>>
>>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>>>
>>> debug1: Authentications that can continue: publickey,password
>>>
>>> debug1: Next authentication method: publickey
>>>
>>> debug1: Trying private key: /home/xxx/.ssh/identity
>>>
>>> debug1: Trying private key: /home/xxx/.ssh/id_rsa
>>>
>>> debug1: Offering public key: /home/xxx/.ssh/id_dsa
>>>
>>> debug1: Authentications that can continue: publickey,password
>>>
>>> debug1: Next authentication method: password
>>>
>>> xxx@localhost's password:
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> xxx@xxx:~$ vi /etc/ssh/sshd_config
>>>
>>> #KerberosOrLocalPasswd yes
>>>
>>> #KerberosTicketCleanup yes
>>>
>>>
>>>
>>> # GSSAPI options
>>>
>>> #GSSAPIAuthentication no
>>>
>>> #GSSAPICleanupCredentials yes
>>>
>>>
>>>
>>> X11Forwarding yes
>>>
>>> X11DisplayOffset 10
>>>
>>> PrintMotd no
>>>
>>> PrintLastLog yes
>>>
>>> TCPKeepAlive yes
>>>
>>> #UseLogin no
>>>
>>>
>>>
>>> #MaxStartups 10:30:60
>>>
>>> #Banner /etc/issue.net
>>>
>>>
>>>
>>> # Allow client to pass locale environment variables
>>>
>>> AcceptEnv LANG LC_*
>>>
>>>
>>>
>>> Subsystem sftp /usr/lib/openssh/sftp-server
>>>
>>>
>>>
>>> UsePAM yes
>>>
>>>
>>>
>>> On Thu, Jul 2, 2009 at 1:18 PM, Konstantin Boudnik<cos@yahoo-inc.com
>>> >wrote:
>>>
>>> Yet another possibility is that your SSH daemon isn't configured to
>>>> accept
>>>> publickey as a valid authorization mean.
>>>>
>>>> Try to do ssh -v localhost and check if there's something similar to the
>>>> following:
>>>>
>>>> debug1: Authentications that can continue:
>>>> publickey,password,keyboard-interactive
>>>> debug1: Next authentication method: publickey
>>>> debug1: Trying private key: /home/xxx/.ssh/identity
>>>> debug1: Trying private key: /home/xxx/.ssh/id_rsa
>>>> debug1: Offering public key: /home/xxx/.ssh/id_dsa
>>>> debug1: Server accepts key: pkalg ssh-dss blen 435
>>>> debug1: read PEM private key done: type DSA
>>>> debug1: Authentication succeeded (publickey).
>>>>
>>>> Cos
>>>>
>>>>
>>>> On 7/1/09 10:11 PM, fred wang wrote:
>>>>
>>>> I have setup ./.ssh/authorized keys has permssion 600, but it didn't
>>>>> work.
>>>>> Thanks anyway
>>>>>
>>>>> ls -l .ssh/authorized_keys
>>>>> -rw------- 1 xxx xxx 1222 2009-07-02 13:08 .ssh/authorized_keys
>>>>>
>>>>> On Thu, Jul 2, 2009 at 12:15 AM, Konstantin Boudnik<cos@yahoo-inc.com
>>>>>
>>>>>> wrote:
>>>>>>
>>>>> Make sure that your ~/.ssh/authorized_keys has permissions 600
>>>>>
>>>>>> Cos
>>>>>>
>>>>>>
>>>>>> On 7/1/09 7:35 AM, fred wang wrote:
>>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>>>   I failed to setup passphraseless ssh(I mean, I still need to
input
>>>>>>> password to do ssh localhost) when I tried to configure Hadoop
to run
>>>>>>> on
>>>>>>> psuedo-distributed operation,  could anyone help me solve this
issue?
>>>>>>> Thanks!
>>>>>>>
>>>>>>> (1)I use the Putty0.6 to remote access to Ubuntu by SSH.
>>>>>>>
>>>>>>> (2) execution steps and ouput
>>>>>>>
>>>>>>> $ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
>>>>>>> Generating public/private dsa key pair.
>>>>>>> Your identification has been saved in /home/xxx/.ssh/id_dsa.
>>>>>>> Your public key has been saved in /home/xxx/.ssh/id_dsa.pub.
>>>>>>> The key fingerprint is:
>>>>>>> a9:39:4c:9b:22:f9:a4:77:70:24:fa:bf:12:f5:81:81 xxx
>>>>>>>
>>>>>>>
>>>>>>> **note: it doesn't have message  'Enter passphrase (empty for
no
>>>>>>> passphrase):
>>>>>>>     Enter same passphrase again: ' which appear in some introductory
>>>>>>> paper.
>>>>>>> "
>>>>>>>
>>>>>>> $ cat ~/.ssh/id_dsa.pub>>    ~/.ssh/authorized_keys
>>>>>>> no output
>>>>>>>
>>>>>>> $ ssh localhost
>>>>>>> The authenticity of host 'localhost (127.0.0.1)' can't be
>>>>>>> established.
>>>>>>> RSA key fingerprint is
>>>>>>> 4f:a1:ff:ed:0c:46:3e:a9:8c:97:bc:b7:46:3e:35:d2.
>>>>>>> Are you sure you want to continue connecting (yes/no)? yes
>>>>>>> Warning: Permanently added 'localhost' (RSA) to the list of known
>>>>>>> hosts.
>>>>>>> xxx@localhost's password:
>>>>>>>
>>>>>>>
>>>>>>>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message