Introduction
SSH is a secure network protocol designed to allow secure data transfer between clients and servers. The core idea of SSH is to use a combination of public key encryption technology and shared key encryption technology to establish a secure connection between the client and the server. When a client initiates a connection request, the server authenticates the client to ensure that it is a legitimate user. In order to achieve this purpose, the server will send its public key to the client, and the client will use this public key to encrypt a set of random data and return it to the server. After receiving it, the server decrypts it with its own private key to verify the client’s identity. Once the client’s identity is confirmed, the two parties begin negotiating a shared session key, a temporary key that is used to encrypt all subsequently transmitted data. Both parties generate a key and exchange it to form a consistent session key. At this time, all data sent via SSH will be encrypted using this shared session key. Only the client and server know this key, so even if the data is intercepted during transmission, it cannot be interpreted by others. In addition, to prevent man-in-the-middle attacks, SSH automatically updates the session key after a period of time. The above is the basic operating principle of SSH, which can ensure the secure transmission of data between the client and the server through such an encryption process.
Function: When multiple cluster nodes need to be managed at the same time, they can be accessed through a client, which is relatively convenient.
Windows essential services
Use ssh -V to check whether SSH is installed on the computer. Generally, computers will have their own ssh service.
Install it by yourself, it’s very simple and I won’t go into details anymore.
Then check the operation of SSH, use Get-Service -Name ssh*
Generate key
Keys need to be generated on all machines that require SSH communication.
1. Generate key
ssh
-keygen -t rsa -f D:
//id_rsa
Note that if you want to log in without a password when generating a key, do not enter the password;
Copy the D://id_rsa.pub file to the authorized_keys file under the C:\Users\
Modify the configuration file sshd_config, C:\Program Files\Git\etc\ssh, there will be some differences depending on the computer path.
#Comment these two lines #Match Group administrators # AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys ##Add these three lines PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication yes
Description:
-
Commenting out the
#Match Group administrators
and#AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
lines will disable matching and authorized key files for the administrators group. -
Adding the
PubkeyAuthentication yes
line will enable public key authentication. This means that clients connecting to the SSH server will need to authenticate using public and private keys instead of passwords. -
Adding the
AuthorizedKeysFile .ssh/authorized_keys
line will specify the authorized key files to check when authenticating the user. By default, the SSH server looks for a file named.ssh/authorized_keys
in the user’s home directory. -
Modifying the
PasswordAuthentication yes
line will enable password authentication. This means that when a client connects to an SSH server, it can authenticate using a password.
Add IP mapping
Modify the file C:\Windows\System32\drivers\etc\hosts.
Add the server name and IP you need
Format: IP address
Restart the service
Use the command services.msc to open the service list and start openssh.
linux configuration
Edit the IP mapping file vim /etc/hostname
Format IP address
In Windows, use ipconfig to view the local machine’s hostname. Use hostname
Generate the key in the virtual machine
ssh-keygen-trsa
At this time, a .ssh/ folder will be created simultaneously. There are two files below the folder, (
cp id_rsa, cp id_rsa.pub). Back up the id_rsa.pub file into authorized_keys
Authorize
chmod 700 .ssh/
chmod 700 .ssh/*
Description:
The first command: chmod 700 .ssh/ will grant 700 permissions to the entire .ssh directory, allowing only the owner to have read, write, and execute permissions on the directory.
The second command: chmod 600 .ssh/* will give 600 permissions to all files in the .ssh directory, allowing only the owner to have read and write permissions on the file.
Test
Use the ssh username @hostname to log in to any node
The first time you log in to any node, you need to confirm with yes.
C:\>ssh hadoop@vm10 The authenticity of host 'vm10 (10.0.0.110)' can't be established. ED25519 key fingerprint is SHA256:yUxCtH472lSUYgAgJqeOE9lvAiaMBwPO78SogOujnH4. This host key is known by the following other names/addresses: C:\Users\Administrator/.ssh/known_hosts:1: vm08 C:\Users\Administrator/.ssh/known_hosts:4: vm09 Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 'vm10' (ED25519) to the list of known hosts. hadoop@vm10's password: Last login: Mon Nov 6 10:11:33 2023 from vm08 [hadoop@vm10 ~]$ exit
Log in to the node using the method, and the command matches the operation command of the corresponding server.