Skip to main content

SSH

SSH (Secured Shell)

Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers. It connects, via a secure channel over an insecure network, a server and a client running SSH server and SSH client programs, respectively.
It was designed as a replacement for Telnet and other insecure remote shell protocols such as the Berkeley rsh and rexec protocols, which send information, notablypasswords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis.
SSH uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user, if necessary.There are several ways to use SSH; one is to use automatically generated public-private key pairs to simply encrypt a network connection, and then use password authentication to log on.
Another is to use a manually generated public-private key pair to perform the authentication, allowing users or programs to log in without having to specify a password. In this scenario, anyone can produce a matching pair of different keys (public and private). The public key is placed on all computers that must allow access to the owner of the matching private key (the owner keeps the private key secret). While authentication is based on the private key, the key itself is never transferred through the network during authentication. SSH only verifies whether the same person offering the public key also owns the matching private key. In all versions of SSH it is important to verify unknown public keys, i.e. associate the public keys with identities, before accepting them as valid. Accepting an attacker’s public key without validation will authorize an unauthorized attacker as a valid user.
Generating SSH Key :
#1: Install ssh server on your computer
[user@localhost ~]$sudo yum install openssh-server
NOTE: For the above step, INTERNET connection should be enabled
#2: [user@localhost ~]$ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key
(/home/user/.ssh/id_rsa):
Created directory ‘/home/user/.ssh’.
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
9b:82:ea:58:b4:e0:35:d7:ff:19:66:a6:ef:ae:0e:d2user@localhost
+–[ RSA 2048]—-+
The final step is to test the SSH setup by connecting to your local machine with the
user user. The step is also needed to save your local machine’s host key
fingerprint to the user user’s known_hosts file. If you have any special SSH
configuration for your local machine like a non-standard SSH port, you can define
host-specific SSH options in $HOME/.ssh/config (see man ssh_config for more
information).
#3:now copy the public key to the authorized_keys file, so that ssh should not require
passwords every time
[user@localhost ~]$cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
#4:Change permissions of the authorized_keys fie to have all permissions for user
[user@localhost ~]$chmod 700 ~/.ssh/authorized_keys
#5:If ssh is not running, then run it by giving the below command
[user@localhost ~]$ sudo service sshd start
#6: Run the below command to have the sshd running even after system reboot.
user@localhost:~$sudo chkconfig sshd on
#7:Stop the firewalls if enabled by following commands
[user@localhost ~]$sudo service iptables stop
#8:Run the below command to have the iptables stopped even after system reboot.
user@localhost:~$sudo chkconfig iptables off
#9:Test the ssh connectivity by doing the following
[user@localhost ~]$ssh localhost
The authenticity of host ‘localhost (::1)’ can’t be established.
RSA key fingerprint is d7:87:25:47:ae:02:00:eb:1d:75:4f:bb:44:f9:36:26.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘localhost’ (RSA) to the list of known hosts.
Linux ubuntu 2.6.32-22-generic #33-Ubuntu SMP Wed Apr 28 13:27:30 UTC 2010
i686 GNU/Linux
Ubuntu 10.04
How to connect or SSH to another node in the cluster?
#1:Start SSHD in all the available nodes 
Node1: sudo service sshd start
Node2:sudo service sshd start
#2:Run below commands to start ssh even after reboot
Node1: sudo chkconfig sshd on
Node2:sudo chkconfig sshd on
#3:Copy SSH key to node 2 or slave from master node
user@master:ssh-copy-id -i $HOME/.ssh/id-rsa.pub user@slave or node2 address
Note:repeat this to all the available nodes
#4:Reboot both the nodes.
#5:Test SSH connection from one node whether it is connecting to all the nodes
user@master: ssh master or node1
==>user @master
user@master: ssh slave or node2
==>user@slave
user@slave: ssh master
==>user@master
Note: Please change back to original node after usage always.
Labels:

Comments

Post a Comment

Popular posts from this blog

Checking XML Validity

Checking XML Validity When you edit XML, it is a good idea to use an XML-aware editor to be sure that your syntax is correct and your XML is well-formed. You can also use the xmllint utility to check that your XML is well-formed. By default, xmllint re-flows and prints the XML to standard output. To check for well-formedness and only print output if errors exist, use the command xmllint -noout filename.xml .
Post a Comment
Read more

Deprecated API Versus New API

Seq No Deprecated API NEW API 1 Release 0.20 Release 1.X and 2.X 2 Interfaces (means you can add a method with default implementation to an abstract class without breaking old implementations of class Abstract classes For Example Mapper and Reducer interfaces in Old API are abstract classes in new API 3 Package org.apache.hadoop.mapred org.apache.hadoop.mapreduce 4 JobConf,the OutputCollector and the Reporter Context Object   (allows the user code to communicate with MapReduce System) 5 Both API’s, Key-Value record pairs are pushed to mapper and reducer In addition execution flow can be controlled by run() method 6 Job Control by JobClient class Job class 7 Output file are named as Part-nnnnn Part-m-nnnnn( mapper) , part-r-nnnnn(reducer) 8 ...
Post a Comment
Read more