• 通过cygwin安装openSSH

    openSSH的安装是学习hadoop必不可少的一步,如果ssh装不好,hadoop的安装会进行不下去。本人初学hadoop时发现以前安装ssh走了一些弯路,现在又有了一些认识,所以重写了这篇日志,供其他需要的朋友参考。 
    本文安装的版本是OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014,已经试验成功。 

    1. 通过cygwin安装openSSH 
    cygwin怎么装就不说了,不懂的可以见另一篇博客cygwin安装 

    如下图添加openssh,openssl组件即可安装。 
     

    2. 配置SSH服务 

    2.1.[以管理员身份运行]桌面上的Cygwin,必须的,不然没权限创建sshd服务。这点以后运行Cygwin时请作为一个常识铭记在心,后面不再赘述。 

    2.2 查看ssh版本号 

    $ ssh -V
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014



    2.3 输入 

    ssh-host-config


    然后按照提示一步一步来 

    *** Info: Generating missing SSH host keys 
    ssh-keygen: generating new host keys: RSA1 RSA DSA ECDSA ED25519 
    *** Info: Creating default /etc/ssh_config file 
    *** Info: Creating default /etc/sshd_config file 

    *** Info: StrictModes is set to 'yes' by default. 
    *** Info: This is the recommended setting, but it requires that the POSIX 
    *** Info: permissions of the user's home directory, the user's .ssh 
    *** Info: directory, and the user's ssh key files are tight so that 
    *** Info: only the user has write permissions. 
    *** Info: On the other hand, StrictModes don't work well with default 
    *** Info: Windows permissions of a home directory mounted with the 
    *** Info: 'noacl' option, and they don't work at all if the home 
    *** Info: directory is on a FAT or FAT32 partition. 
    *** Query: Should StrictModes be used? (yes/no) no 

    *** Info: Privilege separation is set to 'sandbox' by default since 
    *** Info: OpenSSH 6.1.  This is unsupported by Cygwin and has to be set 
    *** Info: to 'yes' or 'no'. 
    *** Info: However, using privilege separation requires a non-privileged account 
    *** Info: called 'sshd'. 
    *** Info: For more info on privilege separation read /usr/share/doc/openssh/README.privsep. 
    *** Query: Should privilege separation be used? (yes/no) no 
    *** Info: Updating /etc/sshd_config file 

    *** Query: Do you want to install sshd as a service? 
    *** Query: (Say "no" if it is already installed as a service) (yes/no) yes 
    *** Query: Enter the value of CYGWIN for the daemon: [] 
    *** Info: On Windows Server 2003, Windows Vista, and above, the 
    *** Info: SYSTEM account cannot setuid to other users -- a capability 
    *** Info: sshd requires.  You need to have or to create a privileged 
    *** Info: account.  This script will help you do so. 

    *** Info: You appear to be running Windows XP 64bit, Windows 2003 Server, 
    *** Info: or later.  On these systems, it's not possible to use the LocalSystem 
    *** Info: account for services that can change the user id without an 
    *** Info: explicit password (such as passwordless logins [e.g. public key 
    *** Info: authentication] via sshd). 

    *** Info: If you want to enable that functionality, it's required to create 
    *** Info: a new account with special privileges (unless a similar account 
    *** Info: already exists). This account is then used to run these special 
    *** Info: servers. 

    *** Info: Note that creating a new user requires that the current account 
    *** Info: have Administrator privileges itself. 

    *** Info: No privileged account could be found. 

    *** Info: This script plans to use 'cyg_server'. 
    *** Info: 'cyg_server' will only be used by registered services. 
    *** Query: Do you want to use a different name? (yes/no) no 
    *** Query: Create new privileged user account 'cyg_server'? (yes/no) yes 
    *** Info: Please enter a password for new user cyg_server.  Please be sure 
    *** Info: that this password matches the password rules given on your system. 
    *** Info: Entering no password will exit the configuration. 
    *** Query: Please enter the password: 
    *** Query: Reenter: 

    *** Info: User 'cyg_server' has been created with password 'cyg_server'. 
    *** Info: If you change the password, please remember also to change the 
    *** Info: password for the installed services which use (or will soon use) 
    *** Info: the 'cyg_server' account. 

    *** Info: Also keep in mind that the user 'cyg_server' needs read permissions 
    *** Info: on all users' relevant files for the services running as 'cyg_server'. 
    *** Info: In particular, for the sshd server all users' .ssh/authorized_keys 
    *** Info: files must have appropriate permissions to allow public key 
    *** Info: authentication. (Re-)running ssh-user-config for each user will set 
    *** Info: these permissions correctly. [Similar restrictions apply, for 
    *** Info: instance, for .rhosts files if the rshd server is running, etc]. 


    *** Info: The sshd service has been installed under the 'cyg_server' 
    *** Info: account.  To start the service now, call `net start sshd' or 
    *** Info: `cygrunsrv -S sshd'.  Otherwise, it will start automatically 
    *** Info: after the next reboot. 

    *** Info: Host configuration finished. Have fun! 

    上面会提示创建一个用户cyg_server,并提示你输入该用户的密码,我们这里输入和用户名一样的密码cyg_server,后面会用到。 
    请注意cyg_server用户的创建是强制的,没有这个用户即使sshd装好也不行的,后面使用的时候会出现Connection closed的错误,本人就在这里栽了跟头,浪费了好多时间。 

    2.3 好了到服务里看一下,会多出来一个CYGWIN sshd,可以把它设置成手动启动,然后我们启动它。 
     
    注意下图,sshd必须要用cyg_server用户登陆的,换成“本地系统账户”是不行的。本人在这里栽了跟头,浪费了好多时间。 
     

    2.4 系统会在Cygwin的home目录下生成一个和你windows用户名同名的目录,此处假设用户名为Administrator 
    如果home目录下没有和你windows用户名同名的目录的话,尝试删除环境变量HOME再试。 

    3.启动OpenSSH服务的方法 

    A.在command控制台上启动 
    net start sshd 
    net stop sshd 

    B.在Cygwin控制台上启动 
    cygwin --start sshd 
    cygwin --stop sshd 

    4. 配置用户密码(废弃,不建议使用) 

    输入 
    ssh-user-config 

    *** Query: Shall I create a SSH2 DSA identity file for you? (yes/no) yes 
    ** Query: Shall I create a SSH2 ECDSA identity file for you? (yes/no) yes 
    以上2个问题选yes,还有一个ssh1的就不要创建了。 
    注意密码必须4位以上,不然会创建失败。 
    我们输入密码'password',后面会用到。 

    成功的话在cygwinhomeAdministrator.ssh目录下会有如图所示的这些文件。 
     

    5.测试(废弃,不建议使用) 
    在command控制台上用 
    ssh Administrator@127.0.0.1 
    输入密码如果没报错,进去以后再执行ls都没问题的话,说明OpenSSH安装配置成功。 

    注意这里有2种输密码的方法,一种是Enter passphrase for key 'id_dsa',  'id_ecdsa',输入之前的password可以进去 
    还有一种这2个密码直接敲回车,表示不输,然后会提示 
    Administrator@127.0.0.1's password: 
    这里注意要输入之前cyg_server用户的密码,即cyg_server也可以进去 
    不行的话通过passwd Administrator命令自己改密码吧 

    如果还进不去,可以试试防火墙设置里面将22号端口放开,SSH服务默认使用的是22号端口。 

    6.秘钥方式登陆 
    这种方式无需输入密码,可以直接登陆。 

    参考资料 
    http://blog.chinaunix.net/uid-311680-id-2439725.html 

    6.1首先生成公钥和私钥 

    Administrator@PC-201308290023 ~ 
    $ pwd 
    /home/Administrator 

    Administrator@PC-201308290023 ~ 
    $ ssh-keygen -t rsa 
    Generating public/private rsa key pair. 
    Enter file in which to save the key (/home/Administrator/.ssh/id_rsa): 
    Created directory '/home/Administrator/.ssh'. 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/Administrator/.ssh/id_rsa. 
    Your public key has been saved in /home/Administrator/.ssh/id_rsa.pub. 
    The key fingerprint is: 
    0f:95:15:a7:4a:2b:f2:72:d4:e1:bd:f3:9b:c2:79:38 Administrator@PC-201308290023 
    The key's randomart image is: 
    +---[RSA 2048]----+ 
    |            o..  | 
    |           o o   | 
    |          = .    | 
    |         = =     | 
    |      . S = .    | 
    |       + +   .   | 
    |      . o ..oo   | 
    |       o    Eo.. | 
    |             ++. | 
    +-----------------+ 


    6.2 拷贝公钥到服务器 
    我们用之前的要输入密码的方式用scp命令将文件传到服务器上 

    C:UsersAdministrator>scp id_rsa.pub Administrator@localhost:~/.ssh 
    Enter passphrase for key '/home/Administrator/.ssh/id_dsa': 
    setsockopt IPV6_TCLASS 8: Protocol not available: 
    id_rsa.pub                                    100%  411     0.4KB/s   00:00 

    6.3 将公钥的文本信息附加到服务器authorized_keys文件的末尾(用cat命令) 

    C:UsersAdministrator>ssh Administrator@localhost 
    Enter passphrase for key '/home/Administrator/.ssh/id_dsa': 
    setsockopt IPV6_TCLASS 16: Protocol not available: 
    Last login: Mon May  5 21:56:42 2014 from 127.0.0.1 

    Administrator@PC-201308290023 ~ 
    $ cd .ssh 

    Administrator@PC-201308290023 ~/.ssh 
    $ cat id_rsa.pub >> authorized_keys 

    Administrator@PC-201308290023 ~/.ssh 
    $ logout 
    Connection to localhost closed. 

    如果都是在localhost一台机器做实验的话,6.2,6.3也可以简化为 
    Administrator@PC-201308290023 ~ 
    $ cd .ssh 

    Administrator@PC-201308290023 ~/.ssh 
    $ cat id_rsa.pub >> authorized_keys 


    6.4 可以使用密钥登陆服务器了,这样就无需输入密码了。 

    关闭重新登录cygwin,第一次会提示 

    Administrator@PC-201308290023 ~ 
    $ ssh localhost 
    The authenticity of host 'localhost (::1)' can't be established. 
    ECDSA key fingerprint is 2b:91:c2:13:ea:5c:d0:5c:9c:2f:81:b6:62:c2:fc:ee. 
    Are you sure you want to continue connecting (yes/no)? yes 
    Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts. 

    再次关闭重新登录cygwin,以后就不会提示了。 

    Administrator@PC-201308290023 ~ 
    $ ssh localhost 
    Last login: Tue Nov 11 22:35:18 2014 from ::1 

    输入who和who am i确认一下是否成功。 

    Administrator@PC-201308290023 ~ 
    $ who 
    Administrator pty1         2014-11-11 22:35 (::1) 

    Administrator@PC-201308290023 ~ 
    $ who am i 
    Administrator pty1         2014-11-11 22:35 (::1) 


    7.常见错误 
    Connection closed by ::1 
    Error installing a service: CreateService: Win32 error 1057 

    这些错误是我碰到过的,碰到这些错,表示你前面安装步骤有误,比如cyg_server用户没创建,或者是你曾经输入过cygrunsrv -R sshd命令删除过sshd。 
    如果是这样,那就没辙了,卸载cygwin重来吧,至少我还没找到一个好方法,但是卸载重装cygwin是有效的。 

    卸载方法:删除cygwin目录下的所有东东就可以了,当然,你可以保留之前download下来的安装包,节省重新下载的时间。 

    补充:可能将这个文件C:cygwin64etcpasswd里面cyg_server这个用户删掉可以解决。本文没试过,大家如果出这个错可以作为最后一根救命稻草试一下。 
  • 相关阅读:
    搞清楚C#中的值类型(基础类型)和引用类型
    构造动态SQL语句
    Json.net API及常用方法
    泛型代码中的default有何作用
    SQL 中的for xml path()的使用
    fastJosn和JackJson的区别
    箭头函数
    3篇文章初探MVC工作流程
    MVC传递Model之TempData、ViewData、ViewBag区别和用途
    .Net 提交页面,js修改的Label值会丢掉
  • 原文地址:https://www.cnblogs.com/adrianlamo/p/4334717.html
Copyright © 2020-2023  润新知