openSSH的安装是学习hadoop必不可少的一步,如果ssh装不好,hadoop的安装会进行不下去。本人初学hadoop时发现以前安装ssh走了一些弯路,现在又有了一些认识,所以重写了这篇日志,供其他需要的朋友参考。
本文安装的版本是OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014,已经试验成功。
1. 通过cygwin安装openSSH
cygwin怎么装就不说了,不懂的可以见另一篇博客cygwin安装
如下图添加openssh,openssl组件即可安装。 
2. 配置SSH服务
2.1.[以管理员身份运行]桌面上的Cygwin,必须的,不然没权限创建sshd服务。这点以后运行Cygwin时请作为一个常识铭记在心,后面不再赘述。
2.2 查看ssh版本号
$ ssh -V OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
2.3 输入
ssh-host-config
然后按照提示一步一步来
*** Info: Generating missing SSH host keys
ssh-keygen: generating new host keys: RSA1 RSA DSA ECDSA ED25519
*** Info: Creating default /etc/ssh_config file
*** Info: Creating default /etc/sshd_config file
*** Info: StrictModes is set to ‘yes‘ by default.
*** Info: This is the recommended setting, but it requires that the POSIX
*** Info: permissions of the user‘s home directory, the user‘s .ssh
*** Info: directory, and the user‘s ssh key files are tight so that
*** Info: only the user has write permissions.
*** Info: On the other hand, StrictModes don‘t work well with default
*** Info: Windows permissions of a home directory mounted with the
*** Info: ‘noacl‘ option, and they don‘t work at all if the home
*** Info: directory is on a FAT or FAT32 partition.
*** Query: Should StrictModes be used? (yes/no) no
*** Info: Privilege separation is set to ‘sandbox‘ by default since
*** Info: OpenSSH 6.1. This is unsupported by Cygwin and has to be set
*** Info: to ‘yes‘ or ‘no‘.
*** Info: However, using privilege separation requires a non-privileged account
*** Info: called ‘sshd‘.
*** Info: For more info on privilege separation read /usr/share/doc/openssh/README.privsep.
*** Query: Should privilege separation be used? (yes/no) no
*** Info: Updating /etc/sshd_config file
*** Query: Do you want to install sshd as a service?
*** Query: (Say "no" if it is already installed as a service) (yes/no) yes
*** Query: Enter the value of CYGWIN for the daemon: []
*** Info: On Windows Server 2003, Windows Vista, and above, the
*** Info: SYSTEM account cannot setuid to other users -- a capability
*** Info: sshd requires. You need to have or to create a privileged
*** Info: account. This script will help you do so.
*** Info: You appear to be running Windows XP 64bit, Windows 2003 Server,
*** Info: or later. On these systems, it‘s not possible to use the LocalSystem
*** Info: account for services that can change the user id without an
*** Info: explicit password (such as passwordless logins [e.g. public key
*** Info: authentication] via sshd).
*** Info: If you want to enable that functionality, it‘s required to create
*** Info: a new account with special privileges (unless a similar account
*** Info: already exists). This account is then used to run these special
*** Info: servers.
*** Info: Note that creating a new user requires that the current account
*** Info: have Administrator privileges itself.
*** Info: No privileged account could be found.
*** Info: This script plans to use ‘cyg_server‘.
*** Info: ‘cyg_server‘ will only be used by registered services.
*** Query: Do you want to use a different name? (yes/no) no
*** Query: Create new privileged user account ‘cyg_server‘? (yes/no) yes
*** Info: Please enter a password for new user cyg_server. Please be sure
*** Info: that this password matches the password rules given on your system.
*** Info: Entering no password will exit the configuration.
*** Query: Please enter the password:
*** Query: Reenter:
*** Info: User ‘cyg_server‘ has been created with password ‘cyg_server‘.
*** Info: If you change the password, please remember also to change the
*** Info: password for the installed services which use (or will soon use)
*** Info: the ‘cyg_server‘ account.
*** Info: Also keep in mind that the user ‘cyg_server‘ needs read permissions
*** Info: on all users‘ relevant files for the services running as ‘cyg_server‘.
*** Info: In particular, for the sshd server all users‘ .ssh/authorized_keys
*** Info: files must have appropriate permissions to allow public key
*** Info: authentication. (Re-)running ssh-user-config for each user will set
*** Info: these permissions correctly. [Similar restrictions apply, for
*** Info: instance, for .rhosts files if the rshd server is running, etc].
*** Info: The sshd service has been installed under the ‘cyg_server‘
*** Info: account. To start the service now, call `net start sshd‘ or
*** Info: `cygrunsrv -S sshd‘. Otherwise, it will start automatically
*** Info: after the next reboot.
*** Info: Host configuration finished. Have fun!
上面会提示创建一个用户cyg_server,并提示你输入该用户的密码,我们这里输入和用户名一样的密码cyg_server,后面会用到。
请注意cyg_server用户的创建是强制的,没有这个用户即使sshd装好也不行的,后面使用的时候会出现Connection closed的错误,本人就在这里栽了跟头,浪费了好多时间。
2.3 好了到服务里看一下,会多出来一个CYGWIN sshd,可以把它设置成手动启动,然后我们启动它。 
注意下图,sshd必须要用cyg_server用户登陆的,换成“本地系统账户”是不行的。本人在这里栽了跟头,浪费了好多时间。 
2.4 系统会在Cygwin的home目录下生成一个和你windows用户名同名的目录,此处假设用户名为Administrator
如果home目录下没有和你windows用户名同名的目录的话,尝试删除环境变量HOME再试。
3.启动OpenSSH服务的方法
A.在command控制台上启动
net start sshd
net stop sshd
B.在Cygwin控制台上启动
cygwin --start sshd
cygwin --stop sshd
4. 配置用户密码(废弃,不建议使用)
输入
ssh-user-config
*** Query: Shall I create a SSH2 DSA identity file for you? (yes/no) yes
** Query: Shall I create a SSH2 ECDSA identity file for you? (yes/no) yes
以上2个问题选yes,还有一个ssh1的就不要创建了。
注意密码必须4位以上,不然会创建失败。
我们输入密码‘password‘,后面会用到。
成功的话在cygwin\home\Administrator\.ssh目录下会有如图所示的这些文件。 
5.测试(废弃,不建议使用)
在command控制台上用
ssh [email protected]
输入密码如果没报错,进去以后再执行ls都没问题的话,说明OpenSSH安装配置成功。
注意这里有2种输密码的方法,一种是Enter passphrase for key ‘id_dsa‘, ‘id_ecdsa‘,输入之前的password可以进去
还有一种这2个密码直接敲回车,表示不输,然后会提示
[email protected]‘s password:
这里注意要输入之前cyg_server用户的密码,即cyg_server也可以进去
不行的话通过passwd Administrator命令自己改密码吧
如果还进不去,可以试试防火墙设置里面将22号端口放开,SSH服务默认使用的是22号端口。
6.秘钥方式登陆
这种方式无需输入密码,可以直接登陆。
参考资料
http://blog.chinaunix.net/uid-311680-id-2439725.html
6.1首先生成公钥和私钥
[email protected] ~
$ pwd
/home/Administrator
[email protected] ~
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/Administrator/.ssh/id_rsa):
Created directory ‘/home/Administrator/.ssh‘.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/Administrator/.ssh/id_rsa.
Your public key has been saved in /home/Administrator/.ssh/id_rsa.pub.
The key fingerprint is:
0f:95:15:a7:4a:2b:f2:72:d4:e1:bd:f3:9b:c2:79:38 [email protected]
The key‘s randomart image is:
+---[RSA 2048]----+
| o.. |
| o o |
| = . |
| = = |
| . S = . |
| + + . |
| . o ..oo |
| o Eo.. |
| ++. |
+-----------------+
6.2 拷贝公钥到服务器
我们用之前的要输入密码的方式用scp命令将文件传到服务器上
C:\Users\Administrator>scp id_rsa.pub [email protected]:~/.ssh
Enter passphrase for key ‘/home/Administrator/.ssh/id_dsa‘:
setsockopt IPV6_TCLASS 8: Protocol not available:
id_rsa.pub 100% 411 0.4KB/s 00:00
6.3 将公钥的文本信息附加到服务器authorized_keys文件的末尾(用cat命令)
C:\Users\Administrator>ssh [email protected]
Enter passphrase for key ‘/home/Administrator/.ssh/id_dsa‘:
setsockopt IPV6_TCLASS 16: Protocol not available:
Last login: Mon May 5 21:56:42 2014 from 127.0.0.1
[email protected] ~
$ cd .ssh
[email protected] ~/.ssh
$ cat id_rsa.pub >> authorized_keys
[email protected] ~/.ssh
$ logout
Connection to localhost closed.
如果都是在localhost一台机器做实验的话,6.2,6.3也可以简化为
[email protected] ~
$ cd .ssh
[email protected] ~/.ssh
$ cat id_rsa.pub >> authorized_keys
6.4 可以使用密钥登陆服务器了,这样就无需输入密码了。
关闭重新登录cygwin,第一次会提示
[email protected] ~
$ ssh localhost
The authenticity of host ‘localhost (::1)‘ can‘t be established.
ECDSA key fingerprint is 2b:91:c2:13:ea:5c:d0:5c:9c:2f:81:b6:62:c2:fc:ee.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘localhost‘ (ECDSA) to the list of known hosts.
再次关闭重新登录cygwin,以后就不会提示了。
[email protected] ~
$ ssh localhost
Last login: Tue Nov 11 22:35:18 2014 from ::1
输入who和who am i确认一下是否成功。
[email protected] ~
$ who
Administrator pty1 2014-11-11 22:35 (::1)
[email protected] ~
$ who am i
Administrator pty1 2014-11-11 22:35 (::1)
7.常见错误
Connection closed by ::1
Error installing a service: CreateService: Win32 error 1057
这些错误是我碰到过的,碰到这些错,表示你前面安装步骤有误,比如cyg_server用户没创建,或者是你曾经输入过cygrunsrv -R sshd命令删除过sshd。
如果是这样,那就没辙了,卸载cygwin重来吧,至少我还没找到一个好方法,但是卸载重装cygwin是有效的。
卸载方法:删除cygwin目录下的所有东东就可以了,当然,你可以保留之前download下来的安装包,节省重新下载的时间。
补充:可能将这个文件C:\cygwin64\etc\passwd里面cyg_server这个用户删掉可以解决。本文没试过,大家如果出这个错可以作为最后一根救命稻草试一下。