How to setup Keyless SSH with non root users in CentOS

While setting up Hadoop or Spark Cluster, primary objective is always to setup keyless SSH between master and slave machines after you set Static IP and FQDN properly. First of all lets understand why it is required to setup passwordless SSH is required for any distributed cluster.

Why do we need Passwordless SSH for Hadoop and Spark?

Normally distributed architectures like Hadoop and Spark Master/Slave model. Master node starts or stops demon processes on slave and/or secondary nodes using SSH. And it is always preferable to start all demon processes in slaves from master node itself. Now If SSH is not passwordless than you have to login to each individual slave nodes and manage the process manually rather than master node doing it automatically.

Normally there is one more question which bothers to many of us is,

Is Passwordless SSH should ONLY be configured from Master to each slave node or it is required to be between slaves also?

The straight answer to this question is NO. There is not any requirement for passwordless SSH among the slave nodes internally.

Let’s look at the steps for creating new non root users on CentOS first. Here I have used two machines to SSH setup.


Step 1: Create the non-root user using below commands

Step 2: Add the user to wheel group

Step 3: Open /etc/sudoers file using vi and uncomment the following lines

Step 4: Assign permission to base or any other directory

Step 5: Switch user with below command

 Passwordless SSH Setup

Installing SSH and firewall settings

Prior to this setup first we need to check whether SSH is installed on the machine or not using ssh command. If you have installed minimal version of CentOS than SSH might need to be installed separately using below command after logging in with root user.

Before move forward check your firewall settings in <em>/etc/sysconfig/iptables</em> file. Port 22 needs to be filtered in your firewall. If you don’t find any entry with port 22 than add below line to the file and restart service.

Append below line if not found in file.

Restart service iptables service with below command

 Check entries in /etc/hosts file on all machines

Make sure that <em>/etc/hosts</em> file should have entries of all machine needs to be used in cluster setup. Here we are using two machines so my <em>/etc/hosts</em> file on both the machines looks like below

Generate SSH public private keys with ssh-keygen command

Next step is to generate public private key pairs using ssh-keygen command. Here I am generating key pairs using RSA algorithm you can also generate it using DSA algorithm with same steps. Now we’ll login with non root user which we just have created using above steps and generate SSH key pairs.

To check for generated keys by listing files under <em>~/.ssh/</em> directory

Repeat above steps on both of the machines.

Update public entries in “authorized_keys” file with proper file permissions

Now update create new file authorized_keys under <em>~/.ssh/</em> directory and add public keys of both machines in both files.

Add content of file from both the machines

Make sure your files should have proper permissions as mentioned below,

id_rsa => 0600
authorized_keys => 0644
pub => 0644

Run following commands if permissions are not proper

Now it’s time to connect slave machine using below step from your master node.

While connecting for the first time you would get below message, just type yes and you will be connected to slave node without any password.


Congratulations…..!!!!! You have successfully completed the task…..!!!!!

What if still my Keyless SSH is not working properly?

There are certain debugging steps which I have mentioned in my post 4 Debug Steps to check why your Keyless SSH is not working post which will help you to correct your settings.

Even while setting up large cluster in production environment, you should restrict password login to your secondary and slave nodes so that everything should be changes to your slave nodes via your master node and/or backup node.

Leave a Reply

Notify of