經過cygwin安裝openSSH

openSSH的安裝是學習hadoop必不可少的一步，若是ssh裝很差，hadoop的安裝會進行不下去。本人初學hadoop時發現之前安裝ssh走了一些彎路，如今又有了一些認識，因此重寫了這篇日誌，供其餘須要的朋友參考。 
本文安裝的版本是OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014，已經試驗成功。 

1. 經過cygwin安裝openSSH 
cygwin怎麼裝就不說了，不懂的能夠見另外一篇博客cygwin安裝 

以下圖添加openssh,openssl組件便可安裝。 
 

2. 配置SSH服務 

2.1.[以管理員身份運行]桌面上的Cygwin，必須的，否則沒權限建立sshd服務。這點之後運行Cygwin時請做爲一個常識銘記在心，後面再也不贅述。 

2.2 查看ssh版本號 

$ ssh -V
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014

2.3 輸入 

ssh-host-config

而後按照提示一步一步來 

*** Info: Generating missing SSH host keys 
ssh-keygen: generating new host keys: RSA1 RSA DSA ECDSA ED25519 
*** Info: Creating default /etc/ssh_config file 
*** Info: Creating default /etc/sshd_config file 

*** Info: StrictModes is set to 'yes' by default. 
*** Info: This is the recommended setting, but it requires that the POSIX 
*** Info: permissions of the user's home directory, the user's .ssh 
*** Info: directory, and the user's ssh key files are tight so that 
*** Info: only the user has write permissions. 
*** Info: On the other hand, StrictModes don't work well with default 
*** Info: Windows permissions of a home directory mounted with the 
*** Info: 'noacl' option, and they don't work at all if the home 
*** Info: directory is on a FAT or FAT32 partition. 
*** Query: Should StrictModes be used? (yes/no) no 

*** Info: Privilege separation is set to 'sandbox' by default since 
*** Info: OpenSSH 6.1.  This is unsupported by Cygwin and has to be set 
*** Info: to 'yes' or 'no'. 
*** Info: However, using privilege separation requires a non-privileged account 
*** Info: called 'sshd'. 
*** Info: For more info on privilege separation read /usr/share/doc/openssh/README.privsep. 
*** Query: Should privilege separation be used? (yes/no) no 
*** Info: Updating /etc/sshd_config file 

*** Query: Do you want to install sshd as a service? 
*** Query: (Say "no" if it is already installed as a service) (yes/no) yes 
*** Query: Enter the value of CYGWIN for the daemon: [] 
*** Info: On Windows Server 2003, Windows Vista, and above, the 
*** Info: SYSTEM account cannot setuid to other users -- a capability 
*** Info: sshd requires.  You need to have or to create a privileged 
*** Info: account.  This script will help you do so. 

*** Info: You appear to be running Windows XP 64bit, Windows 2003 Server, 
*** Info: or later.  On these systems, it's not possible to use the LocalSystem 
*** Info: account for services that can change the user id without an 
*** Info: explicit password (such as passwordless logins [e.g. public key 
*** Info: authentication] via sshd). 

*** Info: If you want to enable that functionality, it's required to create 
*** Info: a new account with special privileges (unless a similar account 
*** Info: already exists). This account is then used to run these special 
*** Info: servers. 

*** Info: Note that creating a new user requires that the current account 
*** Info: have Administrator privileges itself. 

*** Info: No privileged account could be found. 

*** Info: This script plans to use 'cyg_server'. 
*** Info: 'cyg_server' will only be used by registered services. 
*** Query: Do you want to use a different name? (yes/no) no 
*** Query: Create new privileged user account 'cyg_server'? (yes/no) yes 
*** Info: Please enter a password for new user cyg_server.  Please be sure 
*** Info: that this password matches the password rules given on your system. 
*** Info: Entering no password will exit the configuration. 
*** Query: Please enter the password: 
*** Query: Reenter: 

*** Info: User 'cyg_server' has been created with password 'cyg_server'. 
*** Info: If you change the password, please remember also to change the 
*** Info: password for the installed services which use (or will soon use) 
*** Info: the 'cyg_server' account. 

*** Info: Also keep in mind that the user 'cyg_server' needs read permissions 
*** Info: on all users' relevant files for the services running as 'cyg_server'. 
*** Info: In particular, for the sshd server all users' .ssh/authorized_keys 
*** Info: files must have appropriate permissions to allow public key 
*** Info: authentication. (Re-)running ssh-user-config for each user will set 
*** Info: these permissions correctly. [Similar restrictions apply, for 
*** Info: instance, for .rhosts files if the rshd server is running, etc]. 


*** Info: The sshd service has been installed under the 'cyg_server' 
*** Info: account.  To start the service now, call `net start sshd' or 
*** Info: `cygrunsrv -S sshd'.  Otherwise, it will start automatically 
*** Info: after the next reboot. 

*** Info: Host configuration finished. Have fun! 

上面會提示建立一個用戶cyg_server,並提示你輸入該用戶的密碼，咱們這裏輸入和用戶名同樣的密碼cyg_server，後面會用到。 
請注意cyg_server用戶的建立是強制的，沒有這個用戶即便sshd裝好也不行的，後面使用的時候會出現Connection closed的錯誤，本人就在這裏栽了跟頭，浪費了好多時間。 

2.3 好了到服務裏看一下，會多出來一個CYGWIN sshd，能夠把它設置成手動啓動，而後咱們啓動它。 
 
注意下圖，sshd必需要用cyg_server用戶登錄的，換成「本地系統帳戶」是不行的。本人在這裏栽了跟頭，浪費了好多時間。 
 

2.4 系統會在Cygwin的home目錄下生成一個和你windows用戶名同名的目錄，此處假設用戶名爲Administrator 
若是home目錄下沒有和你windows用戶名同名的目錄的話，嘗試刪除環境變量HOME再試。 

3．啓動OpenSSH服務的方法 

A．在command控制檯上啓動 
net start sshd 
net stop sshd 

B．在Cygwin控制檯上啓動 
cygwin --start sshd 
cygwin --stop sshd 

4. 配置用戶密碼（廢棄，不建議使用） 

輸入 
ssh-user-config 

*** Query: Shall I create a SSH2 DSA identity file for you? (yes/no) yes 
** Query: Shall I create a SSH2 ECDSA identity file for you? (yes/no) yes 
以上2個問題選yes，還有一個ssh1的就不要建立了。 
注意密碼必須4位以上，否則會建立失敗。 
咱們輸入密碼'password'，後面會用到。 

成功的話在cygwin\home\Administrator\.ssh目錄下會有如圖所示的這些文件。 
 

5.測試（廢棄，不建議使用） 
在command控制檯上用 
ssh Administrator@127.0.0.1 
輸入密碼若是沒報錯，進去之後再執行ls都沒問題的話，說明OpenSSH安裝配置成功。 

注意這裏有2種輸密碼的方法，一種是Enter passphrase for key 'id_dsa',  'id_ecdsa',輸入以前的password能夠進去 
還有一種這2個密碼直接敲回車，表示不輸，而後會提示 
Administrator@127.0.0.1's password: 
這裏注意要輸入以前cyg_server用戶的密碼，即cyg_server也能夠進去 
不行的話經過passwd Administrator命令本身改密碼吧 

若是還進不去，能夠試試防火牆設置裏面將22號端口放開，SSH服務默認使用的是22號端口。 

6.祕鑰方式登錄 
這種方式無需輸入密碼，能夠直接登錄。 

參考資料 
http://blog.chinaunix.net/uid-311680-id-2439725.html 

6.1首先生成公鑰和私鑰 

Administrator@PC-201308290023 ~ 
$ pwd 
/home/Administrator 

Administrator@PC-201308290023 ~ 
$ ssh-keygen -t rsa 
Generating public/private rsa key pair. 
Enter file in which to save the key (/home/Administrator/.ssh/id_rsa): 
Created directory '/home/Administrator/.ssh'. 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/Administrator/.ssh/id_rsa. 
Your public key has been saved in /home/Administrator/.ssh/id_rsa.pub. 
The key fingerprint is: 
0f:95:15:a7:4a:2b:f2:72:d4:e1:bd:f3:9b:c2:79:38 Administrator@PC-201308290023 
The key's randomart image is: 
+---[RSA 2048]----+ 
|            o..  | 
|           o o   | 
|          = .    | 
|         = =     | 
|      . S = .    | 
|       + +   .   | 
|      . o ..oo   | 
|       o    Eo.. | 
|             ++. | 
+-----------------+ 


6.2 拷貝公鑰到服務器 
咱們用以前的要輸入密碼的方式用scp命令將文件傳到服務器上 

C:\Users\Administrator>scp id_rsa.pub Administrator@localhost:~/.ssh 
Enter passphrase for key '/home/Administrator/.ssh/id_dsa': 
setsockopt IPV6_TCLASS 8: Protocol not available: 
id_rsa.pub                                    100%  411     0.4KB/s   00:00 

6.3 將公鑰的文本信息附加到服務器authorized_keys文件的末尾（用cat命令） 

C:\Users\Administrator>ssh Administrator@localhost 
Enter passphrase for key '/home/Administrator/.ssh/id_dsa': 
setsockopt IPV6_TCLASS 16: Protocol not available: 
Last login: Mon May  5 21:56:42 2014 from 127.0.0.1 

Administrator@PC-201308290023 ~ 
$ cd .ssh 

Administrator@PC-201308290023 ~/.ssh 
$ cat id_rsa.pub >> authorized_keys 

Administrator@PC-201308290023 ~/.ssh 
$ logout 
Connection to localhost closed. 

若是都是在localhost一臺機器作實驗的話，6.2,6.3也能夠簡化爲 
Administrator@PC-201308290023 ~ 
$ cd .ssh 

Administrator@PC-201308290023 ~/.ssh 
$ cat id_rsa.pub >> authorized_keys 


6.4 可使用密鑰登錄服務器了，這樣就無需輸入密碼了。 

關閉從新登陸cygwin，第一次會提示 

Administrator@PC-201308290023 ~ 
$ ssh localhost 
The authenticity of host 'localhost (::1)' can't be established. 
ECDSA key fingerprint is 2b:91:c2:13:ea:5c:d0:5c:9c:2f:81:b6:62:c2:fc:ee. 
Are you sure you want to continue connecting (yes/no)? yes 
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts. 

再次關閉從新登陸cygwin，之後就不會提示了。 

Administrator@PC-201308290023 ~ 
$ ssh localhost 
Last login: Tue Nov 11 22:35:18 2014 from ::1 

輸入who和who am i確認一下是否成功。 

Administrator@PC-201308290023 ~ 
$ who 
Administrator pty1         2014-11-11 22:35 (::1) 

Administrator@PC-201308290023 ~ 
$ who am i 
Administrator pty1         2014-11-11 22:35 (::1) 


7.常見錯誤 
Connection closed by ::1 
Error installing a service: CreateService: Win32 error 1057 

這些錯誤是我碰到過的，碰到這些錯，表示你前面安裝步驟有誤，好比cyg_server用戶沒建立，或者是你曾經輸入過cygrunsrv -R sshd命令刪除過sshd。 
若是是這樣，那就沒轍了，卸載cygwin重來吧，至少我還沒找到一個好方法，可是卸載重裝cygwin是有效的。 

卸載方法：刪除cygwin目錄下的全部東東就能夠了，固然，你能夠保留以前download下來的安裝包，節省從新下載的時間。 

補充：可能將這個文件C:\cygwin64\etc\passwd裏面cyg_server這個用戶刪掉能夠解決。本文沒試過，你們若是出這個錯能夠做爲最後一根救命稻草試一下。