We want to be able to ssh between all nodes in our cluster.  In order to do this, we need to generate public ssh keys on all nodes and share them with each other.  There are a few ways of doing this but for our 2 node cluster, we will do it manually.  When you get into the 40-100 node cluster situation doing it manually will take too long, in that case, we will use ansible.

As we can see we are unable to ssh from node1 to node2

[cassandra@cass-node-1 ~]$ ssh cass-node-2
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

1. On cass-node-1 generate a key, keep hitting return, no need for a password.

[cassandra@cass-node-1 ~]$ ssh-keygen

Output

Generating public/private rsa key pair.
Enter file in which to save the key (/home/cassandra/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/cassandra/.ssh/id_rsa.
Your public key has been saved in /home/cassandra/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:tzr0XdAk+q3Q0a8cib0/cJMcIN3otbo3glFOYPAe/ME cassandra@cass-node-1
The key's randomart image is:
+---[RSA 2048]----+
|         .. . o  |
|          o+o+.o |
|          .=+Eo .|
|          o =++o |
|        S .++Booo|
|        ...o++*=.|
|       . ..oo+++.|
|        ....oo++ |
|        ..    o.+|
+----[SHA256]-----+

2. Copy the public key to notepad

[cassandra@cass-node-1 ~]$ cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTiR2p2rU5YNk83NiYpOr9FjHS+C3wIFRjE+Aom7/6jjlDnkVfTLck2rBk8EHZ1s2wnMITiuYmp8Rhzs+fuhN3GGLEWX1xfJeSQvL+98ufJPTynxH+j0Vb+MYapgYehM5TaqzSSO6F018/UlUCeQIOIosRax/cTeGCw2rDfouAbOhLnxJb3/YqFW+i+DDdHSTeLNAkWIVzEZVpx+oX+XE+WtVFeIOJTruo1Bfn7aZOI2K6KxDToeib2vPWrJk6mjaG8QT5fF+70AtZtc6y+X2cIlHswMhNqhg0CFPek2GTaGuPidZtivyLc+CRQeVW+rxh6TGKx01TvRIJyhto8uMd cassandra@cass-node-1

Copy this key into a text editor making sure that the text is all one line and there are no return characters anywhere in the key.

3. Now log onto node2 and create a .ssh directory

[cassandra@cass-node-2 ~]$ mkdir -p ~/.ssh 

4. Echo the key from your notepad into a file called authorized_keys in the .ssh folder

echo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTiR2p2rU5YNk83NiYpOr9FjHS+C3wIFRjE+Aom7/6jjlDnkVfTLck2rBk8EHZ1s2wnMITiuYmp8Rhzs+fuhN3GGLEWX1xfJeSQvL+98ufJPTynxH+j0Vb+MYapgYehM5TaqzSSO6F018/UlUCeQIOIosRax/cTeGCw2rDfouAbOhLnxJb3/YqFW+i+DDdHSTeLNAkWIVzEZVpx+oX+XE+WtVFeIOJTruo1Bfn7aZOI2K6KxDToeib2vPWrJk6mjaG8QT5fF+70AtZtc6y+X2cIlHswMhNqhg0CFPek2GTaGuPidZtivyLc+CRQeVW+rxh6TGKx01TvRIJyhto8uMd cassandra@cass-node-1  >> ~/.ssh/authorized_keys

5. On node2 Ensure that the ~/.ssh directory and authorized_keys file have the appropriate permissions set:

[cassandra@cass-node-2 ~]$ chmod -R go= ~/.ssh

 

We can ssh from cass-node-1 to cass-node-2 but not back again.

6. We now need to do the same thing in reverse order. On cass-node-2 run the following

[cassandra@cass-node-2 ~]$ ssh-keygen

7. Output the value of the key

[cassandra@cass-node-2 ~]$ cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxHIu5Eqa83NsG6vqUoNhXE+SRR1FJI82Znq0Ve/FnRi73iDvHoLEQrdr9C8uP6EcORAlAG+W3f+1+Vi2Dji4lA+OKLS9v+fvEx5F44P0AUueigUQTqFHRxjwZQKtf5oYMi37SIFduRVtKv8eufsHF3/IiGcnElf6yUKI1+nrekK1t4O9j7O+1+DvLaHaHVg13fhumuhc7FMwjGC7COlu3n2zxToXPt91oE1kVafZx698x8hxmPYWJneSncEcILEroDIK2jufcEE/bo/zfWmfGjzj3nJoo0mTvt9i2izD9SfeEidTIP+4739EJXP7Mdc5I169XXR7hFQHBmss/E+Q5 cassandra@cass-node-2

8. Now on cass-node-01 do the following echo the key from node02 to authorized_keys

echo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxHIu5Eqa83NsG6vqUoNhXE+SRR1FJI82Znq0Ve/FnRi73iDvHoLEQrdr9C8uP6EcORAlAG+W3f+1+Vi2Dji4lA+OKLS9v+fvEx5F44P0AUueigUQTqFHRxjwZQKtf5oYMi37SIFduRVtKv8eufsHF3/IiGcnElf6yUKI1+nrekK1t4O9j7O+1+DvLaHaHVg13fhumuhc7FMwjGC7COlu3n2zxToXPt91oE1kVafZx698x8hxmPYWJneSncEcILEroDIK2jufcEE/bo/zfWmfGjzj3nJoo0mTvt9i2izD9SfeEidTIP+4739EJXP7Mdc5I169XXR7hFQHBmss/E+Q5 cassandra@cass-node-2 >> ~/.ssh/authorized_keys 

9. On node1 ensure that the ~/.ssh directory and authorized_keys file have the appropriate permissions set:

[cassandra@cass-node-2 ~]$ chmod -R go= ~/.ssh

 

Now we should be able to ssh from both directions.

Conclusion

Now that we have both servers ssh’ing to each other we can now send our software from node1 over to node2.  We will do this in the next post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here