Log on to a cluster in SSH mode - E-MapReduce - Alibaba Cloud Documentation Center

Secure Shell (SSH) is a network protocol that is used to securely perform remote logon operations and run commands in insecure networks. After your on-premises machine is connected to the master node of your cluster in SSH mode, you can run Linux commands to monitor the cluster and interact with the cluster. You can also create an SSH tunnel to access the web UIs of open source components by using a web browser. This topic describes how to log on to an E-MapReduce (EMR) cluster by using an SSH key pair or password. You can log on to an EMR cluster from an on-premises machine that runs a Linux or Windows operating system.

Prerequisites

A cluster is created on the EMR on ECS page. For more information, see Create a cluster.
Your on-premises machine is connected to the master node of the cluster. You can turn on Assign Public IP Address during cluster creation to associate an elastic IP address (EIP) with your cluster. You can also assign a fixed public IP address or an EIP address to the master node of your cluster in the Elastic Compute Service (ECS) console after the cluster is created. For more information, see Bind an ENI.
Port 22 is enabled for the security group to which your cluster belongs.

Log on to the master node of the cluster

Log on to the cluster by using an SSH key pair

Note

For information about how to obtain the public IP address of the master node, see How do I obtain the public IP address and the name of the master node?

Use one of the following methods to log on to the cluster:

Log on from your on-premises machine that runs a Linux operating system
In this example, the private key file ecs.pem is used.
1. Run the following command to modify the attribute of the private key file:
```
chmod 400 ~/.ssh/ecs.pem
```
  ~/.ssh/ecs.pem is the path where the ecs.pem file is stored on your on-premises machine.
2. Run the following command to connect to the master node:
```
ssh -i ~/.ssh/ecs.pem emr-user@<Public IP address of the master node>
```
Use PuTTY to log on from your on-premises machine that runs a Windows operating system
Perform the following steps to log on to the cluster:
1. Download PuTTY and PuTTYgen.
2. Convert the format of the private key file from .pem to .ppk.
  1. Run PuTTYgen. In this example, PuTTYgen 0.73 is used.
  2. In the Actions section, click Load to import the private key file that is saved when you create a cluster.
    Make sure that the format of the file that you want to import is All files (*.*).
  3. Select the specific .pem file and click Open.
  4. Click Save private key.
  5. In the dialog box that appears, click Yes. Specify a name for the .ppk file and click Save.
    Save the .ppk file to your on-premises machine. In this example, kp-123.ppk is used.
3. Run PuTTY.
4. In the left-side navigation pane, choose Connection > SSH > Auth. Click Browse below Private key file for authentication and select the .ppk file.
5. Click Session. Enter the logon account and the public IP address of the master node in the Host Name (or IP address) field.
  The format is emr-user@[Public IP address of the master node], such as emr-user@10.10.**.**.
6. Click Open.
Use Command Prompt to log on from your on-premises machine that runs a Windows operating system
Open Command Prompt and run the following command to log on to the cluster:
```
ssh -i <Storage path of the .pem file on your on-premises machine> emr-user@<Public IP address of the master node>
```

Log on to the cluster by using an SSH password

Note

The username and password used in the following operations are the root user and password you specified when you created a cluster. For information about how to obtain the public IP address of the master node, see How do I obtain the public IP address and the name of the master node?

Procedure:

Log on from your on-premises machine that runs a Linux operating system
Run the following command in the command-line interface (CLI) of your on-premises machine to connect to the master node:
```
ssh root@[Public IP address of the master node]
```
Log on from your on-premises machine that runs a Windows operating system
1. Download and install PuTTY.
  Download link: PuTTY.
2. Start PuTTY.
3. Configure the parameters required to connect to a Linux instance.
  - Host Name (or IP address): Specify the fixed public IP address of the instance or the EIP address associated with the instance.
  - Port: Enter port number 22.
  - Connection type: Select SSH.
  - Saved Sessions: optional. Enter a name that helps you identify the session and click Save to save the session. This way, you do not need to enter session information such as the public IP address when you connect to the instance again.
4. Click Open.
5. Specify the username and press Enter. The default username is root.
  The characters of the password are hidden when you enter the password. After you enter the password, press Enter.

Log on to other nodes of the cluster

Method 1: Password-free logon

You can perform the following operations to log on to a core node or a task node.

DataLake clusters, Dataflow clusters, OLAP clusters, DataServing clusters, or custom clusters
1. Log on to the master node of the cluster. For more information, see Log on to the master node of the cluster.
2. On the master node, run the following command to switch to the emr-user user:
```
su emr-user
```
3. Log on to the core node or the task node in password-free mode.
```
ssh core-1-1
```
Other clusters
1. Log on to the master node of the cluster. For more information, see Log on to the master node of the cluster.
2. On the master node, run the following command to switch to the hadoop user:
```
su hadoop
```
3. Log on to the core node or the task node in password-free mode.
```
ssh emr-worker-1
```

Method 2: Connection to an ECS instance

Go to the Nodes tab.
1. Log on to the EMR console. In the left-side navigation pane, click EMR on ECS.
2. In the top navigation bar, select the region in which your cluster resides and select a resource group based on your business requirements.
3. On the EMR on ECS page, find the cluster that you want to scale out and click Nodes in the Actions column.
On the Nodes tab, find the desired node and click the node ID to redirect to the ECS console.
On the Instances page, select the desired instance and click Reset Instance Password. For more information, see Reset the logon password of an instance.
Important
By default, no logon password is specified for core and task nodes. If you want to log on to a core or task node by using a password, modify the instance logon password in the ECS console.
Select an appropriate tool to connect to the ECS instance. For more information, see Connection methods.

References

You can create an SSH tunnel to access the web UIs of open source componenets. For more information, see Create an SSH tunnel to access web UIs of open source components.

FAQ

How do I obtain the public IP address and the name of the master node?

Go to the Nodes tab.
1. Log on to the EMR console. In the left-side navigation pane, click EMR on ECS.
2. In the top navigation bar, select the region in which your cluster resides and select a resource group based on your business requirements.
3. On the EMR on ECS page, find the cluster that you want to scale out and click Nodes in the Actions column.
On the Nodes tab, find the desired master node group and click the icon.
- Public IP Address: You can view the public IP address of the master node in the Public IP Address column.
- Node Name/ID: You can view the name of the master node in the Node Name/ID column.
  The name format of master nodes varies based on the cluster type.
  - The names of master nodes of DataLake clusters, Dataflow clusters, OLAP clusters, DataServing clusters, or custom clusters are in the master-x-x format, such as master-1-1.
  - The names of master nodes of other types of clusters are in the emr-header-x format, such as emr-header-1.

How do I log on to a cluster from my on-premises machine without using the password?

Perform the following steps:

Open Command Prompt and run the following command to generate a public key:
```
ssh-keygen
```
A public key file is generated on your on-premises machine.
Add the generated public key to the master node of the cluster to which you want to log on.
1. Go to the /.ssh directory of the cluster.
```
cd ~/.ssh
```
2. Edit the key information of the master node of the cluster.
```
vim authorized_keys
```
3. Add the content of the generated public key file id_rsa to the authorized_keys file.
Add the IP address of your on-premises machine to the security group to which the cluster belongs.
1. Obtain the public IP address of your on-premises machine.
  For security purposes, we recommend that you allow access only from the current public IP address when you configure a security group rule. To obtain your current public IP address, visit http://myip.ipip.net/.
2. Add a security group rule in which port 22 is enabled.
  For more information about how to add a security group rule, see Add a security group rule.
Run the following command in Command Prompt to log on to the cluster in password-free mode:
```
ssh root@<Public IP address of the master node>
```

Can I use the password that I specified when I created a cluster to log on to the nodes of the cluster?

After an EMR cluster is created, you can use the password that you specified when you created the cluster to log on to the master node of the cluster. For information about how to log on to other nodes of the cluster, see Log on to other nodes of the cluster.

How do I reset my password?

To reset the password, perform the following operations in the ECS console:

On the Nodes tab in the EMR console, find the desired node.
Click the ID of the node to redirect to the ECS console.
On the page that appears, click Reset Instance Password.
For more information, see Reset the logon password of an instance.