Secure Shell (SSH) is a network protocol that is used to securely perform remote logon operations and run commands in insecure networks. After your on-premises machine is connected to the master node of your cluster in SSH mode, you can run Linux commands to monitor the cluster and interact with the cluster. You can also create an SSH tunnel to access the web UIs of open source components by using a web browser. This topic describes how to log on to an E-MapReduce (EMR) cluster by using an SSH key pair or password. You can log on to an EMR cluster from an on-premises machine that runs a Linux or Windows operating system.
Prerequisites
A cluster is created on the EMR on ECS page. For more information, see Create a cluster.
Your on-premises machine is connected to the master node of the cluster. You can turn on Assign Public IP Address during cluster creation to associate an elastic IP address (EIP) with your cluster. You can also assign a fixed public IP address or an EIP address to the master node of your cluster in the Elastic Compute Service (ECS) console after the cluster is created. For more information, see Bind an ENI.
Port 22 is enabled for the security group to which your cluster belongs.
Log on to the master node of the cluster
Log on to the cluster by using an SSH key pair
For information about how to obtain the public IP address of the master node, see How do I obtain the public IP address and the name of the master node?
Use one of the following methods to log on to the cluster:
Log on from your on-premises machine that runs a Linux operating system
In this example, the private key file ecs.pem is used.
Run the following command to modify the attribute of the private key file:
chmod 400 ~/.ssh/ecs.pem
~/.ssh/ecs.pem
is the path where the ecs.pem file is stored on your on-premises machine.Run the following command to connect to the master node:
ssh -i ~/.ssh/ecs.pem emr-user@<Public IP address of the master node>
Use PuTTY to log on from your on-premises machine that runs a Windows operating system
Perform the following steps to log on to the cluster:
Download PuTTY and PuTTYgen.
Convert the format of the private key file from .pem to .ppk.
Run PuTTYgen. In this example, PuTTYgen 0.73 is used.
In the Actions section, click Load to import the private key file that is saved when you create a cluster.
Make sure that the format of the file that you want to import is All files (*.*).
Select the specific .pem file and click Open.
Click Save private key.
In the dialog box that appears, click Yes. Specify a name for the .ppk file and click Save.
Save the .ppk file to your on-premises machine. In this example, kp-123.ppk is used.
Run PuTTY.
In the left-side navigation pane, choose
. Click Browse below Private key file for authentication and select the .ppk file.Click Session. Enter the logon account and the public IP address of the master node in the Host Name (or IP address) field.
The format is emr-user@[Public IP address of the master node], such as emr-user@10.10.**.**.
Click Open.
Use Command Prompt to log on from your on-premises machine that runs a Windows operating system
Open Command Prompt and run the following command to log on to the cluster:
ssh -i <Storage path of the .pem file on your on-premises machine> emr-user@<Public IP address of the master node>
Log on to the cluster by using an SSH password
The username and password used in the following operations are the root user and password you specified when you created a cluster. For information about how to obtain the public IP address of the master node, see How do I obtain the public IP address and the name of the master node?
Procedure:
Log on from your on-premises machine that runs a Linux operating system
Run the following command in the command-line interface (CLI) of your on-premises machine to connect to the master node:
ssh root@[Public IP address of the master node]
Log on from your on-premises machine that runs a Windows operating system
Download and install PuTTY.
Download link: PuTTY.
Start PuTTY.
Configure the parameters required to connect to a Linux instance.
Host Name (or IP address): Specify the fixed public IP address of the instance or the EIP address associated with the instance.
Port: Enter port number 22.
Connection type: Select SSH.
Saved Sessions: optional. Enter a name that helps you identify the session and click Save to save the session. This way, you do not need to enter session information such as the public IP address when you connect to the instance again.
Click Open.
Specify the username and press Enter. The default username is root.
The characters of the password are hidden when you enter the password. After you enter the password, press Enter.
Log on to other nodes of the cluster
Method 1: Password-free logon
You can perform the following operations to log on to a core node or a task node.
DataLake clusters, Dataflow clusters, OLAP clusters, DataServing clusters, or custom clusters
Log on to the master node of the cluster. For more information, see Log on to the master node of the cluster.
On the master node, run the following command to switch to the emr-user user:
su emr-user
Log on to the core node or the task node in password-free mode.
ssh core-1-1
Other clusters
Log on to the master node of the cluster. For more information, see Log on to the master node of the cluster.
On the master node, run the following command to switch to the hadoop user:
su hadoop
Log on to the core node or the task node in password-free mode.
ssh emr-worker-1
Method 2: Connection to an ECS instance
Go to the Nodes tab.
Log on to the EMR console. In the left-side navigation pane, click EMR on ECS.
In the top navigation bar, select the region in which your cluster resides and select a resource group based on your business requirements.
On the EMR on ECS page, find the cluster that you want to scale out and click Nodes in the Actions column.
On the Nodes tab, find the desired node and click the node ID to redirect to the ECS console.
On the Instances page, select the desired instance and click Reset Instance Password. For more information, see Reset the logon password of an instance.
ImportantBy default, no logon password is specified for core and task nodes. If you want to log on to a core or task node by using a password, modify the instance logon password in the ECS console.
Select an appropriate tool to connect to the ECS instance. For more information, see Connection methods.
References
You can create an SSH tunnel to access the web UIs of open source componenets. For more information, see Create an SSH tunnel to access web UIs of open source components.