This topic describes how to log on to an E-MapReduce (EMR) cluster by using an SSH key pair or password. You can log on to an EMR cluster from an on-premises machine that runs a Linux or Windows operating system.

Background information

After your on-premises machine is connected to the master node of your cluster in SSH mode, you can run Linux commands to monitor the cluster and interact with the cluster. You can also create an SSH tunnel to view the web UIs of open source components. For more information, see Create an SSH tunnel to access web UIs of open source components.

Prerequisites

  • A cluster is created on the EMR on ECS page. For more information, see Create a cluster.
  • Your on-premises machine is connected to the master node of the cluster. You can turn on Assign Public IP Address during cluster creation to associate an elastic IP address (EIP) with your cluster. You can also assign a fixed public IP address or an EIP address to the master node of your cluster in the ECS console after the cluster is created. For more information, see Bind an ENI.
  • Port 22 is enabled for the security group to which your cluster belongs.

Log on to the master node of the cluster

Log on to the cluster by using an SSH key pair

Note For more information about how to obtain the public IP address of the master node, see How do I obtain the public IP address and the name of the master node?.
Use one of the following methods to log on to the cluster:
  • Log on from your on-premises machine that runs a Linux operating system
    In this example, the private key file ecs.pem is used.
    1. Run the following command to modify the attribute of the private key file: 
      chmod 400 ~/.ssh/ecs.pem

      ~/.ssh/ecs.pem is the path where the ecs.pem file is stored on your on-premises machine.

    2. Run the following command to connect to the master node: 
      ssh -i ~/.ssh/ecs.pem emr-user@<Public IP address of the master node>
  • Use PuTTY to log on from your on-premises machine that runs a Windows operating system
    Perform the following steps to log on to the cluster:
    1. Download PuTTY and PuTTYgen.
    2. Convert the format of the private key file from .pem to .ppk.
      1. Run PuTTYgen. In this example, PuTTYgen 0.73 is used.
      2. In the Actions section, click Load to import the private key file that is saved when you create a cluster.

        Make sure that the format of the file that you want to import is All files (*.*).

      3. Select the specific .pem file and click Open.
      4. Click Save private key.
      5. In the dialog box that appears, click Yes. Specify a name for the .ppk file and click Save.

        Save the .ppk file to your on-premises machine. In this example, kp-123.ppk is used.

    3. Run PuTTY.
    4. In the left-side navigation pane, choose Connection > SSH > Auth. Click Browse below Private key file for authentication and select the .ppk file.
    5. Click Session. Enter the logon account and the public IP address of the master node in the Host Name (or IP address) field.
      The format is emr-user@[Public IP address of the master node], such as emr-user@10.10.**.**. session
    6. Click Open.
  • Use Command Prompt to log on from your on-premises machine that runs a Windows operating system
    Open Command Prompt and run the following command to log on to the cluster: 
    ssh -i <Storage path of the .pem file on your on-premises machine> emr-user@<Public IP address of the master node>

Log on to the cluster by using an SSH password

Note The username and password used in the following operations are the root user and password you specified when you created a cluster. For more information about how to obtain the public IP address of the master node, see How do I obtain the public IP address and the name of the master node?.
Procedure:
  • Log on from your on-premises machine that runs a Linux operating system

    Run the following command in the command-line interface (CLI) of your on-premises machine to connect to the master node: 

    ssh root@[Public IP address of the master node]
  • Log on from your on-premises machine that runs a Windows operating system
    1. Download and install PuTTY.

      Download link: PuTTY.

    2. Start PuTTY.
    3. Configure the parameters required to connect to a Linux instance.
      • Host Name (or IP address): Specify the fixed public IP address of the instance or the EIP address associated with the instance.
      • Port: Enter port number 22.
      • Connection type: Select SSH.
      • Saved Sessions: optional. Enter a name that helps you identify the session and click Save to save the session. This way, you do not need to enter session information such as the public IP address when you connect to the instance again.
    4. Click Open.
    5. Specify the username and press Enter. The default username is root.

      The characters of the password are hidden when you enter the password. After you enter the password, press Enter.

Log on to other nodes of the cluster

Method 1: Password-free logon

The following content describes the procedure for logging on to a core node.

  • DataLake clusters, Dataflow clusters, OLAP clusters, DataServing clusters, or custom clusters
    1. Log on to the master node of the cluster. For more information, see Log on to the master node of the cluster.
    2. On the master node, run the following command to switch to the emr-user user: 
      su emr-user
    3. Log on to the core node in password-free mode. 
      ssh core-1-1
  • Other clusters
    1. Log on to the master node of the cluster. For more information, see Log on to the master node of the cluster.
    2. On the master node, run the following command to switch to the hadoop user: 
      su hadoop
    3. Log on to the core node in password-free mode. 
      ssh emr-worker-1

Method 2: Connection to an ECS instance

  1. Go to the Node Management page.
    1. Log on to the EMR console. In the left-side navigation pane, click EMR on ECS.
    2. In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
    3. On the EMR on ECS page, find the cluster that you want to scale out and click Nodes in the Actions column.
  2. On the Nodes tab, find the destination node and click the ECS instance ID to go to the ECS console.
  3. Select an appropriate tool to connect to the ECS instance. For more information, see Connection methods.

FAQ

How do I obtain the public IP address and the name of the master node?

  1. Go to the Node Management page.
    1. Log on to the EMR console. In the left-side navigation pane, click EMR on ECS.
    2. In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
    3. On the EMR on ECS page, find the cluster that you want to scale out and click Nodes in the Actions column.
  2. On the Nodes tab, find the destination master node group and click the open icon.
    Master IP
    • Public IP Address: You can view the public IP address of the master node in the Public IP Address column.
    • Node Name/ID: You can view the name of the master node in the Node Name/ID column.
      The name format of master nodes varies based on the cluster type.
      • The names of master nodes of DataLake clusters, Dataflow clusters, OLAP clusters, DataServing clusters, or custom clusters are in the master-x-x format, such as master-1-1.
      • The names of master nodes of other types of clusters are in the emr-header-x format, such as emr-header-1.

How do I log on to a cluster from my on-premises machine without using the password?

Perform the following steps:
  1. Open Command Prompt and run the following command to generate a public key: 
    ssh-keygen
    A public key file is generated on your on-premises machine. ssh-key
  2. Add the generated public key to the master node of the cluster to which you want to log on.
    1. Go to the /.ssh directory of the cluster. 
      cd ~/.ssh
    2. Edit the key information of the master node of the cluster. 
      vim authorized_keys
    3. Add the content of the generated public key file id_rsa to the authorized_keys file.
  3. Add the IP address of your on-premises machine to the security group to which the cluster belongs.
    1. Obtain the public IP address of your on-premises machine.

      For security purposes, we recommend that you allow access only from the current public IP address when you configure a security group rule. To obtain your current public IP address, visit http://myip.ipip.net/.

    2. Add a security group rule in which port 22 is enabled.
      For more information about how to add a security group rule, see Add a security group rule. Security group
  4. Run the following command in Command Prompt to log on to the cluster in password-free mode: 
    ssh root@<Public IP address of the master node>