SSH in TiDB Deployment

This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: tidb部署时的ssh

| username: cf_data

[TiDB Usage Environment] Production Environment
[TiDB Version] 7.5.0

Everyone, there’s a problem that’s been bothering me. When deploying a single-node version of TiDB, I usually create a new TiDB user to configure SSH communication (ssh-keygen -t rsa; ssh-copy-id -i ~/.ssh/ I don’t quite understand what this SSH communication is for. Can someone explain it to me? :joy:

| username: tidb菜鸟一只 | Original post link

The default behavior of TiUP scripts is to execute the corresponding scripts via SSH, even if you have only one machine. It does not directly execute the scripts on a single machine.

| username: cf_data | Original post link

I don’t quite understand :sweat_smile:, is there an official explanation?

| username: oceanzhang | Original post link

SSH communication is password-free communication between nodes, meaning that some communications require the SSH protocol to send files and such, so you don’t need to enter a password.

| username: 春风十里 | Original post link

When TiUP executes some operating system commands, it needs to be executed on different machines each time. If there is no SSH passwordless login, it will keep asking you to enter the password, which can be very annoying as you might need to enter the password several to dozens of times during a single deployment. Therefore, configuring SSH passwordless login is very user-friendly, as it doesn’t require you to enter the password, making the process much smoother.

| username: tidb菜鸟一只 | Original post link

If you’ve installed other clusters like Hadoop or used tools like Ansible, you would know that multiple machines are generally accessed through SSH. Otherwise, how would you transfer data to each machine or execute a command on multiple machines simultaneously?

| username: cf_data | Original post link

Thank you, I have rarely set up clusters before, so there is a lot I don’t understand.

| username: kelvin | Original post link

Even a single machine needs to be configured for mutual trust.

| username: zhanggame1 | Original post link

TiUP doesn’t know if you are using a single machine; it follows the process for cluster deployment, requiring SSH to execute commands and SCP to copy files.

| username: 小龙虾爱大龙虾 | Original post link

The machine where the tiup command is executed is called the control machine, and the machines where you deploy TiDB components are other machines. Therefore, you need to SSH over. However, in your environment, the control machine and the machine where the TiDB components are deployed happen to be the same machine, which is why you are experiencing the situation you described.

| username: ShawnYan | Original post link

Actually, it should be called mutual trust. Without it, you would have to enter a password every time you remotely access another machine, which is very inconvenient.

| username: andone | Original post link

No password is required for communication between two machines; a network connection is established directly.

| username: zxgaa | Original post link

Passwordless communication, transferring files or executing commands to other nodes.