The Purpose of Using SSH in TiDB Deployment

This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: tidb部署用到SSH的用途

| username: TiDBer_eyHUd5pk

[TiDB Usage Environment] Production Environment
[TiDB Version] v6.1.0
[Encountered Problem: Problem Phenomenon and Impact]
TiDB deployment uses SSH communication. What functions does SSH communication serve in the entire TiDB cluster, or what role does SSH play in TiDB? We have established an intranet using network tunnels, and since our security requirements are relatively high, configuring SSH mutual trust is quite risky. Therefore, we want to know what role SSH plays. Besides facilitating TiDB installation, if there are any supporting documents, that would be best.

| username: Jiawei | Original post link

I understand SSH mutual trust:

  1. It facilitates unified management, allowing remote management of the entire cluster from the deployment machine.
  2. It makes it easier to manage configuration files and directory creation, avoiding permission inconsistencies.
  3. It ensures communication between nodes during scaling in or out.
| username: Running | Original post link

It doesn’t matter if there is no mutual trust, use deployment management to input the password.

| username: TiDBer_pkQ5q1l0 | Original post link

There is no need for mutual trust; just specify the username and password during deployment.

| username: tidb菜鸟一只 | Original post link

Use tiup -u tidb -p 123456 without mutual trust, just specify the account and password.

| username: TiDBer_eyHUd5pk | Original post link

There is no need for mutual trust; use a username and password during deployment, which essentially also uses SSH. The main issue is with SSH communication, not mutual trust. Since the policy here does not open the SSH port, it is an SSH issue and has nothing to do with mutual trust.

| username: tidb菜鸟一只 | Original post link

If SSH is not open, deployment will be very difficult because the current TiUP setup is based on SSH, whether for deployment or maintenance. In fact, it should be possible to deploy and maintain TiDB without using TiUP, but it is no longer recommended by the official sources. It’s too troublesome as it requires configuring connection port information between nodes on each individual node, etc.

| username: system | Original post link

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.