1. 首頁
  2. 問答
  3. 無密碼的SSH工作的一種方式,但不是其他

無密碼的SSH工作的一種方式,但不是其他

2015-09-06 19 views
0

我有3個CentOS虛擬機,並試圖從任何主機設置無密碼的SSH到任何其他主機。 (稱他們爲db01db02dbmgr無密碼的SSH工作的一種方式,但不是其他

我複製到的.ssh的RSA公鑰/ authorized_keys中 即

db01 - > SSH/authorized_keys中已從db02公共密鑰的條目,dbmgr

db02 - > SSH/authorized_keys中具有公共密鑰的條目從db01dbmgr

dbmgr - > SSH/AUTH。 orized_keys具有db01公共密鑰的條目,db02

我已經驗證了整個主機

[[email protected] ~]$ cat .ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsT8zUe4or3VCN8C1k0XVyQ9erpEiXDKORnS9rujBTDw1bFdCDnQLngteu+dbHIeZ2O8vrtH6cJVdqSjhGJjlswnhOdH6IfxIrKDb+Rug4LhxSei6jTxH3gq0vmrPzsoy14J/Q1xxAEbtIyc2J6JmupKf/bmafITnijvFUgZ70xlzVs1cmzAaU6+A/te9Oc+HCvpGzDLLUNSQUq8rRhAm8IFDy3+qHk+h2+BQCMx0uDRKGaxXhqur/1l0nzJNL49gANTF4LYmdqU7Vb07Vm7BbIdKwxgc2njAqOPfhE3iBmAeOmmq715Dhf2OO4DY/OdnDSFDo+MZAscf/tk1ZA0hvw== [email protected] 

[[email protected] ~]$ cat .ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApkPWB3L9LJNyUW/iFKlJGKTSeIviBRrP6lTvmw7wPGMEto5TFvie4vogaGv6euUNLQiM7HdneNCoZjoeMDgOl7od9ZMZpXNslSX/tPZI0Ha55Mx2T5l7ka4t/Uzm/rzYz3GgNmag8o8buKDCfjXzAMJWU7DnkLFf04rFenzQC3twTIfQKXXnnOo5Fka1f6110xEDuHaRZ24Fesp7T67joSECwjTJvPfFXT3EUMCAXmuzBsFc2fXQmPM/MSGvrBY6pj6ntGQ6+R8OR1yS/2sZudmSb2uxsRnKdhue9E20HEE/tiyL6IByY9s70KRsNarB7GGvVPfZvTXu/N8/TkNHaQ== [email protected] 
[[email protected] ~]$ 

[[email protected] ~]$ cat .ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArfc2PvbGmOX638qhFh2h2oZ3ZzP8r177BnclMe22xi+Fe8tj/RGVM5NQStAXulBlwVc2KSWgkAt5+oe7nDoVENWaetapTBaMwJcxiGyJPs7SIrcVOUI4CDaHbXQAM2Bs7EjsGfY7LlFyOCZZWnwEjRMW23wnis6200grleZftrU07Tk05v1rfihlY2pm2dV1mMckoyUOP7gn8MDvLCj6DlFPwcGw6h5siIU0UU0wiSxg8Q3zXdFaXnDXGp3lFic71TzfPidmimu8k2PDZhikz21ypxn1YaDluYJ6Wn+zTgkNFrdV6T7tT27RIzWXAJHT9OMnhpKFa+HTxbTKlecxqw== [email protected] 
[[email protected] ~]$ 


[[email protected] ~]$ cat .ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApkPWB3L9LJNyUW/iFKlJGKTSeIviBRrP6lTvmw7wPGMEto5TFvie4vogaGv6euUNLQiM7HdneNCoZjoeMDgOl7od9ZMZpXNslSX/tPZI0Ha55Mx2T5l7ka4t/Uzm/rzYz3GgNmag8o8buKDCfjXzAMJWU7DnkLFf04rFenzQC3twTIfQKXXnnOo5Fka1f6110xEDuHaRZ24Fesp7T67joSECwjTJvPfFXT3EUMCAXmuzBsFc2fXQmPM/MSGvrBY6pj6ntGQ6+R8OR1yS/2sZudmSb2uxsRnKdhue9E20HEE/tiyL6IByY9s70KRsNarB7GGvVPfZvTXu/N8/TkNHaQ== [email protected] 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArfc2PvbGmOX638qhFh2h2oZ3ZzP8r177BnclMe22xi+Fe8tj/RGVM5NQStAXulBlwVc2KSWgkAt5+oe7nDoVENWaetapTBaMwJcxiGyJPs7SIrcVOUI4CDaHbXQAM2Bs7EjsGfY7LlFyOCZZWnwEjRMW23wnis6200grleZftrU07Tk05v1rfihlY2pm2dV1mMckoyUOP7gn8MDvLCj6DlFPwcGw6h5siIU0UU0wiSxg8Q3zXdFaXnDXGp3lFic71TzfPidmimu8k2PDZhikz21ypxn1YaDluYJ6Wn+zTgkNFrdV6T7tT27RIzWXAJHT9OMnhpKFa+HTxbTKlecxqw== [email protected] 


[[email protected] ~]$ cat .ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsT8zUe4or3VCN8C1k0XVyQ9erpEiXDKORnS9rujBTDw1bFdCDnQLngteu+dbHIeZ2O8vrtH6cJVdqSjhGJjlswnhOdH6IfxIrKDb+Rug4LhxSei6jTxH3gq0vmrPzsoy14J/Q1xxAEbtIyc2J6JmupKf/bmafITnijvFUgZ70xlzVs1cmzAaU6+A/te9Oc+HCvpGzDLLUNSQUq8rRhAm8IFDy3+qHk+h2+BQCMx0uDRKGaxXhqur/1l0nzJNL49gANTF4LYmdqU7Vb07Vm7BbIdKwxgc2njAqOPfhE3iBmAeOmmq715Dhf2OO4DY/OdnDSFDo+MZAscf/tk1ZA0hvw== [email protected] 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArfc2PvbGmOX638qhFh2h2oZ3ZzP8r177BnclMe22xi+Fe8tj/RGVM5NQStAXulBlwVc2KSWgkAt5+oe7nDoVENWaetapTBaMwJcxiGyJPs7SIrcVOUI4CDaHbXQAM2Bs7EjsGfY7LlFyOCZZWnwEjRMW23wnis6200grleZftrU07Tk05v1rfihlY2pm2dV1mMckoyUOP7gn8MDvLCj6DlFPwcGw6h5siIU0UU0wiSxg8Q3zXdFaXnDXGp3lFic71TzfPidmimu8k2PDZhikz21ypxn1YaDluYJ6Wn+zTgkNFrdV6T7tT27RIzWXAJHT9OMnhpKFa+HTxbTKlecxqw== [email protected] 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArfc2PvbGmOX638qhFh2h2oZ3ZzP8r177BnclMe22xi+Fe8tj/RGVM5NQStAXulBlwVc2KSWgkAt5+oe7nDoVENWaetapTBaMwJcxiGyJPs7SIrcVOUI4CDaHbXQAM2Bs7EjsGfY7LlFyOCZZWnwEjRMW23wnis6200grleZftrU07Tk05v1rfihlY2pm2dV1mMckoyUOP7gn8MDvLCj6DlFPwcGw6h5siIU0UU0wiSxg8Q3zXdFaXnDXGp3lFic71TzfPidmimu8k2PDZhikz21ypxn1YaDluYJ6Wn+zTgkNFrdV6T7tT27RIzWXAJHT9OMnhpKFa+HTxbTKlecxqw== [email protected] 



[[email protected] ~]$ cat .ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsT8zUe4or3VCN8C1k0XVyQ9erpEiXDKORnS9rujBTDw1bFdCDnQLngteu+dbHIeZ2O8vrtH6cJVdqSjhGJjlswnhOdH6IfxIrKDb+Rug4LhxSei6jTxH3gq0vmrPzsoy14J/Q1xxAEbtIyc2J6JmupKf/bmafITnijvFUgZ70xlzVs1cmzAaU6+A/te9Oc+HCvpGzDLLUNSQUq8rRhAm8IFDy3+qHk+h2+BQCMx0uDRKGaxXhqur/1l0nzJNL49gANTF4LYmdqU7Vb07Vm7BbIdKwxgc2njAqOPfhE3iBmAeOmmq715Dhf2OO4DY/OdnDSFDo+MZAscf/tk1ZA0hvw== [email protected] 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApkPWB3L9LJNyUW/iFKlJGKTSeIviBRrP6lTvmw7wPGMEto5TFvie4vogaGv6euUNLQiM7HdneNCoZjoeMDgOl7od9ZMZpXNslSX/tPZI0Ha55Mx2T5l7ka4t/Uzm/rzYz3GgNmag8o8buKDCfjXzAMJWU7DnkLFf04rFenzQC3twTIfQKXXnnOo5Fka1f6110xEDuHaRZ24Fesp7T67joSECwjTJvPfFXT3EUMCAXmuzBsFc2fXQmPM/MSGvrBY6pj6ntGQ6+R8OR1yS/2sZudmSb2uxsRnKdhue9E20HEE/tiyL6IByY9s70KRsNarB7GGvVPfZvTXu/N8/TkNHaQ== [email protected]

,我能夠ssh到db01db02和周圍的其他方法的公共密鑰字符串沒有密碼我可以從dbmgr ssh到db01db02沒有密碼。

但試圖ssh到dbmgrdb01db02要求輸入密碼。

我不知道我錯過了什麼。

編輯:解決它,通過查看日誌。日誌表明確實存在許可問題。

14:13:01 localhost sshd[3787]: debug1: userauth-request for user abhyas_mgr service ssh-connection method none 
Sep 6 14:13:01 localhost sshd[3787]: debug1: attempt 0 failures 0 
Sep 6 14:13:01 localhost sshd[3786]: debug1: PAM: initializing for "abhyas_mgr" 
Sep 6 14:13:01 localhost sshd[3786]: debug1: PAM: setting PAM_RHOST to "abhyas.db01" 
Sep 6 14:13:01 localhost sshd[3786]: debug1: PAM: setting PAM_TTY to "ssh" 
Sep 6 14:13:01 localhost sshd[3787]: debug1: userauth-request for user abhyas_mgr service ssh-connection method publickey 
Sep 6 14:13:01 localhost sshd[3787]: debug1: attempt 1 failures 0 
Sep 6 14:13:01 localhost sshd[3787]: debug1: test whether pkalg/pkblob are acceptable 
Sep 6 14:13:01 localhost sshd[3786]: debug1: temporarily_use_uid: 500/500 (e=0/0) 
Sep 6 14:13:01 localhost sshd[3786]: debug1: trying public key file /home/abhyas_mgr/.ssh/authorized_keys 
Sep 6 14:13:01 localhost sshd[3786]: debug1: fd 4 clearing O_NONBLOCK 
Sep 6 14:13:01 localhost sshd[3786]: Authentication refused: bad ownership or modes for file /home/abhyas_mgr/.ssh/authorized_keys 
Sep 6 14:13:01 localhost sshd[3786]: debug1: restore_uid: 0/0 
Sep 6 14:13:01 localhost sshd[3786]: debug1: temporarily_use_uid: 500/500 (e=0/0) 
Sep 6 14:13:01 localhost sshd[3786]: debug1: trying public key file /home/abhyas_mgr/.ssh/authorized_keys2 
Sep 6 14:13:01 localhost sshd[3786]: debug1: Could not open authorized keys '/home/abhyas_mgr/.ssh/authorized_keys2': No such file or directory 
Sep 6 14:13:01 localhost sshd[3786]: debug1: restore_uid: 0/0 
Sep 6 14:13:01 localhost sshd[3786]: Failed publickey for abhyas_mgr from 192.168.102.131 port 54518 ssh2 
^C

來源

2015-09-06 anu

+0

你是否檢查訪問'〜/ .ssh/authorized_keys'的權限? 「sshd」服務器在調試模式下寫入密鑰的是什麼? – Jakuje

+0

我在哪裏檢查sshd輸出,以及如何在調試模式下運行它?對authorized_keys的訪問必須是正確的,否則我也會面臨同樣的問題,在sshing到另一個主機。 – anu

+1

把'LogLevel DEBUG3'放在你的'sshd_config'中,重新啓動'sshd',你應該在日誌文件'/ var/log/secure','/ var/log/messages'中看到日誌。 – Jakuje

回答

3

這通常表示權限問題。確保您的權限設置正確的以下目錄和文件:

  • /家/用戶名/ - 任何權限應該是至少700或750
  • /home/username/.ssh/ - 權限應爲至少500
  • /home/username/.ssh/authorized_keys - 權限應爲至少400

權限可以使用chmod命令來設置。例如:

chmod 500 /home/username/.ssh

正如Luis Colorado在下面指出的,OpenSSH允許的最大權限級別也是如此。如果設置過於鬆散(如777),則無法登錄。有關更多信息,請參閱the OpenSSH faq

來源

2015-09-06 20:46:12 kojow7

+0

爲什麼700或500?爲什麼執行重要的業主?順便說一句,文件夾已經有了,我只是想知道。 – anu

+2

文件夾需要那些文件,否則你將無法在裏面列出文件。你可以在這裏找到許多這樣的問題。 – Jakuje

+0

通常主目錄應該可以被所有者訪問(登錄人員)。執行位允許您輸入目錄並在其中訪問文件。你想要不同的東西嗎? – kojow7

相關問題

 相關問題