解决ssh-keygen需要密码问题
2016-05-25 10:35
483 查看
折腾了一个晚上的问题,没解决,网上很多人提问,但没找到正确的解决方法。
今天早上继续,终于解决!
按如下配置:
[oracle@dbrac3 opt]$ mkdir ~/.ssh
[oracle@dbrac3 opt]$ chmod 700 ~/.ssh
[oracle@dbrac3 opt]$ ssh-keygen -t rsa
[oracle@dbrac3 opt]$ ssh-keygen -t dsa
[oracle@dbrac3 opt]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[oracle@dbrac3 opt]$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
[oracle@dbrac3 opt]$ ssh dbrac3 date
oracle@dbrac3's password:
Wed Jul 16 02:25:23 CST 2008
同样的步骤,在另外几台机器上都是正常的,无须提示输入密码。很奇怪,而且,是从同一个vm模板上clone出来的机器,为什么有的可以,有的不可以,很头痛,尝试不同的组合都不行。
用ssh的调试模式:
[oracle@dbrac3 .ssh]$ ssh -v dbrac3 date
...
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Next authentication method: publickey
debug1: Trying private key: /opt/oracle/.ssh/identity
debug1: Offering public key: /opt/oracle/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Offering public key: /opt/oracle/.ssh/id_dsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: password
oracle@dbrac3's password:
debug1: Authentication succeeded (password).
...
而在另外一台正常的机器,相关的步骤如下:
[oracle@dbrac1 ~]$ ssh -v dbrac1 date
...
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Next authentication method: publickey
debug1: Trying private key: /opt/oracle/.ssh/identity
debug1: Offering public key: /opt/oracle/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
...
从对比中看不出问题所在。
检查系统的安全日志:
[root@dbrac3 ~]# vi /var/log/secure
Jul 16 02:25:23 dbrac3 sshd[5974]: pam_unix(sshd:session): session opened for user oracle by (uid=0)
Jul 16 02:25:23 dbrac3 sshd[5974]: pam_unix(sshd:session): session closed for user oracle
[root@dbrac3 ~]# tail -f /var/log/secure
Jul 16 02:25:17 dbrac3 sshd[5947]: Authentication refused: bad ownership or modes for directory /opt/oracle
Jul 16 02:25:17 dbrac3 sshd[5947]: Authentication refused: bad ownership or modes for directory /opt/oracle
提示用户home目录有问题,继续检查:
[oracle@dbrac3 opt]$ ll
total 316
drwxrwxr-x 20 oracle dba 4096 Jul 16 02:13 oracle
而正常的机器:
[oracle@dbrac1 opt]$ ll
total 324
drwxr-xr-x 8 oracle dba 4096 Jul 12 07:46 oracle
权限不同,虽然觉得好像没什么相关性,但测试修改看看
[oracle@dbrac3 opt]$ chmod 755 /opt/oracle
[oracle@dbrac3 opt]$ ll
total 316
drwxr-xr-x 20 oracle dba 4096 Jul 16 02:13 oracle
再次执行:
[oracle@dbrac3 opt]$ ssh dbrac3 date
Wed Jul 16 02:28:53 CST 2008
顺利的通过,原来是目录的授权出了问题,但以前这类问题,是授权不够才发生,现在授权多了,也不行,有点和经验相悖!
=========================================================================
ssh-keygen -t rsa
cd ~/.ssh
cat id_rsa.pub >> authorized_keys
ssh hdp2 cat ~/.ssh/authorized_keys >> ./authorized_keys
scp authorized_keys hdp2:~/.ssh/authorized_keys
ssh hdp1 date
ssh hdp2 date
转载自以下链接: http://blog.sina.com.cn/s/blog_538285a70100nvz6.html
今天早上继续,终于解决!
按如下配置:
[oracle@dbrac3 opt]$ mkdir ~/.ssh
[oracle@dbrac3 opt]$ chmod 700 ~/.ssh
[oracle@dbrac3 opt]$ ssh-keygen -t rsa
[oracle@dbrac3 opt]$ ssh-keygen -t dsa
[oracle@dbrac3 opt]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[oracle@dbrac3 opt]$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
[oracle@dbrac3 opt]$ ssh dbrac3 date
oracle@dbrac3's password:
Wed Jul 16 02:25:23 CST 2008
同样的步骤,在另外几台机器上都是正常的,无须提示输入密码。很奇怪,而且,是从同一个vm模板上clone出来的机器,为什么有的可以,有的不可以,很头痛,尝试不同的组合都不行。
用ssh的调试模式:
[oracle@dbrac3 .ssh]$ ssh -v dbrac3 date
...
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Next authentication method: publickey
debug1: Trying private key: /opt/oracle/.ssh/identity
debug1: Offering public key: /opt/oracle/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Offering public key: /opt/oracle/.ssh/id_dsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: password
oracle@dbrac3's password:
debug1: Authentication succeeded (password).
...
而在另外一台正常的机器,相关的步骤如下:
[oracle@dbrac1 ~]$ ssh -v dbrac1 date
...
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Next authentication method: publickey
debug1: Trying private key: /opt/oracle/.ssh/identity
debug1: Offering public key: /opt/oracle/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
...
从对比中看不出问题所在。
检查系统的安全日志:
[root@dbrac3 ~]# vi /var/log/secure
Jul 16 02:25:23 dbrac3 sshd[5974]: pam_unix(sshd:session): session opened for user oracle by (uid=0)
Jul 16 02:25:23 dbrac3 sshd[5974]: pam_unix(sshd:session): session closed for user oracle
[root@dbrac3 ~]# tail -f /var/log/secure
Jul 16 02:25:17 dbrac3 sshd[5947]: Authentication refused: bad ownership or modes for directory /opt/oracle
Jul 16 02:25:17 dbrac3 sshd[5947]: Authentication refused: bad ownership or modes for directory /opt/oracle
提示用户home目录有问题,继续检查:
[oracle@dbrac3 opt]$ ll
total 316
drwxrwxr-x 20 oracle dba 4096 Jul 16 02:13 oracle
而正常的机器:
[oracle@dbrac1 opt]$ ll
total 324
drwxr-xr-x 8 oracle dba 4096 Jul 12 07:46 oracle
权限不同,虽然觉得好像没什么相关性,但测试修改看看
[oracle@dbrac3 opt]$ chmod 755 /opt/oracle
[oracle@dbrac3 opt]$ ll
total 316
drwxr-xr-x 20 oracle dba 4096 Jul 16 02:13 oracle
再次执行:
[oracle@dbrac3 opt]$ ssh dbrac3 date
Wed Jul 16 02:28:53 CST 2008
顺利的通过,原来是目录的授权出了问题,但以前这类问题,是授权不够才发生,现在授权多了,也不行,有点和经验相悖!
=========================================================================
ssh-keygen -t rsa
cd ~/.ssh
cat id_rsa.pub >> authorized_keys
ssh hdp2 cat ~/.ssh/authorized_keys >> ./authorized_keys
scp authorized_keys hdp2:~/.ssh/authorized_keys
ssh hdp1 date
ssh hdp2 date
转载自以下链接: http://blog.sina.com.cn/s/blog_538285a70100nvz6.html
相关文章推荐
- 密钥、证书生成和管理总结
- SSH登录报错REMOTE HOST IDENTIFICATION HAS CHANGED!
- SSH原理与运用(一):远程登录
- git教程(二)--安装和配置git
- 如何使用ssh-keygen生成key
- linux的ssh的免密码登录设置
- ssh-keygen
- 关于ssh-keygen命令的介绍与用法
- 在ubuntu系统上生成SSH密钥,并把对应的公开密钥添加到GitHub账户
- git入门
- RAC--配置SSH
- 几种方法来实现scp拷贝时无需输入密码
- 使用ssh-keygen设置ssh无密码登录
- sshd: Could not load host key
- ssh 无密码登陆 推荐
- ssh-keygen+ssh-copy-id 在linux下实现ssh无密码登录访问
- python脚本 通过rsa private key 生成 publickey
- Linux下用SCP无需输入密码传输文件
- ssh-keygen 中文手册