CentOS系統SSH免密後依然需要輸入密碼(已解決)
阿新 • • 發佈:2018-12-12
1、問題
通過ssh-keygen -t rsa和ssh-copy-id -i node1操作後,免密登入依然需要輸入密碼。
[[email protected] ~]# ssh node1 The authenticity of host 'node1 (192.168.1.160)' can't be established. ECDSA key fingerprint is SHA256:CzXPsWonK4Fxx8mQpRHXL1K8R8eqyQr+Zn95HGS8zQ4. ECDSA key fingerprint is MD5:61:95:b5:57:d3:bb:d0:9d:bf:9c:e1:d4:40:4f:07:d6. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'node1,192.168.1.160' (ECDSA) to the list of known hosts.[email protected]'s password:
2、原因與解決辦法
一般來講失敗的原因有兩個:目錄檔案的許可權和目錄的屬主。 (1)目錄檔案的許可權 .ssh父目錄的許可權是755(我的是/root),.ssh目錄許可權是700,authorized_keys檔案 600
[[email protected] ~]# chmod 755 /root [[email protected] ~]# chmod 700 .ssh [[email protected] ~]# chmod 600 .ssh/authorized_keys
(2)目錄的屬主 如果上面方法還沒有解決問題,那可能是.ssh父目錄的屬主存在問題。
[[email protected] ~]# ls -al .ssh total 12 drwx------ 2 root root 80 Nov 3 10:07 . drwxr-xr-x. 11 hdfs users 4096 Nov 3 09:38 .. -rw------- 1 root root 0 Nov 3 10:06 authorized_keys -rw------- 1 root root 1679 Nov 3 09:38 id_rsa -rw-r--r-- 1 root root 390 Nov 3 09:38 id_rsa.pub -rw-r--r-- 1 root root 0 Nov 3 10:07 known_hosts
這裡發現.ssh父目錄(..)的屬主存在問題。
修改如下
[[email protected] ~]# chown root:root /root [[email protected] ~]# ls -al .ssh total 16 drwx------ 2 root root 80 Nov 3 10:07 . drwxr-xr-x. 11 root root 4096 Nov 3 09:38 .. -rw------- 1 root root 1135 Nov 3 10:11 authorized_keys -rw------- 1 root root 1679 Nov 3 09:38 id_rsa -rw-r--r-- 1 root root 390 Nov 3 09:38 id_rsa.pub -rw-r--r-- 1 root root 0 Nov 3 10:07 known_hosts [[email protected] ~]#
3、驗證
[[email protected] ~]# ssh-copy-id -i node1 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'node1'" and check to make sure that only the key(s) you wanted were added. [[email protected] ~]# ssh node1 Last login: Fri Nov 3 10:04:03 2017 from hadron [[email protected] ~]#