ssh 免密碼登陸設定不成功
阿新 • • 發佈:2019-01-07
記一次centos6設定免密碼登陸設定不成功的解決。自己挖的坑自己填。
ssh 免密碼登陸設定( 正常情況下是這樣的,設定成功後登陸主機是不需要密碼的)
[[email protected] .ssh]# ssh-keygen -t rsa
# 執行上面的命令直接敲3-4次回車。
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
aa:75:3d:49:f1:8b:63:80:24:77:1a:ad:e8:11:ae:db [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| |
| . |
| o + o . |
| . * * o |
| + + S . . |
| o . . + o . |
| . . o . B . |
| o o . . o |
| . E |
+-----------------+
[[email protected] .ssh]# ssh-copy-id master
The authenticity of host 'master (192.168.181.200)' can't be established.
RSA key fingerprint is 04:f2:c1:15:40:e3:dd:25:77:5d:8a:62:c1:9b:3c:dc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'master,192.168.181.200' (RSA) to the list of known hosts.
[email protected]'s password:
Now try logging into the machine, with "ssh 'master'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[[email protected] .ssh]# ssh master
Last login: Fri Dec 21 08:45:54 2018 from master
# 當然完整的登陸命令是這樣的。
[ [email protected] ~]# ssh [email protected]
Last login: Fri Dec 21 08:46:18 2018 from master
即使按照上面的操作走完了整個流程,最終登陸其他主機的時候還是需要密碼,失敗的原因是之前修改了.ssh資料夾的許可權。
最近在搭建ambari平臺,出現很多問題,以為是獲取不到登陸主機的許可權 ,所以講 .ssh 資料夾的許可權修改成了 777 , 最後修改為 700,再執行上面的操作,完美實現免密碼登陸。
最後要說明的是 .ssh 目錄的許可權只能是 700 | 755 , 絕對不能是 777.
sshd為了安全,對屬主的目錄和檔案許可權有所要求。如果許可權不對,則ssh的免密碼登陸不生效。
使用者目錄許可權為 755 或者 700,就是不能是77x。
.ssh目錄許可權一般為755或者700。
rsa_id.pub 及authorized_keys許可權一般為644
rsa_id許可權必須為600