免匙SSH登入失敗問題(非常規)
問題描述:
上週給公司搭建大資料平臺,選取三臺機器,安裝配置一切順利。後來發現/home目錄的掛載盤容量不夠用,所以就擴容了,在擴容之前將/home/hadoop資料夾複製到其他地方,擴容後再複製回來,現在問題來了,hadoop資料夾遷移回來後,發現免匙SSH無用了。
問題排查:
1.檢測許可權
chmod 600 ~/.ssh/authorized_keys chmod 700 ~/.ssh/2.debug SSH
通過命令 ssh -vvv master 檢視日誌
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to master [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/hadoop/.ssh/identity type -1
debug1: identity file /home/hadoop/.ssh/identity-cert type -1
debug3: Not a RSA1 key file /home/hadoop/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/hadoop/.ssh/id_rsa type 1
debug1: identity file /home/hadoop/.ssh/id_rsa-cert type -1
debug1: identity file /home/hadoop/.ssh/id_dsa type -1
debug1: identity file /home/hadoop/.ssh/id_dsa-cert type -1
debug1: identity file /home/hadoop/.ssh/id_ecdsa type -1
debug1: identity file /home/hadoop/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 960 bytes for a total of 981
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, [email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected] ,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 1005
debug2: dh_gen_key: priv key bits set: 114/256
debug2: bits set: 512/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 1149
debug3: check_host_in_hostfile: host master filename /home/hadoop/.ssh/known_hosts
debug3: check_host_in_hostfile: host master filename /home/hadoop/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 5
debug1: Host 'master' is known and matches the RSA host key.
debug1: Found key in /home/hadoop/.ssh/known_hosts:5
debug2: bits set: 525/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1165
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1213
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/hadoop/.ssh/identity ((nil))
debug2: key: /home/hadoop/.ssh/id_rsa (0x2ae9888a6330)
debug2: key: /home/hadoop/.ssh/id_dsa ((nil))
debug2: key: /home/hadoop/.ssh/id_ecdsa ((nil))
debug3: Wrote 64 bytes for a total of 1277
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 127.0.0.1.
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_501' not found
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_501' not found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_501' not found
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/hadoop/.ssh/identity
debug3: no such identity: /home/hadoop/.ssh/identity
debug1: Offering public key: /home/hadoop/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1645
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/hadoop/.ssh/id_dsa
debug3: no such identity: /home/hadoop/.ssh/id_dsa
debug1: Trying private key: /home/hadoop/.ssh/id_ecdsa
debug3: no such identity: /home/hadoop/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
3.從日誌資訊並沒有看到是許可權問題,通過比較可以正常免匙的機器發現以下不同:
在這期間我嘗試新建了使用者test,在新建的使用者中配置免匙ssh依然不行,但是發現root使用者的免匙SSH是ok的,現在目標又回到了許可權問題,可是發現許可權都是ok的。
4.在快要放棄的時候搜到了這篇帖子:http://www.linuxidc.com/Linux/2013-07/87267.htm
看了這篇文章後我立刻用ls -laZ檢查了我的.ssh目錄:
[[email protected] ~]$ ls -laZ .ssh
drwx------. hadoop hadoop unconfined_u:object_r:file_t:s0 .
drwxr-xr-x. hadoop hadoop unconfined_u:object_r:file_t:s0 ..
-rw-------. hadoop hadoop unconfined_u:object_r:file_t:s0 authorized_keys
-rw-------. hadoop hadoop unconfined_u:object_r:file_t:s0 id_rsa
-rw-r--r--. hadoop hadoop unconfined_u:object_r:file_t:s0 id_rsa.pub
-rw-r--r--. hadoop hadoop unconfined_u:object_r:file_t:s0 id_rsa.pub.slave1
-rw-r--r--. hadoop hadoop unconfined_u:object_r:file_t:s0 id_rsa.pub.slave2
-rw-r--r--. hadoop hadoop unconfined_u:object_r:file_t:s0 known_hosts
我也是“果然不是ssh_home_t”。
5.解決問題:
切換到root使用者,修復context:
[[email protected] ~]# restorecon -r -vv /home/
[[email protected] ~]$ ls -laZ .ssh
drwx------. hadoop hadoop unconfined_u:object_r:ssh_home_t:s0 .
drwxr-xr-x. hadoop hadoop unconfined_u:object_r:user_home_dir_t:s0..
-rw-------. hadoop hadoop unconfined_u:object_r:ssh_home_t:s0 authorized_keys
-rw-------. hadoop hadoop unconfined_u:object_r:ssh_home_t:s0 id_rsa
-rw-r--r--. hadoop hadoop unconfined_u:object_r:ssh_home_t:s0 id_rsa.pub
-rw-r--r--. hadoop hadoop unconfined_u:object_r:ssh_home_t:s0 id_rsa.pub.slave1
-rw-r--r--. hadoop hadoop unconfined_u:object_r:ssh_home_t:s0 id_rsa.pub.slave2
-rw-r--r--. hadoop hadoop unconfined_u:object_r:ssh_home_t:s0 known_hosts
6.驗證是否解決:
[[email protected] ~]$ ssh master
Last login: Wed May 31 09:01:48 2017 from 10.0.17.19
Starting Nexus OSS...
Started Nexus OSS.
-bash: /etc/profile.d/mystart.sh: line 2: syntax error near unexpected token `&&'
-bash: /etc/profile.d/mystart.sh: line 2: ` && '
[[email protected] ~]$
7.問題總結:
根本原因是我將/home/hadoop目錄做了移動,可是移動回來的時候用的是root使用者,即便我改回了hadoop:hadoop,可是目錄下的資料夾的context變了,而ssh鑑權又非常嚴格必須是ssh_home_t才可以。
相關推薦
免匙SSH登入失敗問題(非常規)
問題描述: 上週給公司搭建大資料平臺,選取三臺機器,安裝配置一切順利。後來發現/home目錄的掛載盤容量不夠用,所以就擴容了,在擴容之前將/home/hadoop資料夾複製到其他地方,擴容後再複製回來,現在問題來了,hadoop資料夾遷移回來後,發現免匙SSH無用了。 問題
配置ssh公鑰後免密碼ssh登入失敗
在公司的伺服器上配置過ssh公鑰,之前一直可以免密碼登入。但是最近登入時,每次都提示要輸入密碼。嘗試了刪除known_hosts,重新把id_rsa.pub新增到伺服器~/.ssh/authorized_keys下也沒有用。 通過檢視系統的登入驗證日誌檔案/v
用ssh遠端登入Linux(ubuntu)
一般流程,如果有問題,按照下面步驟排查一遍即可 檢視ssh是否開啟 service ssh status service ssh start service ssh restart service ssh stop 如果沒有安裝 sudo apt-get install
SQL2008 使用者'sa'登入失敗(錯誤18456)圖文解決方法
SQL2008無法連線到.\SQLEXPRESS,使用者'sa'登入失敗(錯誤18456)圖文解決方法 出現問題 : 標題: 連線到伺服器 ------------------------------ 無法連線到
SQLServer2008R2使用者登入失敗(錯誤18456)解決方法
SQL Server 2008 R2使用者'sa'登入失敗(錯誤18456),如下圖: 解決辦法: 1、首先用身份登入,有如下介面: 2、右鍵例項-- 屬性,選擇【安全性】,選擇身份驗證方式: 3、右鍵例項-- 【重新啟動】
Microsoft SQL Server 2005 使用者'sa'登入失敗(錯誤18456)解決方案圖
使用者'sa'登入失敗(錯誤18456)解決方案圖解 當我們在使用sql server 的時候可能會遇見這樣錯誤提示“無法連線到.,使用者'sa'登入失敗(錯誤18456)”, 如圖: 具體的解決方案: 首先使用管理員身份開啟SQL server ,並且以
sql server 使用者'sa'登入失敗(錯誤18456)
使用者'sa'登入失敗(錯誤18456)解決方案圖解 當我們在使用sql server 的時候可能會遇見這樣錯誤提示“無法連線到.,使用者'sa'登入失敗(錯誤18456)”, 如圖: 具體的解決方案: 首先使用管理員身份開啟SQL server ,並且以windows
SQL2008.sa'登入失敗(錯誤18456)解決方法
標題: 連線到伺服器------------------------------無法連線到 .\SQLEXPRESS。------------------------------其他資訊:使用者 'sa' 登入失敗。 (Microsoft SQL Server,錯誤: 184
Mac使用SSH免密碼連線遠端伺服器(DigitalOcean)
起因 作為Github學生包裡面幾個比較實用的東西,DigitalOcean提供給我們一張50美刀的券,不過需要用PayPal充值5美刀才能啟用,大概就三十塊錢吧。 以前有邀請他人送10美金的活動。但現在優惠提升了!!被邀請者六十天內有100美金的額度可以用,就
交換機登入認證失敗(20121204)—— 僅僅只是禁登了5分鐘的恐慌
今天登入s5720登入N次都失敗,換了幾臺電腦登入也是如此。我以為我的裝置被黑了,各種浮想聯翩。後面經過很久的折騰,發現並非如此。 首先詢問了一個華為售後工程師,他在翻閱了我大量的日誌以及交換機配置後(不容易),認為解決該問題要這樣做 telnet的問題可以調整下tel
SSH深度歷險(六) 深入淺出----- Spring事務配置的五種方式
配置 處理 數據 data easy ont get 添加 由於 這對時間在學習SSH中Spring架構,Spring的事務配置做了具體總結。在此之間對Spring的事務配置僅僅是停留在聽說的階段,總結一下。總體把控。通過這次的學習發覺Spring的事務
SSH學習筆記(二)
via linu inf 一段時間 isp x-window window max tcl 1 # 1. 關於 SSH Server 的整體設定,包含使用的 port 啦,以及使用的密碼演算方式 2 Port 22 # SSH 預設使用 22 這
(轉)解決jdk1.8中發送郵件失敗(handshake_failure)問題
註意 自己 ota target util tom exceptio images ive 解決jdk1.8中發送郵件失敗(handshake_failure)問題 作者 zhisheng_tian 2016.08.12 22:44* 字數 1573 閱讀 2
SSH框架整(12)
Struts2+Spring+HibeStruts2+Spring+Hibernate導包1.1 Struts2導入jar包:* struts2/apps/struts2-blank.war/WEB-INF/lib/*.jar* 導入與spring整合的jar* struts2/lib/struts2-s
MySQL服務本地鏈接成功,遠程失敗(10060)
size bin 我們 mark nbsp blog b2c span csdn 通過CMD命令行修改數據庫表的一個字段的值,實現連接,訪問。 第一步、找到MYSQL軟件安裝所在的bin目錄; (1)cd\當前目錄 (2)指定MYSQL安裝的bin目錄 (3)輸入 -h
登入問題(1)
網站使用者單點登入系統解決方案 1 背景 在網站建設的過程中,多個應用系統一般是在不同的時期開發完成的。各應用系統由於功能側重、設計方法和開發技術有所不同,也就形成了各自獨立的使用者庫和使用者認證體系。
ssh項目(二)_Jquery的ajax應用,什麽是ajax
部分 dag context jsp 最好 其他 分享 學習 結果 本教程是個系列教程,最好先看“https://www.cnblogs.com/daguozb/p/9864770.html”, 若是只是學習ajax不想看其他的,可以參照github中的代碼看,文章中圖下面
網頁登入資料庫(七)
<%@ page language="java" import="java.sql.*" contentType="text/html;charset=utf-8"%> <html> <head>
網頁註冊登入資料庫(六)
<%@ page language="java" import="java.sql.*" contentType="text/html;charset=utf-8"%> <html> <head>
網頁註冊登入資料庫(五)
<%@ page language="java" import="java.util.*" contentType="text/html;charset=utf-8"%> <html> <head> <title>登陸成功&l