今天公司做容灾测试的2台LINUX服务器的SSH相互认证出现了问题,重建公密钥老是提示输入密码。
最后发现,可能是由于谁修改了/home/dbra3的权限(没修改前是777,我改后为了700)
[dbra3@hzmc .ssh]$ chmod 700 ~/.ssh
[dbra3@hzmc .ssh]$ /usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/dbra3/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/dbra3/.ssh/id_rsa.
Your public key has been saved in /home/dbra3/.ssh/id_rsa.pub.
The key fingerprint is:
5d:ec:ad:a3:0e:29:4b:2a:f6:67:2e:da:41:09:0e:2c dbra3@hzmc
The key's randomart image is:
+--[ RSA 2048]----+
| |
|. . |
|E.. o |
|.o . . . o . |
| . o S . . . |
| . . . |
| . o o o |
| o..+oo . . . |
| ..++=o .o |
+-----------------+
[dbra3@hzmc .ssh]$ touch ~/.ssh/authorized_keys
[dbra3@hzmc .ssh]$ ssh 172.16.4.28
The authenticity of host '172.16.4.28 (172.16.4.28)' can't be established.
RSA key fingerprint is 4d:51:34:7e:e8:18:58:b2:0f:f9:14:78:7d:da:3e:fb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.4.28' (RSA) to the list of known hosts.
dbra3@172.16.4.28's password:
[dbra3@hzmc ~]$ su - root
Password:
[root@hzmc ~]# cd /home
[root@hzmc home]# ls -l
drwxrwxrwx 5 dbra3 dbra3 4096 Dec 30 2009 dbra3
drwxrwxrwx 2 root root 16384 Sep 22 2009 lost+found
drwxrwxrwx 14 ora10g oinstall 4096 Dec 29 2009 ora10g
drwxrwxrwx 18 oracle oinstall 4096 Dec 16 2009 oracle
[root@hzmc home]# chmod 700 dbra3
[root@hzmc home]#su - dbra3
[dbra3@hzmc]$cd .ssh
[dbra3@hzmc .ssh]$ chmod 644 ~/.ssh/authorized_keys
就这样,ssh相互认证就可以了
最后发现,可能是由于谁修改了/home/dbra3的权限(没修改前是777,我改后为了700)
[dbra3@hzmc .ssh]$ chmod 700 ~/.ssh
[dbra3@hzmc .ssh]$ /usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/dbra3/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/dbra3/.ssh/id_rsa.
Your public key has been saved in /home/dbra3/.ssh/id_rsa.pub.
The key fingerprint is:
5d:ec:ad:a3:0e:29:4b:2a:f6:67:2e:da:41:09:0e:2c dbra3@hzmc
The key's randomart image is:
+--[ RSA 2048]----+
| |
|. . |
|E.. o |
|.o . . . o . |
| . o S . . . |
| . . . |
| . o o o |
| o..+oo . . . |
| ..++=o .o |
+-----------------+
[dbra3@hzmc .ssh]$ touch ~/.ssh/authorized_keys
[dbra3@hzmc .ssh]$ ssh 172.16.4.28
The authenticity of host '172.16.4.28 (172.16.4.28)' can't be established.
RSA key fingerprint is 4d:51:34:7e:e8:18:58:b2:0f:f9:14:78:7d:da:3e:fb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.4.28' (RSA) to the list of known hosts.
dbra3@172.16.4.28's password:
[dbra3@hzmc ~]$ su - root
Password:
[root@hzmc ~]# cd /home
[root@hzmc home]# ls -l
drwxrwxrwx 5 dbra3 dbra3 4096 Dec 30 2009 dbra3
drwxrwxrwx 2 root root 16384 Sep 22 2009 lost+found
drwxrwxrwx 14 ora10g oinstall 4096 Dec 29 2009 ora10g
drwxrwxrwx 18 oracle oinstall 4096 Dec 16 2009 oracle
[root@hzmc home]# chmod 700 dbra3
[root@hzmc home]#su - dbra3
[dbra3@hzmc]$cd .ssh
[dbra3@hzmc .ssh]$ chmod 644 ~/.ssh/authorized_keys
就这样,ssh相互认证就可以了