故障现象:
[root@localhost .ssh]# ssh heat-admin@192.168.100.100
The authenticity of host '192.168.100.100 (192.168.100.100)' can't be established.
ECDSA key fingerprint is fb:db:01:40:52:4c:da:9d:56:43:52:a5:c0:27:5e:d2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.100' (ECDSA) to the list of known hosts.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/root/.ssh/id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /root/.ssh/id_rsa
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
处理过程:
[root@localhost .ssh]# chmod 700 /root/.ssh/id_rsa
[root@localhost .ssh]# ssh heat-admin@192.168.100.100
Last login: Wed Feb 22 06:45:48 2017 from 192.168.100.205
解决方法:
这里是说密钥文件权限不能为0644,0644权限太开放了,要求你的密钥文件不能被其它用户读取。所以我们现在需要修改一下密钥文件权限。在命令行输入chmod 700 /root/.ssh/id_rsa即可。这里“/root/.ssh/id_rsa”就是warning里给出的密钥文件名,所以你需要换成你的warning信息里给出的秘钥文件名。
格式如下:chmod 权限码 密钥文件名