ssh-keygen后,仍提示需要密码
折腾了一个晚上的问题,没解决,网上很多人提问,但没找到正确的解决方法。
今天早上继续,终于解决!
按如下配置:
[oracle@dbrac3 opt]$ mkdir ~/.ssh
[oracle@dbrac3 opt]$ chmod 700 ~/.ssh
[oracle@dbrac3 opt]$ ssh-keygen -t rsa
[oracle@dbrac3 opt]$ ssh-keygen -t dsa
[oracle@dbrac3 opt]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[oracle@dbrac3 opt]$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
[oracle@dbrac3 opt]$ ssh dbrac3 date
[oracle@dbrac3 opt]$ chmod 700 ~/.ssh
[oracle@dbrac3 opt]$ ssh-keygen -t rsa
[oracle@dbrac3 opt]$ ssh-keygen -t dsa
[oracle@dbrac3 opt]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[oracle@dbrac3 opt]$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
[oracle@dbrac3 opt]$ ssh dbrac3 date
oracle@dbrac3's password:
Wed Jul 16 02:25:23 CST 2008
Wed Jul 16 02:25:23 CST 2008
同样的步骤,在另外几台机器上都是正常的,无须提示输入密码。很奇怪,而且,是从同一个vm模板上clone出来的机器,为什么有的可以,有的不可以,很头痛,尝试不同的组合都不行。
用ssh的调试模式:
[oracle@dbrac3 .ssh]$ ssh -v dbrac3 date
...
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
...
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
Unknown code krb5 195
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
Unknown code krb5 195
debug1: Next authentication method: publickey
debug1: Trying private key: /opt/oracle/.ssh/identity
debug1: Offering public key: /opt/oracle/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Offering public key: /opt/oracle/.ssh/id_dsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: password oracle@dbrac3's password:
debug1: Authentication succeeded (password).
...
debug1: Trying private key: /opt/oracle/.ssh/identity
debug1: Offering public key: /opt/oracle/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Offering public key: /opt/oracle/.ssh/id_dsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: password oracle@dbrac3's password:
debug1: Authentication succeeded (password).
...
而在另外一台正常的机器,相关的步骤如下:
[oracle@dbrac1 ~]$ ssh -v dbrac1 date
...
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
...
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
Unknown code krb5 195
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
Unknown code krb5 195
debug1: Next authentication method: publickey
debug1: Trying private key: /opt/oracle/.ssh/identity
debug1: Offering public key: /opt/oracle/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
...
debug1: Trying private key: /opt/oracle/.ssh/identity
debug1: Offering public key: /opt/oracle/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
...
从对比中看不出问题所在。
检查系统的安全日志:
[root@dbrac3 ~]# vi /var/log/secure
Jul 16 02:25:23 dbrac3 sshd[5974]: pam_unix(sshd:session): session opened for user oracle by (uid=0)
Jul 16 02:25:23 dbrac3 sshd[5974]: pam_unix(sshd:session): session closed for user oracle
[root@dbrac3 ~]# tail -f /var/log/secure
Jul 16 02:25:17 dbrac3 sshd[5947]: Authentication refused: bad ownership or modes for directory /opt/oracle
Jul 16 02:25:17 dbrac3 sshd[5947]: Authentication refused: bad ownership or modes for directory /opt/oracle
Jul 16 02:25:23 dbrac3 sshd[5974]: pam_unix(sshd:session): session closed for user oracle
[root@dbrac3 ~]# tail -f /var/log/secure
Jul 16 02:25:17 dbrac3 sshd[5947]: Authentication refused: bad ownership or modes for directory /opt/oracle
Jul 16 02:25:17 dbrac3 sshd[5947]: Authentication refused: bad ownership or modes for directory /opt/oracle
提示用户home目录有问题,继续检查:
[oracle@dbrac3 opt]$ ll
total 316
drwxrwxr-x 20 oracle dba 4096 Jul 16 02:13 oracle
total 316
drwxrwxr-x 20 oracle dba 4096 Jul 16 02:13 oracle
而正常的机器:
[oracle@dbrac1 opt]$ ll
total 324
drwxr-xr-x 8 oracle dba 4096 Jul 12 07:46 oracle
total 324
drwxr-xr-x 8 oracle dba 4096 Jul 12 07:46 oracle
权限不同,虽然觉得好像没什么相关性,但测试修改看看
[oracle@dbrac3 opt]$
chmod 755 /opt/oracle
[oracle@dbrac3 opt]$ ll
total 316
drwxr-xr-x 20 oracle dba 4096 Jul 16 02:13 oracle
[oracle@dbrac3 opt]$ ll
total 316
drwxr-xr-x 20 oracle dba 4096 Jul 16 02:13 oracle
再次执行:
[oracle@dbrac3 opt]$ ssh dbrac3 date
Wed Jul 16 02:28:53 CST 2008
Wed Jul 16 02:28:53 CST 2008
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/12753752/viewspace-1008934/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/12753752/viewspace-1008934/