在某些应用中需要ssh免密码登录(比如hadoop环境)
在63机器上
可能遇到的问题:
或者就是懒得输入密码,ssh提供这样的功能
机器环境:
192.168.120.63机器用户userA
192.168.120.65机器用户userB
目标:
63机器的userA可以使用userB免密码登录到65机器
步骤:
1. 在63机器userA账户下执行:
[userA.63]: ssh-keygen -t rsa
ssh-keygen是用来生成,转换管理key的,-t指定key类型
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 密码(忽略)
Enter same passphrase again: 密码again(忽略)
Your identification has been saved in /home/miao/.ssh/id_rsa. 密钥(家目录.ssh目录下)
Your public key has been saved in /home/miao/.ssh/id_rsa.pub. 公钥(家目录.ssh目录下)
2. 将公钥id_rsa.pub添加到65机器/home/userB/.ssh/authorized_keys文件中
scp /home/userA/.ssh/id_rsa.pub userB@192.168.120.65:/home/userB/.ssh/id_rsa_A.pub
登录到65机器userB: 执行
[userB.65]: cat id_rsa_A.pub >> authorized_keys
或者直接使用ssh-copy-id命令完成上述目的在63机器上
[userA.63]:userA: ssh-copy-id userB@192.168.120.65
可能遇到的问题:
1. ssh文件权限问题:
查看系统secure日志可能发现如下问题:
Jul 13 11:25:28 shnap sshd[4150]: Authentication refused: bad ownership or modes for file /home/username/.ssh/authorized_keys
Jul 13 11:25:28 shnap sshd[4150]: Authentication refused: bad ownership or modes for file /home/username/.ssh/authorized_keys
此时将authorized_keys权限修改为600
chmod 600 authorized_keys