今天为了配置服务器,使它们能用rsa key 经过ssh相互访问。做了一些简单操作,结果把自己的大半天耗进去了:
1,vi /etc/ssh/sshd_config,修改如下
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
2, ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/webops/.ssh/id_rsa):
Created directory '/home/webops/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
f0:c0:f5:61:9a:e6:a7:21:55:b2:82:49:82:6e:87:5e user1@xxx.yyy.com
3, 把id_rsa.pub 文件内容上传要登录的服务器,并改名
/home/user1/.ssh/authorized_keys
4, 当然要改一下文件权限
chmod 777 /home/user1/.ssh/authorized_keys
5, 回到原来的机器ssh登录
ssh user1@192.168.0.101
悲剧上演了,出现错误:
Permission denied (publickey,gssapi-with-mic).
6, 然后查google,baidu,比对key的内容。。。。。。完败
7, 监控服务器端的日志
tail -f /var/log/secure
看到:
Jun 14 18:47:43 stu101 sshd[6216]: Authentication refused: bad ownership or modes for file /home/user1/.ssh/authorized_keys
字面意思:认证拒绝:文件的拥有方式和模式错误
恩,我都改成777了,怎么还有权限问题呢?权限最大了阿,oh no.权限太大了。终于顿悟了:
chmod -R 744 /home/user1/.ssh/
其实600就够了。大意了,大意了!