无心之错 过犹不及 ssh

今天为了配置服务器，使它们能用rsa key 经过ssh相互访问。做了一些简单操作，结果把自己的大半天耗进去了：

1，vi /etc/ssh/sshd_config，修改如下

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys
PasswordAuthentication no

 

2， ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/webops/.ssh/id_rsa):
Created directory '/home/webops/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
f0:c0:f5:61:9a:e6:a7:21:55:b2:82:49:82:6e:87:5e user1@xxx.yyy.com

 

3, 把id_rsa.pub 文件内容上传要登录的服务器，并改名

/home/user1/.ssh/authorized_keys

 

4, 当然要改一下文件权限

chmod 777 /home/user1/.ssh/authorized_keys

 

5, 回到原来的机器ssh登录

ssh user1@192.168.0.101

 

悲剧上演了，出现错误：

Permission denied (publickey,gssapi-with-mic).

 

6， 然后查google，baidu，比对key的内容。。。。。。完败

 

7， 监控服务器端的日志

tail -f /var/log/secure

看到：
Jun 14 18:47:43 stu101 sshd[6216]: Authentication refused: bad ownership or modes for file /home/user1/.ssh/authorized_keys

 

字面意思：认证拒绝：文件的拥有方式和模式错误

 

恩，我都改成777了，怎么还有权限问题呢？权限最大了阿，oh no.权限太大了。终于顿悟了：

chmod -R 744 /home/user1/.ssh/

 

其实600就够了。大意了，大意了！