本来是很通用的命令, 但是就是不工作。
1 问题记录
[root@cdc-cmssim38 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
b0:f1:af:78:2d:3b:6e:55:f7:19:f0:77:b6:78:1d:c4 root@cdc-cmssim38
The key's randomart image is:
+--[ RSA 2048]----+
| . |
| . E |
| o + |
| = . .++|
| . S . ..oO|
| .. . +o|
| o. . |
| .=.. |
| .+++ |
+-----------------+
[root@cdc-cmssim38 ~]#
[root@cdc-cmssim38 ~]#
[root@cdc-cmssim38 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@xx.xx.xx.xx
root@10.245.250.39's password:
Now try logging into the machine, with "ssh 'root@10.245.250.39'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.但是ssh 自动登录不工作, 如果从39 到38 其实是设置成功的。
2 查找问题, 发现有几种可能
1)系统有bug
[root@cdc-cmssim39 ~]# restorecon -R -v ~/
尝试之后发现不能解决。
2)权限问题
比如这里
Make sure the permissions on the ~/.ssh directory and its contents are proper. When I first set up my ssh key auth, I didn't have the ~/.ssh folder properly set up, and it yelled at me.
Your home directory
~, your~/.sshdirectory and the~/.ssh/authorized_keysfile on the remote machine must be writable only by you:rwx------andrwxr-xr-xare fine, butrwxrwx---is no good¹, even if you are the only user in your group (if you prefer numeric modes:700or755, not775).
If~/.sshorauthorized_keysis a symbolic link, the canonical path (with symbolic links expanded) is checked.Your
~/.ssh/authorized_keysfile (on the remote machine) must be readable (at least 400), but you'll need it to be also writable (600) if you will add any more keys to it.Your private key file (on the local machine) must be readable and writable only by you:
rw-------, i.e.600.Also, if SELinux is set to enforcing, you may need to run
restorecon -R -v ~/.ssh(see e.g. Ubuntu bug 965663 and Debian bug report #658675; this is patched in CentOS 6).
其实呢还是不work。
后来找到了log
/var/log/secure:
Dec 1 13:36:10 cdc-cmssim39 sshd[16909]: Authentication refused: bad ownership or modes for directory /root
Dec 1 13:36:15 cdc-cmssim39 sshd[16909]: Accepted password for root from 10.245.250.38 port 50385 ssh2
Dec 1 13:36:15 cdc-cmssim39 sshd[16909]: pam_unix(sshd:session): session opened for user root by (uid=0)解决办法
http://www.howtogeek.com/168156/fixing-authentication-refused-bad-ownership-or-modes-for-directory/
[root@cdc-cmssim39 ~]# chmod go-w ~/
[root@cdc-cmssim39 ~]# chmod 700 ~/.ssh
[root@cdc-cmssim39 ~]# chmod 600 ~/.ssh/authorized_keys现在没有问题了 ^_^
1712
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
