服务器操作系统:CentOS 6.6
想为非root用户建立ssh免密码登录,假设该用户名为otheruser。
我执行的步骤为:
1. 在服务器上生成公钥和密钥
[otheruser@localhost ~]# ssh-keygen -t rsa
所有提示均采用默认选项。将生成的.ssh/id_rsa.pub改名字为authorized_keys,查看.ssh和authorized_keys的权限
[otheruser@localhost ~/.ssh]# cpid_rsa.pub authorized_keys
[otheruser@localhost~/.ssh]# ls -al ~drwx------ 2 otheruser otheruser 4096 May 13 06:50 .ssh[otheruser@localhost~/.ssh]# ls -al ~/.sshdrwx------ 2 otheruser otheruser 4096 May 13 06:50.
drwxrwxr--. 4 otheruser otheruser 4096 May 9 07:23..-rw------- 1 otheruser otheruser 412 May 13 06:50authorized_keys-rw------- 1 otheruser otheruser 1675 May 13 06:48id_rsa-rw------- 1 otheruser otheruser 412 May 13 06:48 id_rsa.pub
可以看出~/.ssh的权限是700,~/.ssh/authorized_keys的权限是600,用户和组均为otheruser。
然后将私钥通过scp拷贝到本地机上。
2. 修改/etc/ssh/sshd_config
添加配置:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
AllowUsers otheruser
然后重启sshd服务:
[root@localhost ~]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
经过上面的配置之后,通过ssh登录:
ssh -i id_rsa otheruse@192.168.1.101
却提示错误
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
在服务器上查看/var/log/secure,有以下记录
May 12 07:07:08 localhost sshd[1230]: Connection closed by 192.168.1.1May12 07:07:14 localhost sshd[1231]: Authentication refused: bad ownership or modes for directory /home/otheruser
提示说拥有权限或者模式不对。但是我目前没有想到问题出在哪里,想请教各位有没有解决的方法。感谢啊