故障起因
想通过mo1创建秘钥,把公钥传到backup服务器上。从而实现免密管理backup服务器的作用
具体操作如下
[root@m01 ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
/root/.ssh/id_dsa already exists.
Overwrite (y/n)?
[root@m01 ~]# ssh-copy-id -i .ssh/id_dsa.pub 172.16.1.41
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_dsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.1.41's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '172.16.1.41'"
and check to make sure that only the key(s) you wanted were added.
故障:通过ssh执行命令不能实现免密
[root@m01 ~]# ssh 172.16.1.41 hostname
root@172.16.1.41's password:
backup
排查过程
1.检查了一下backup服务器,公钥已经传过来了。
[root@backup ~]# ll .ssh/
total 4
-rw------- 1 root root 598 May 27 19:28 authorized_keys
2.通过相同的方法向web01传递公钥后可以实现免密
[root@m01 ~]# ssh 172.16.1.7 hostname
web01
可以确定问题出现在backup这边
3.检查了root家目录的权限。发现不对
[root@backup ~]# ll -d /root
dr-xr-x---. 4 rsync rsync 262 May 27 19:03 /root
突然想起是当初搭建rsync服务时留的故障
4.家目录修改为root后可以免密了
[root@m01 ~]# ssh 172.16.1.41 hostname
backup