ssh 免密码登录的设置遇到问题

本来是很通用的命令, 但是就是不工作。

1 问题记录

[root@cdc-cmssim38 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
b0:f1:af:78:2d:3b:6e:55:f7:19:f0:77:b6:78:1d:c4 root@cdc-cmssim38
The key's randomart image is:
+--[ RSA 2048]----+
|              .  |
|             . E |
|      o       +  |
|       =    . .++|
|      . S  . ..oO|
|         ..  . +o|
|         o.   .  |
|       .=..      |
|      .+++       |
+-----------------+
[root@cdc-cmssim38 ~]#
[root@cdc-cmssim38 ~]#
[root@cdc-cmssim38 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
[email protected]'s password:
Now try logging into the machine, with "ssh '[email protected]'", and check in:
  .ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.

但是ssh 自动登录不工作, 如果从39 到38 其实是设置成功的。

2 查找问题, 发现有几种可能

1)系统有bug

[root@cdc-cmssim39 ~]# restorecon -R -v ~/
尝试之后发现不能解决。


2)权限问题

比如这里

Make sure the permissions on the ~/.ssh directory and its contents are proper. When I first set up my ssh key auth, I didn't have the ~/.ssh folder properly set up, and it yelled at me.

  • Your home directory ~, your ~/.ssh directory and the ~/.ssh/authorized_keys file on the remote machine must be writable only by you: rwx------ and rwxr-xr-x are fine, but rwxrwx--- is no good¹, even if you are the only user in your group (if you prefer numeric modes: 700 or 755, not 775).
    If ~/.ssh or authorized_keys is a symbolic link, the canonical path (with symbolic links expanded) is checked.

  • Your ~/.ssh/authorized_keys file (on the remote machine) must be readable (at least 400), but you'll need it to be also writable (600) if you will add any more keys to it.

  • Your private key file (on the local machine) must be readable and writable only by you: rw-------, i.e. 600.

  • Also, if SELinux is set to enforcing, you may need to run restorecon -R -v ~/.ssh (see e.g. Ubuntu bug 965663 and Debian bug report #658675; this is patched in CentOS 6).

其实呢还是不work。 


后来找到了log

/var/log/secure: 

Dec  1 13:36:10 cdc-cmssim39 sshd[16909]: Authentication refused: bad ownership or modes for directory /root
Dec  1 13:36:15 cdc-cmssim39 sshd[16909]: Accepted password for root from 10.245.250.38 port 50385 ssh2
Dec  1 13:36:15 cdc-cmssim39 sshd[16909]: pam_unix(sshd:session): session opened for user root by (uid=0)


解决办法

http://www.howtogeek.com/168156/fixing-authentication-refused-bad-ownership-or-modes-for-directory/


[root@cdc-cmssim39 ~]# chmod go-w ~/
[root@cdc-cmssim39 ~]# chmod 700 ~/.ssh
[root@cdc-cmssim39 ~]# chmod 600 ~/.ssh/authorized_keys

现在没有问题了 ^_^






你可能感兴趣的:(linux,shell)