ssh免密登录失效问题"/>
解决ssh免密登录失效问题
2021-01-17
问题:在将flume上执行生成日志脚本的时候发现101主机无法ssh自身
原因:/root目录权限问题!
总结:不要随意递归修改整个目录的权限!
执行脚本的时候发现免密登录失效
root@hadoop101's password:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0773 for '/root/.ssh/id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/root/.ssh/id_rsa": bad permissions
事实上这里报错说的很清楚但是第一次看到的时候没有理解:
要求你的私钥对其它用户是无法访问的
私钥将被忽略
原因: id_rsa文件默认权限属性是700,当初为了方便操作将/root目录的权限修改为了777
把/root/.ssh权限改回700
# 101,102,103三台主机上
chmod -R 700 /root/.ssh
其它主机的都好了,但是对101的免密登录依旧无效
将101的 /root/.ssh目录删除,然后重新进行免密登录
# 生成秘钥
ssh-keygen -t rsa# 发送秘钥
ssh-copy-id hadoop101
发现此时秘钥无法被发送了!
[root@hadoop101 .ssh]# ssh-copy-id hadoop101
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'hadoop101 (192.168.6.101)' can't be established.
ECDSA key fingerprint is SHA256:yFxIpz1O2qpIw3aP6xS4721Jy2LI6bPIwy9LLX59I64.
ECDSA key fingerprint is MD5:3b:90:f0:5d:9e:33:ee:00:17:5c:e5:5d:58:80:e6:5c.
Are you sure you want to continue connecting (yes/no)?
解决方案,关闭zhu’j检查功能(??)
执行ssh -o StrictHostKeyChecking=no yyy.yyy.yyy.yyy
yyy.yyy.yyy.yyy是本地机器的IP地址
ssh -o StrictHostKeyChecking=no 192.168.6.101
虽然秘钥可以发送了,但是依旧无法远程登录!
尝试重启ssh服务
[root@hadoop101 ~]# systemctl restart sshd
[root@hadoop101 ~]# systemctl status sshd
依然没能解决问题
查看日志
[root@hadoop101 ~]# less /var/log/secure
Jan 17 12:07:29 hadoop101 sshd[123380]: pam_unix(sshd:session): session opened for user ro
ot by (uid=0)Jan 17 12:07:29 hadoop101 sshd[123380]: Received disconnect from 192.168.6.101 port 55024:
11: disconnected by userJan 17 12:07:29 hadoop101 sshd[123380]: Disconnected from 192.168.6.101 port 55024
Jan 17 12:07:29 hadoop101 sshd[123380]: pam_unix(sshd:session): session closed for user ro
otJan 17 12:07:33 hadoop101 sshd[123440]: Authentication refused: bad ownership or modes fordirectory /root Jan 17 12:07:43 hadoop101 sshd[123440]: Accepted password for root from 192.168.6.101 port55052 ssh2Jan 17 12:07:43 hadoop101 sshd[123440]: pam_unix(sshd:session): session opened for user ro
ot by (uid=0)Jan 17 12:07:43 hadoop101 sshd[123440]: Received disconnect from 192.168.6.101 port 55052:
11: disconnected by userJan 17 12:07:43 hadoop101 sshd[123440]: Disconnected from 192.168.6.101 port 55052
Jan 17 12:07:43 hadoop101 sshd[123440]: pam_unix(sshd:session): session closed for user ro
ot
可以看到是/root的权限问题
查找资料得知:SSH不希望home目录和~/.ssh目录对组有写权限
这里将组和其它用户的w权限删除:
[root@hadoop101 ~]# chmod go-w /root
问题解决!
更多推荐
解决ssh免密登录失效问题
发布评论