ssh 免密码登陆设置不成功
阅读原文时间:2023年07月09日阅读:1

记一次centos6设置免密码登陆设置不成功的解决。自己挖的坑自己填。

ssh 免密码登陆设置( 正常情况下是这样的,设置成功后登陆主机是不需要密码的)

[root@master .ssh]# ssh-keygen -t rsa
# 执行上面的命令直接敲3-4次回车。
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
aa:75:3d:49:f1:8b:63:80:24:77:1a:ad:e8:11:ae:db root@master
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|       .         |
|    o + o .      |
|   . * *   o     |
|    + + S . .    |
|   o . . + o .   |
|  . . o . B .    |
|   o o . . o     |
|  . E            |
+-----------------+
[root@master .ssh]# ssh-copy-id master
The authenticity of host 'master (192.168.181.200)' can't be established.
RSA key fingerprint is 04:f2:c1:15:40:e3:dd:25:77:5d:8a:62:c1:9b:3c:dc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'master,192.168.181.200' (RSA) to the list of known hosts.
root@master's password:
Now try logging into the machine, with "ssh 'master'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[root@master .ssh]# ssh master
Last login: Fri Dec 21 08:45:54 2018 from master

# 当然完整的登陆命令是这样的。
[root@master ~]# ssh root@master
Last login: Fri Dec 21 08:46:18 2018 from master

即使按照上面的操作走完了整个流程,最终登陆其他主机的时候还是需要密码,失败的原因是之前修改了.ssh文件夹的权限。

最近在搭建ambari平台,出现很多问题,以为是获取不到登陆主机的权限 ,所以讲 .ssh 文件夹的权限修改成了 777 , 最后修改为 700,再执行上面的操作,完美实现免密码登陆。

最后要说明的是 .ssh 目录的权限只能是 700 | 755 , 绝对不能是 777.

sshd为了安全,对属主的目录和文件权限有所要求。如果权限不对,则ssh的免密码登陆不生效。

用户目录权限为 755 或者 700,就是不能是77x。

.ssh目录权限一般为755或者700。

rsa_id.pub 及authorized_keys权限一般为644

rsa_id权限必须为600