centos配置ssh免密码登录后仍要输入密码的解决方法
<p><span><strong>前言</strong></span></p>
<p>
在搭建Linux集群服务的时候,主服务器需要启动从服务器的服务,如果通过手动启动,集群内服务器几台还好,要是像阿里1000台的云梯Hadoop集群的话,轨迹启动一次集群就得几个工程师一两天时间,是不是很恐怖。如果使用免密登录,主服务器就能通过程序执行启动脚步,自动帮我们将从服务器的应用启动。而这一切就是建立在ssh服务的免密码登录之上的。所以要学习集群部署,就必须了解linux的免密码登录。</p>
<p>
<span><strong>第一步:在本机中创建秘钥</strong></span></p>
<p>
1、执行命令:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_832237">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">ssh</code><code class="bash plain">-keygen -t rsa -C </code><code class="bash string">"xx@qq.com"</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
(随便编个字符串,一般用邮箱)</p>
<p>
2、之后一路回车就行啦;会在~(home)目录下中产生.ssh(隐藏)文件夹;</p>
<p>
3、里面有两个文件id_rsa(私钥)、id_rsa.pub(公钥)文件</p>
<p>
<span><strong>注意事项:</strong></span></p>
<p>
①在liunx环境下,要想复制公钥或是私钥,不要使用vim等编辑器打开文件来复制粘贴;</p>
<p>
因为它会产生不必要的回车。</p>
<p>
②应该使用cat把内容打印到终端上再来复制粘贴;</p>
<p>
<span><strong>第二步:用 ssh-copy-id 把公钥复制到远程主机上</strong></span></p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_48488">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">ssh</code><code class="bash plain">-copy-</code><code class="bash functions">id</code> <code class="bash plain">zhangming@192.168.161.132</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
把秘钥拷贝到远程服务器</p>
<p>
用这种方式拷贝使用的端口是Linux默认的22,如果你想指定端口,可以使用:</p>
<p>
ssh-copy-id -i /用户名/.ssh/id_rsa.pub '-p 端口号 用户名@106.75.52.44'</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_407127">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">ssh</code><code class="bash plain">-copy-</code><code class="bash functions">id</code> <code class="bash plain">-i </code><code class="bash plain">/root/</code><code class="bash plain">.</code><code class="bash functions">ssh</code><code class="bash plain">/id_rsa</code><code class="bash plain">.pub </code><code class="bash string">'-p 22222 root@106.75.52.44'</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
这里可能需要等一段时间,反正我是等了挺久的时间,然后显示要你输入密码:</p>
<p>
zhangming@106.75.52.44's password:</p>
<p>
输入完密码后,显示:</p>
<p>
Now try logging into the machine, with "ssh '-p 22222 root@106.75.52.44'", and check in:<br>
.ssh/authorized_keys</p>
<p>
to make sure we haven't added extra keys that you weren't expecting.</p>
<p>
表示成功了!</p>
<p>
<span><strong>第三步: 远程登入</strong></span></p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_152042">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">$ </code><code class="bash functions">ssh</code> <code class="bash plain">zhangming@192.168.161.134</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">Last login: Mon Oct 10 14:18:54 2016 from 192.168.161.135</code>
</div>
<div class="line number3 index2 alt2">
</div>
<div class="line number4 index3 alt1">
<code class="bash functions">ssh</code> <code class="bash plain">zhangming@123.59.44.56 -p 22222</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<span><strong>注意</strong></span></p>
<p>
<strong>遇到的大坑:</strong></p>
<p>
配置ssh免密码登录后,仍提示输入密码</p>
<p>
<strong>解决方法:</strong></p>
<p>
首先我们就要去查看系统的日志文件</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_96842">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">tail</code> <code class="bash plain">/var/log/secure</code> <code class="bash plain">-n 20</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
发现问题的所在:Authentication refused: bad ownership or modes for file</p>
<p>
从字面上可以看出是目录的属主和权限配置不当,查找资料得知:SSH不希望home目录和~/.ssh目录对组有写权限,通过下面几条命令改下</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_152131">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">chmod</code> <code class="bash plain">g-w </code><code class="bash plain">/home/zhangming</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash functions">chmod</code> <code class="bash plain">700 </code><code class="bash plain">/home/zhangming/</code><code class="bash plain">.</code><code class="bash functions">ssh</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash functions">chmod</code> <code class="bash plain">600 </code><code class="bash plain">/home/zhangming/</code><code class="bash plain">.</code><code class="bash functions">ssh</code><code class="bash plain">/authorized_keys</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
然后我们再去登录,就能不用密码进入了。</p>
<p>
有木有很高兴呀!</p>
<p>
<span><strong>总结</strong></span></p>
<p>
以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作能带来一定的帮助,如果有疑问大家可以留言交流,谢谢大家对服务器之家的支持。</p>
<p>
参考:</p>
<p>
原文链接:http://www.cf2z.club/blog/Centos-configure-SSH-password-after-logging-in,free-is-prompted-for-a-password</p>
頁:
[1]