記一次centos6設置免密碼登陸設置不成功的解決。自己挖的坑自己填。
ssh 免密碼登陸設置( 正常情況下是這樣的,設置成功后登陸主機是不需要密碼的)
[root@master .ssh]# ssh-keygen -t rsa
# 執行上面的命令直接敲3-4次回車。
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
aa:75:3d:49:f1:8b:63:80:24:77:1a:ad:e8:11:ae:db root@master
The key's randomart image is:
+--[ RSA 2048]----+
| |
| . |
| o + o . |
| . * * o |
| + + S . . |
| o . . + o . |
| . . o . B . |
| o o . . o |
| . E |
+-----------------+
[root@master .ssh]# ssh-copy-id master
The authenticity of host 'master (192.168.181.200)' can't be established.
RSA key fingerprint is 04:f2:c1:15:40:e3:dd:25:77:5d:8a:62:c1:9b:3c:dc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'master,192.168.181.200' (RSA) to the list of known hosts.
root@master's password:
Now try logging into the machine, with "ssh 'master'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@master .ssh]# ssh master
Last login: Fri Dec 21 08:45:54 2018 from master
# 當然完整的登陸命令是這樣的。
[root@master ~]# ssh root@master
Last login: Fri Dec 21 08:46:18 2018 from master
即使按照上面的操作走完了整個流程,最終登陸其他主機的時候還是需要密碼,失敗的原因是之前修改了.ssh文件夾的權限。
最近在搭建ambari平台,出現很多問題,以為是獲取不到登陸主機的權限 ,所以講 .ssh 文件夾的權限修改成了 777 , 最后修改為 700,再執行上面的操作,完美實現免密碼登陸。
最后要說明的是 .ssh 目錄的權限只能是 700 | 755 , 絕對不能是 777.
sshd為了安全,對屬主的目錄和文件權限有所要求。如果權限不對,則ssh的免密碼登陸不生效。
用戶目錄權限為 755 或者 700,就是不能是77x。
.ssh目錄權限一般為755或者700。
rsa_id.pub 及authorized_keys權限一般為644
rsa_id權限必須為600