昨天遇到有同事帮忙看一下信任登录打通的问题,已经把跳板机的公钥加到服务器上了,但是每次登录都要输入密码。
ssh -v看了一下
能成功登录的机器是
debug1: Next authentication method: publickey
debug1: Trying private key: /home/admin/.ssh/identity
debug1: Offering public key: /home/admin/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
不能成功登录的机器是
debug1: Next authentication method: publickey
debug1: Trying private key: /home/admin/.ssh/identity
debug1: Offering public key: /home/admin/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/admin/.ssh/id_dsa
debug1: Next authentication method: password
区别是不能成功登录的服务器没有接受到私钥。查看一下是.ssh整个目录的宿主uid是有问题:
# stat .ssh
File: “.ssh”
Size: 4096 Blocks: 8 IO Block: 4096 目录
Device: ca20h/51744d Inode: 311305 Links: 2
Access: (0755/drwxr-xr-x) Uid: ( 500/ UNKNOWN) Gid: ( 500/ XXX)
Access: 2013-06-15 23:04:15.000000000 +0800
Modify: 2013-04-03 11:24:29.000000000 +0800
Change: 2013-06-15 23:04:15.000000000 +0800
用户的UID其实不是500,但是.ssh的UID却被设置为了500,chown xxx:xxx .ssh -R后解决。