论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2010-03-30 14:49 |只看该作者 |倒序浏览

本帖最后由 longbow0 于 2010-03-30 14:52 编辑

系统环境是这样：

一台超算，有 8 个结点 ( node1~8 )，和 1 个共享的盘阵。在每个结点上，盘阵都被挂载为 /data。

用户的主目录在盘阵上，为 /data/test。

我的做法是，在 node1 上，运行

$ ssh-keygen -t rsa

复制代码

然后在 .ssh 下，

cat id_rsa.pub >> authorized_keys

复制代码

现在的问题是，无论用 rsa1, rsa, dsa 都无法实现无密码登录其他结点。

在各结点去掉 /etc/ssh/sshd_config 里

# RSAAuthentication yes
# PubkeyAuthentication yes
# AuthorizedKeysFile %h/.ssh/authorized_keys

复制代码

的注释，重启 sshd 也没有用。

请问还应该考虑哪些因素？谢谢！

文库|博客

tanyangxf

小富即安

论坛徽章:: 0

2楼 [报告]

发表于 2010-03-30 15:58 |只看该作者

rac1-> mkdir ~/.ssh
rac1-> chmod 700 ~/.ssh
rac1-> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/export/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oracle/.ssh/id_rsa.
Your public key has been saved in /export/home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
87:54:4f:92:ba:ed:7b:51:5d:1d:59:5b:f9:44:da:b6 oracle@rac1.mycorpdomain.com
rac1-> ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/export/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oracle/.ssh/id_dsa.
Your public key has been saved in /export/home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
31:76:96:e6:fc:b7:25:04:fd:70:42:04:1f:fc:9a:26 oracle@rac1.mycorpdomain.com

在 rac2 上执行

rac2-> mkdir ~/.ssh
rac2-> chmod 700 ~/.ssh
rac2-> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/export/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oracle/.ssh/id_rsa.
Your public key has been saved in /export/home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
29:5a:35:ac:0a:03:2c:38:22:3c:95:5d:68:aa:56:66 oracle@rac2.mycorpdomain.com
rac2-> ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/export/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oracle/.ssh/id_dsa.
Your public key has been saved in /export/home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
4c:b2:5a:8d:56:0f:dc:7b:bc:e0:cd:3b:8e:b9:5c:7c oracle@rac2.mycorpdomain.com

在 rac1 上执行

rac1-> cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
rac1-> cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
rac1-> ssh rac2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'rac2 (192.168.2.132)' can't be established.
RSA key fingerprint is 63:d3:52:d4:4d:e2:cb:ac:8d:4a:66:9f:f1:ab:28:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac2,192.168.2.132' (RSA) to the list of known hosts.
oracle@rac2's password:
rac1-> ssh rac2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
oracle@rac2's password:
rac1-> scp ~/.ssh/authorized_keys rac2:~/.ssh/authorized_keys
oracle@rac2's password:
authorized_keys 100% 1716 1.7KB/s 00:00

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

惠繪洋

小富即安

论坛徽章:: 0

3楼 [报告]

发表于 2010-03-30 16:49 |只看该作者

1/ 在每台client上,使用者用 ssh-keygen -t dsa 做出 public key, 把 public key scp 到 ssh 服務器上. public key 在 ~/.ssh/xxx.pub
2/ 在服務器端上, 把各client 的 public key 加到名為 authorized_keys 上.
3/ 更改 ssh 服務器對 auth 的相關設定, 重啟 ssh 服務器, 完成

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

longbow0

家境小康

论坛徽章:: 0

4楼 [报告]

发表于 2010-03-30 16:52 |只看该作者

本帖最后由 longbow0 于 2010-03-30 16:54 编辑

谢谢楼上。

.ssh 目录的属性是 0700，我也尝试过把 authorized_keys 的属性改成 0644 或 0600，还是不行。

结点和盘阵的示意图如下

/data/test 就是用户 test 的 HOME 目录。

ssh-keygen 产生的文件在 /data/test/.ssh/。