SSH无密码登入非root用户如何设置

huangxunmin

大家好，由于近期要管理大批机器，我在设置SSH登入的采用公钥无密码登入。但是只有ROOT用户才有效果
客户机A 把id_rsa.pub内容拷贝到服务器主机B /root/.ssh/authorized_keys
这时客户机A  ssh root@B
不用输入密码直接登入
然后我在设置无密码登入test账号
客户机A 把id_rsa.pub内容拷贝到服务器主机B /home/test/.ssh/authorized_keys
这时客户机A  ssh test@B
这时提示还是要输入密码
大家知道我哪里还需要设置吗？

chenyx

你的那个id_rsa.pub是root用户的吧.
普通用户再生成一个自己的,传到B上

loveradmin

我记得有个pubkey  原理就根据这个来实现的！

tanyangxf

回复 1# huangxunmin


    按照这个步骤来吧
要建立用户等效性，请在两个节点上以 oracle 用户身份生成用户的公钥和私钥。打开 rac1 的电源，在这两个节点上执行以下任务。
在 rac1 上执行

rac1-> mkdir ~/.ssh
rac1-> chmod 700 ~/.ssh
rac1-> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/export/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oracle/.ssh/id_rsa.
Your public key has been saved in /export/home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
87:54:4f:92:ba:ed:7b:51:5d:1d:59:5b:f9:44:da:b6 oracle@rac1.mycorpdomain.com
rac1-> ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/export/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oracle/.ssh/id_dsa.
Your public key has been saved in /export/home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
31:76:96:e6:fc:b7:25:04:fd:70:42:04:1f:fc:9a:26 oracle@rac1.mycorpdomain.com       

在 rac2 上执行

rac2-> mkdir ~/.ssh
rac2-> chmod 700 ~/.ssh
rac2-> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/export/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oracle/.ssh/id_rsa.
Your public key has been saved in /export/home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
29:5a:35:ac:0a:03:2c:38:22:3c:95:5d:68:aa:56:66 oracle@rac2.mycorpdomain.com
rac2-> ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/export/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oracle/.ssh/id_dsa.
Your public key has been saved in /export/home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
4c:b2:5a:8d:56:0f:dc:7b:bc:e0:cd:3b:8e:b9:5c:7c oracle@rac2.mycorpdomain.com

在 rac1 上执行

rac1-> cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
rac1-> cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
rac1-> ssh rac2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'rac2 (192.168.2.132)' can't be established.
RSA key fingerprint is 63:d3:52:d4:4d:e2:cb:ac:8d:4a:66:9f:f1:ab:28:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac2,192.168.2.132' (RSA) to the list of known hosts.
oracle@rac2's password:
rac1-> ssh rac2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
oracle@rac2's password:
rac1-> scp ~/.ssh/authorized_keys rac2:~/.ssh/authorized_keys
oracle@rac2's password:
authorized_keys                           100% 1716     1.7KB/s   00:00

在每个节点上测试连接。验证当您再次运行以下命令时，系统是否不提示您输入口令。

licong_jay

多半是权限问题。

.ssh目录的权限和authorized_keys的权限都要看， 权限大了是不行的

.ssh的权限700， authorized_keys的权限600， 就够了，  属主要是登陆用户自己（root是不行的），组无所谓

不管是什么原因， 查/var/log/secure就明白了

huangxunmin

查看/var/log/secure
报Authentication refused: bad ownership or modes for directory /home/test
确实是用户主目录的权限问题造成的
/home/test 之前是777
后来改成755后就正常了
只是感到困惑，权限改小确可以。。。。
总之问题解决了
谢了各位

huangxunmin

回复 5# licong_jay
谢了
根据的你的回复意见
问题已解决

tanyangxf

回复 6# huangxunmin


    恩，这个在别的地方也遇到过，主目录不能是777权限，777信任是配不成功的

achlice

路过 ~~~~~~~~~~