aix 下公钥和私钥配置失败。已经尝试了N次了 苦就一个字

dnavy

最近要做一个数据的export/scp/load/，从一台server利用Crontab执行export/scp/load/,手动是可以  只是需要输入很多次password， 可是通过crontab就不行，后来发现需要设置公钥和私钥，俺尝试了好几次，都没有成功，还是提示需要输入密码，我也检查了文件的权限，属性，都没有问题。现在只好来找配置文件sshd_config的问题了 请各位帮忙看看问题出在什么地方？aix的版本都是AIX  3 5，

1. # #       $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
   
2. 
   
3. # This is the sshd server system-wide configuration file.  See
   
4. # sshd_config(5) for more information.
   
5. 
   
6. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
   
7. 
   
8. # The strategy used for options in the default sshd_config shipped with
   
9. # OpenSSH is to specify options with their default value where
   
10. # possible, but leave them commented.  Uncommented options change a
    
11. # default value.
    
12. 
    
13. #Port 22
    
14. Protocol 2
    
15. #ListenAddress 0.0.0.0
    
16. #ListenAddress ::
    
17. 
    
18. # HostKey for protocol version 1
    
19. HostKey /etc/ssh/ssh_host_key
    
20. # HostKeys for protocol version 2
    
21. HostKey /etc/ssh/ssh_host_rsa1_key
    
22. HostKey /etc/ssh/ssh_host_dsa_key
    
23. 
    
24. # Lifetime and size of ephemeral version 1 server key
    
25. #KeyRegenerationInterval 3600
    
26. KeyRegenerationInterval 3600
    
27. #ServerKeyBits 768
    
28. 
    
29. # Logging
    
30. #obsoletes QuietMode and FascistLogging
    
31. #SyslogFacility AUTH
    
32. #LogLevel INFO
    
33. LogLevel INFO
    
34. 
    
35. # Authentication:
    
36. 
    
37. #LoginGraceTime 120
    
38. LoginGraceTime 120
    
39. #PermitRootLogin no
    
40. PermitRootLogin without-password
    
41. #StrictModes yes
    
42. StrictModes yes
    
43. 
    
44. #RSAAuthentication yes
    
45. RSAAuthentication yes
    
46. 
    
47. #PubkeyAuthentication yes
    
48. PubkeyAuthentication yes
    
49. 
    
50. TCPKeepAlive yes
    
51. 
    
52. #AuthorizedKeysFile     .ssh/authorized_keys
    
53. 
    
54. # rhosts authentication should not be used
    
55. #RhostsAuthentication no
    
56. # Don't read the user's ~/.rhosts and ~/.shosts files
    
57. #IgnoreRhosts yes
    
58. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    
59. #RhostsRSAAuthentication no
    
60. # similar for protocol version 2
    
61. #HostbasedAuthentication no
    
62. # Change to yes if you don't trust ~/.ssh/known_hosts for
    
63. # RhostsRSAAuthentication and HostbasedAuthentication
    
64. #IgnoreUserKnownHosts no
    
65. 
    
66. # To disable tunneled clear text passwords, change to no here!
    
67. #PasswordAuthentication yes
    
68. PermitEmptyPasswords no
    
69. 
    
70. # Change to no to disable s/key passwords
    
71. ChallengeResponseAuthentication no
    
72. 
    
73. # Kerberos options
    
74. #KerberosAuthentication no
    
75. #KerberosOrLocalPasswd yes
    
76. #KerberosTicketCleanup yes
    
77. 
    
78. #AFSTokenPassing no
    
79. 
    
80. # Kerberos TGT Passing only works with the AFS kaserver
    
81. #KerberosTgtPassing no
    
82. 
    
83. # Set this to 'yes' to enable PAM keyboard-interactive authentication
    
84. # Warning: enabling this may bypass the setting of 'PasswordAuthentication'
    
85. #PAMAuthenticationViaKbdInt no
    
86. 
    
87. X11Forwarding yes
    
88. #X11DisplayOffset 10
    
89. X11UseLocalhost no
    
90. #PrintMotd yes
    
91. PrintMotd yes
    
92. #PrintLastLog yes
    
93. KeepAlive yes
    
94. #UseLogin no
    
95. #UsePrivilegeSeparation yes
    
96. #Compression yes
    
97. PermitUserEnvironment no
    
98. 
    
99. #MaxStartups 10
    
100. MaxStartups 100
     
101. # no default banner path
     
102. #Banner /some/path
     
103. #VerifyReverseMapping no
     
104. #DenyUsers root
     
105. #AuthorizedKeysFile /dev/null
     
106. #DenyUsers
     
107. #DenyUsers
     
108. #AllowUsers
     
109. #AllowUsers
     
110. #AllowUsers
     
111. 
     
112. # override default of no subsystems
     
113. Subsystem       sftp    /usr/sbin/sftp-server
     

复制代码

以下朋友给的建议，各位觉得他说的对否？
My own personal experience has been that ssh public/private key pairs must be regenerated after an OS upgrade as the server's host key fingerprint (MD5 hash) in the old keys will no longer be valid. If this does not fix the issue, it could be permissions on the key files or ssh configuration for the userid.

[ 本帖最后由 dnavy 于 2007-6-13 04:56 编辑 ]

dnavy

没人理我  

nimysun

#PermitRootLogin no
注意这一行，如果使用root用户做,那么我建议打开root login的功能。
加入如下一行
PermitRootLogin yes
重启sshd进程，或者kill -1 sshd's processID.

对于ssh来说，如果server端更新或者重装了ssh软件或者系统，那么最好在client端修改$HOME/.ssh/known_hosts中的server端ip所在的条目。
不知道您明白了没有。

dnavy

不能允许root登陆，我用的是db的instance id
就算server端重新安装了ssh 我把两边的know_host都清空 regenerate ssh key 可以么

yddll

大不了重新来一遍

dnavy

原帖由 yddll 于 2007-6-13 20:53 发表
大不了重新来一遍

已经重来了n次了   郁闷哦