标签:ssh、信任主机
一、两台Linux服务器和客户端 A:主机服务器 B:客户端服务器
在主机服务器A上用ssh命令生成密匙对,命令如下:ssh-keygen -t rsa 然后一路回车即可
在当前用户目录:/home/root/.ssh/下找到 id_rsa.pub
scp 本地文件(id_rsa.pub) 远程用户名@远程主机(B)IP地址:远程主机的保存位置
现在到远程主机B查看是否有相应的文件,当然这里也要注意.ssh目录是否存在
把刚才传输过来的公钥追加到.ssh/authorized_keys文件里面
命令如下:
cat id_rsa.put >> .ssh/authorized_keys
chmod 700 .ssh
chmod 600 .ssh/authorized_keys
配置的时候注意权限的设置
二、rsync命令实现数据同步出错
在使用rsync同步时还是需要输入密码,查看系统日志发现:
Jan 21 09:49:05 localhost sshd[44946]: User tomcat not allowed because account is locked
Jan 21 09:49:05 localhost sshd[44946]: input_userauth_request: invalid user tomcat [preauth]
Jan 21 09:49:11 localhost sshd[44946]: Connection closed by 192.168.2.250 [preauth]
通过日志查看,刚开始以为是 Tomcat用户被锁定了:
=============== linux 用户解锁 =====================
查看用户:pam_tally2 --user 账号
解锁用户:pam_tally2 -r -u 账号
通过pam_tally2 --user指令发现没有锁定,最终通过查找资料是sshd没有开启 PAM
PAM is not enabled for SSH service, it is commented or set to "no" explicitly:
~# grep UsePAM /etc/ssh/sshd_config #UsePAM yes
开启sshd_config UsePAM yes;service sshd restart 出现新的问题,普通用户无法登陆
cd /etc/pam.d;ls -l sshd 查看此文件是否存在,没有则需创建
#%PAM-1.0 auth required pam_sepermit.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session optional pam_keyinit.so force revoke session include password-auth
重新开启 UsePAM yes;service sshd restart成功解决问题!
标签:ssh、信任主机
原文地址:http://hjt353.blog.51cto.com/8636273/1737149