ssh localhost 无密码认证登录 网上的方法如下:
$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
经试验后还是需要密码
ssh -vvv localhost
查看debug信息发现如下信息:
debug1: Next authentication method: publickey
debug1: Offering public key: /home/xxxxx/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/xxxxx/.ssh/identity
debug3: no such identity: /home/xxxxx/.ssh/identity
debug1: Trying private key: /home/xxxxx/.ssh/id_dsa
debug3: no such identity: /home/xxxxx/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
修改authorized_keys权限
chmod 644 ~/.ssh/authorized_keys
此后登录不再需要密码。
ssh对文件的权限要求很高啊。太挑剔了
用root查询系统登录日志
$tail /var/log/secure -n 20
SSH doesn’t like it if your home or ~/.ssh directories have group write permissions. Your home directory should be writable only by you, ~/.ssh should be 700, and authorized_keys should be 600 :
chmod g-w /home/hadoop 只准用户可写
chmod 700 /home/hadoop/.ssh
chmod 600 /home/hadoop/.ssh/authorized_keys
chmod 600 /home/hadoop/.ssh/id_dsa
完整脚本
ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
chmod g-w ~
##只准用户可写
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/id_dsa