medya home是/ home / medya /
orainst home是/ tools / appw / oracle / orainst
我为他们两个设置了无密码(是的,我发誓我做了所有的权限,虔诚).
它适用于普通主目录(medya)中的任何用户,但不适用于orainst.
而最奇怪的是,如果我在调试模式下运行ssh服务器,它对两个用户都很好!
这是ssh作为服务启动和ssh作为deBUG启动的日志
这是它失败的地方:
deBUG1: trying public key file /tools/appsw/oracle/orainst/.ssh/authorized_keysdeBUG1: Could not open authorized keys '/tools/appsw/oracle/orainst/.ssh/authorized_keys': Permission denIEddeBUG1: restore_uID: 0/0deBUG1: temporarily_use_uID: 500/500 (e=0/0)deBUG1: trying public key file /tools/appsw/oracle/orainst/.ssh/authorized_keys
这是完整的日志:
[root@ip-10-16-4-114 oracle]# service sshd startStarting sshd: deBUG1: sshd version OpenSSH_5.3p1deBUG1: read PEM private key done: type RSAdeBUG1: private host key: #0 type 1 RSAdeBUG1: read PEM private key done: type DSAdeBUG1: private host key: #1 type 2 DSAdeBUG1: rexec_argv[0]='/usr/sbin/sshd'deBUG1: rexec_argv[1]='-d'Set /proc/self/oom_score_adj from 0 to -1000deBUG1: Bind to port 22 on 0.0.0.0.Server Listening on 0.0.0.0 port 22.deBUG1: Bind to port 22 on ::.Server Listening on :: port 22.deBUG1: Server will not fork when running in deBUGging mode.deBUG1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8deBUG1: inetd sockets after dupPing: 3,3Connection from 10.16.4.113 port 56175deBUG1: ClIEnt protocol version 2.0; clIEnt software version OpenSSH_5.3deBUG1: match: OpenSSH_5.3 pat OpenSSH*deBUG1: Enabling compatibility mode for protocol 2.0deBUG1: Local version string SSH-2.0-OpenSSH_5.3deBUG1: permanently_set_uID: 74/74deBUG1: List_hostkey_types: ssh-rsa,ssh-dssdeBUG1: SSH2_MSG_KEXINIT sentdeBUG1: SSH2_MSG_KEXINIT receiveddeBUG1: kex: clIEnt->server aes128-ctr hmac-md5 nonedeBUG1: kex: server->clIEnt aes128-ctr hmac-md5 nonedeBUG1: SSH2_MSG_KEX_DH_GEX_REQUEST receiveddeBUG1: SSH2_MSG_KEX_DH_GEX_GROUP sentdeBUG1: expecting SSH2_MSG_KEX_DH_GEX_INITdeBUG1: SSH2_MSG_KEX_DH_GEX_REPLY sentdeBUG1: SSH2_MSG_NEWKEYS sentdeBUG1: expecting SSH2_MSG_NEWKEYSdeBUG1: SSH2_MSG_NEWKEYS receiveddeBUG1: KEX donedeBUG1: userauth-request for user orainst service ssh-connection method nonedeBUG1: attempt 0 failures 0deBUG1: PAM: initializing for "orainst"deBUG1: PAM: setting PAM_RHOST to "10.16.4.113"deBUG1: PAM: setting PAM_TTY to "ssh"deBUG1: userauth-request for user orainst service ssh-connection method publickeydeBUG1: attempt 1 failures 0deBUG1: temporarily_use_uID: 500/500 (e=0/0)**deBUG1: trying public key file /tools/appsw/oracle/orainst/.ssh/authorized_keysdeBUG1: Could not open authorized keys '/tools/appsw/oracle/orainst/.ssh/authorized_keys': Permission denIEddeBUG1: restore_uID: 0/0deBUG1: temporarily_use_uID: 500/500 (e=0/0)deBUG1: trying public key file /tools/appsw/oracle/orainst/.ssh/authorized_keys**deBUG1: Could not open authorized keys '/tools/appsw/oracle/orainst/.ssh/authorized_keys': Permission denIEddeBUG1: restore_uID: 0/0Failed publickey for orainst from 10.16.4.113 port 56175 ssh2Connection closed by 10.16.4.113deBUG1: do_cleanupdeBUG1: do_cleanupdeBUG1: PAM: cleanup
并在调试模式下记录运行ssh服务器(当我这样做时,两个用户都可以执行无密码ssh)
[root@ip-10-16-4-114 oracle]# /usr/sbin/sshd -d -p 2222deBUG1: sshd version OpenSSH_5.3p1deBUG1: read PEM private key done: type RSAdeBUG1: private host key: #0 type 1 RSAdeBUG1: read PEM private key done: type DSAdeBUG1: private host key: #1 type 2 DSAdeBUG1: rexec_argv[0]='/usr/sbin/sshd'deBUG1: rexec_argv[1]='-d'deBUG1: rexec_argv[2]='-p'deBUG1: rexec_argv[3]='2222'Set /proc/self/oom_score_adj from 0 to -1000deBUG1: Bind to port 2222 on 0.0.0.0.Server Listening on 0.0.0.0 port 2222.deBUG1: Bind to port 2222 on ::.Server Listening on :: port 2222.deBUG1: Server will not fork when running in deBUGging mode.deBUG1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8deBUG1: inetd sockets after dupPing: 3,3Connection from 10.16.4.113 port 47631deBUG1: ClIEnt protocol version 2.0; clIEnt software version OpenSSH_5.3deBUG1: match: OpenSSH_5.3 pat OpenSSH*deBUG1: Enabling compatibility mode for protocol 2.0deBUG1: Local version string SSH-2.0-OpenSSH_5.3deBUG1: permanently_set_uID: 74/74deBUG1: List_hostkey_types: ssh-rsa,ssh-dssdeBUG1: SSH2_MSG_KEXINIT sentdeBUG1: SSH2_MSG_KEXINIT receiveddeBUG1: kex: clIEnt->server aes128-ctr hmac-md5 nonedeBUG1: kex: server->clIEnt aes128-ctr hmac-md5 nonedeBUG1: SSH2_MSG_KEX_DH_GEX_REQUEST receiveddeBUG1: SSH2_MSG_KEX_DH_GEX_GROUP sentdeBUG1: expecting SSH2_MSG_KEX_DH_GEX_INITdeBUG1: SSH2_MSG_KEX_DH_GEX_REPLY sentdeBUG1: SSH2_MSG_NEWKEYS sentdeBUG1: expecting SSH2_MSG_NEWKEYSdeBUG1: SSH2_MSG_NEWKEYS receiveddeBUG1: KEX donedeBUG1: userauth-request for user orainst service ssh-connection method nonedeBUG1: attempt 0 failures 0deBUG1: PAM: initializing for "orainst"deBUG1: PAM: setting PAM_RHOST to "10.16.4.113"deBUG1: PAM: setting PAM_TTY to "ssh"deBUG1: userauth-request for user orainst service ssh-connection method publickeydeBUG1: attempt 1 failures 0deBUG1: temporarily_use_uID: 500/500 (e=0/0)deBUG1: trying public key file /tools/appsw/oracle/orainst/.ssh/authorized_keysdeBUG1: fd 4 clearing O_NONBLOCKdeBUG1: matching key found: file /tools/appsw/oracle/orainst/.ssh/authorized_keys,line 1Found matching RSA key: 6c:ab:f3:3b:68:c3:ed:f1:d6:ae:a5:f8:06:2f:d3:8cdeBUG1: restore_uID: 0/0deBUG1: ssh_rsa_verify: signature correctdeBUG1: do_pam_account: calledAccepted publickey for orainst from 10.16.4.113 port 47631 ssh2deBUG1: monitor_child_preauth: orainst has been authenticated by privileged processdeBUG1: temporarily_use_uID: 500/500 (e=0/0)deBUG1: ssh_gssAPI_storecreds: Not a GSSAPI mechanismdeBUG1: restore_uID: 0/0deBUG1: SElinux support enableddeBUG1: PAM: establishing credentialsdeBUG1: temporarily_use_uID: 500/500 (e=0/0)deBUG1: ssh_gssAPI_storecreds: Not a GSSAPI mechanismdeBUG1: restore_uID: 0/0User child is on pID 6171deBUG1: PAM: establishing credentialsdeBUG1: permanently_set_uID: 500/500deBUG1: Entering interactive session for SSH2.deBUG1: server_init_dispatch_20deBUG1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384deBUG1: input_session_requestdeBUG1: channel 0: new [server-session]deBUG1: session_new: session 0deBUG1: session_open: channel 0deBUG1: session_open: session 0: link with channel 0deBUG1: server_input_channel_open: confirm sessiondeBUG1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0deBUG1: server_input_channel_req: channel 0 request pty-req reply 1deBUG1: session_by_channel: session 0 channel 0deBUG1: session_input_channel_req: session 0 req pty-reqdeBUG1: Allocating pty.deBUG1: session_new: session 0deBUG1: session_pty_req: session 0 alloc /dev/pts/1deBUG1: server_input_channel_req: channel 0 request env reply 0deBUG1: session_by_channel: session 0 channel 0deBUG1: session_input_channel_req: session 0 req envdeBUG1: server_input_channel_req: channel 0 request shell reply 1deBUG1: session_by_channel: session 0 channel 0deBUG1: session_input_channel_req: session 0 req shell解决方法 我认为真正的问题是.ssh文件夹路径中存在符号链接会触发权限检查.类似于SElinux要求authorized_keys文件禁止对文件进行组写访问(chmod值基本上为600),它对.ssh文件夹和authorized_keys文件路径中的任何符号链接强制执行相同的规则.
我认为答案很好:https://unix.stackexchange.com/questions/152417/why-cant-i-use-public-private-key-authentication-with-ssh-on-arch-linux
总结以上是内存溢出为你收集整理的linux – 无密码SSH仅在调试模式下工作全部内容,希望文章能够帮你解决linux – 无密码SSH仅在调试模式下工作所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)