rsync -a /tmp/test postgres@server2:/tmp/test
但我得到错误:
Permission denIEd (publickey).
我在server1上运行ssh-keygen eval`ssh-agent`和ssh-add作为postgres用户. keygen创建了/var/lib/postgresql/.ssh/ID_rsa和ID_rsa.pub,我可以看到它是通过使用ssh -vvv postgres @ server2发送的.
在server2上,我创建了/var/lib/postgresql/.ssh/authorized_keys,将ID_rsa.pub格式的server1的内容放入其中.它由postgres用户和组以及chmod 600拥有.ss目录也归postgres和chmod 700所有.
我可以从服务器2上的详细sshd登录中看到postgres失败的publickey …
两个服务器上的postgres用户:postgres:x:106:114:Postgresql管理员,:/ var / lib / postgresql:/ bin / bash
ssh -vvv postgres @ server2
...deBUG1: Found key in /var/lib/postgresql/.ssh/kNown_hosts:1deBUG1: ssh_ecdsa_verify: signature correctdeBUG2: kex_derive_keysdeBUG2: set_newkeys: mode 1deBUG1: SSH2_MSG_NEWKEYS sentdeBUG1: expecting SSH2_MSG_NEWKEYSdeBUG2: set_newkeys: mode 0deBUG1: SSH2_MSG_NEWKEYS receiveddeBUG1: Roaming not allowed by serverdeBUG1: SSH2_MSG_SERVICE_REQUEST sentdeBUG2: service_accept: ssh-userauthdeBUG1: SSH2_MSG_SERVICE_ACCEPT receiveddeBUG2: key: /var/lib/postgresql/.ssh/ID_rsa (0x7f468e434000)deBUG2: key: /var/lib/postgresql/.ssh/ID_dsa ((nil))deBUG2: key: /var/lib/postgresql/.ssh/ID_ecdsa ((nil))deBUG1: Authentications that can continue: publickeydeBUG3: start over,passed a different List publickeydeBUG3: preferred gssAPI-keyex,gssAPI-with-mic,publickey,keyboard-interactive,passworddeBUG3: authmethod_lookup publickeydeBUG3: remaining preferred: keyboard-interactive,passworddeBUG3: authmethod_is_enabled publickeydeBUG1: Next authentication method: publickeydeBUG1: Offering RSA public key: /var/lib/postgresql/.ssh/ID_rsadeBUG3: send_pubkey_testdeBUG2: we sent a publickey packet,wait for replydeBUG1: Authentications that can continue: publickeydeBUG1: Trying private key: /var/lib/postgresql/.ssh/ID_dsadeBUG3: no such IDentity: /var/lib/postgresql/.ssh/ID_dsadeBUG1: Trying private key: /var/lib/postgresql/.ssh/ID_ecdsadeBUG3: no such IDentity: /var/lib/postgresql/.ssh/ID_ecdsadeBUG2: we dID not send a packet,disable methoddeBUG1: No more authentication methods to try.Permission denIEd (publickey).
server2 sshd_config(删除了注释行)
Port 22Protocol 2HostKey /etc/ssh/ssh_host_rsa_keyHostKey /etc/ssh/ssh_host_dsa_keyHostKey /etc/ssh/ssh_host_ecdsa_keyUsePrivilegeSeparation yesKeyRegenerationInterval 3600ServerKeyBits 768SyslogFacility AUTHLogLevel VERBOSELoginGraceTime 120PermitRootLogin yesStrictModes yesRSAAuthentication yesPubkeyAuthentication yesIgnoreRhosts yesRhostsRSAAuthentication noHostbasedAuthentication noPermitEmptyPasswords noChallengeResponseAuthentication noPasswordAuthentication noX11Forwarding yesX11displayOffset 10PrintMotd noPrintLastLog yesTCPKeepAlive yesAcceptEnv LANG LC_*Subsystem sftp /usr/lib/openssh/sftp-serverUsePAM yes
server2 auth log
Jan 16 03:54:21 ip-10-28-26-251 sshd[7972]: Set /proc/self/oom_score_adj to 0Jan 16 03:54:21 ip-10-28-26-251 sshd[7972]: Connection from 10.28.123.97 port 49377Jan 16 03:54:21 ip-10-28-26-251 sshd[7972]: Failed publickey for postgres from 10.28.123.97 port 49377 ssh2Jan 16 03:54:21 ip-10-28-26-251 sshd[7972]: Connection closed by 10.28.123.97 [preauth]
我错过了什么?我猜测sshd没有查看server2上的authorized_keys文件
解决方法 假设您的从服务器允许密钥验证,如果您设置了AllowedUsers,则只需要更新/ etc / ssh / sshd_config,在这种情况下,您需要确保postgres在该列表中.除此之外,只需ssh-keygen(保留私钥密码为空),然后将〜/ .ssh / authorized_keys目录/文件添加到从属服务器. postgres的主目录是/ var / lib / postgresql,但是如果你作为postgres用户进行这些 *** 作,你可以使用〜,更不用说你不需要任何东西,因为postgres将拥有主服务器上生成的ssh密钥,postgres将在从服务器上拥有创建的目录/文件.
确保在主服务器和从属服务器上安全地设置文件权限:
# On masterchmod 700 ~/.sshchmod 600 ~/.ssh/ID_rsachmod 600 ~/.ssh/ID_rsa.pubchmod 600 ~/.ssh/kNown_hosts # this one won't exist until you SSH once# On slavechmod 700 ~/.sshchmod 600 ~/.ssh/authorized_keys总结
以上是内存溢出为你收集整理的ssh – 如何让一台服务器上的用户“postgres”rsync到另一台服务器?全部内容,希望文章能够帮你解决ssh – 如何让一台服务器上的用户“postgres”rsync到另一台服务器?所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)