我有一台主機和四台從機。我在主PC上產生了rsa公鑰/私鑰。然後我將 publickey( id_rsa.pub) 複製到從屬機器上,如下所示authorized_keys。
當我在主 PC 的終端上像這樣呼叫 SSH 時,它不會詢問密碼:
ssh –o UserKnownHostsFile=/dev/null –o StrictHostKeyChecking=no hduser@slave1
我編寫了這個腳本來自動登入從屬機器而無需詢問密碼。
SERVER_LIST=`cat /home/hduser/slaves` # slave1, slave2 ...
for host in $SERVER_LIST; do
host=hduser@$host
ssh –t –o UserKnownHostsFile=/dev/null –o StrictHostKeyChecking=no $host;
done
當我使用此腳本時,SSH 會詢問從站密碼。當使用帶有選項的 SSH 時,我收到此訊息-vv:
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))
debug2: key: /root/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
hduser@slave1's password:
我更改了主 PC 和從 PC 上的權限。
sudo chmod 755 /home/hduser
sudo chmod 700 -R ~/.ssh
sudo chown hduser ~/.ssh
當我在終端上呼叫 SSH 時,它不會詢問密碼,但在腳本中呼叫它時,它仍然詢問密碼。我缺什麼?我該如何修復它?
答案1
SSH 日誌顯示登入工作階段正在 /root/.ssh/ 中尋找憑證,這表示您的腳本正在以 root 身分執行。
將 id_* 檔案複製到 /root/.ssh,以 root 身分產生適當的憑證,或以儲存憑證的使用者身分執行腳本。