您的位置:首页 > 运维架构 > Linux

centos下ssh免秘钥登录突然失效问题解决

2016-09-25 13:56 323 查看
但前Hadoop集群启动的时候需要输入下属节点的密码,即ssh免秘钥登录失效,折腾了一天找到原因如下:

[test@ceshiserver234 .ssh]$ssh -v localhost
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /home/test/.ssh/identity type -1
debug1: identity file /home/test/.ssh/identity-cert type -1
debug1: identity file /home/test/.ssh/id_rsa type -1
debug1: identity file /home/test/.ssh/id_rsa-cert type -1
debug1: identity file /home/test/.ssh/id_dsa type 2
debug1: identity file /home/test/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/test/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_501' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_501' not found
debug1: Unspecified GSS failure.  Minor code may provide more information
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_501' not found
debug1: Next authentication method: publickey
debug1: Trying private key: /home/test/.ssh/identity
debug1: Trying private key: /home/test/.ssh/id_rsa
debug1: Offering public key: /home/test/.ssh/id_dsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: password
test@localhost's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Sat Dec 13 14:31:31 2014 from localhost
[test@ceshiserver234 ~]$exitdebug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: forcing write
logout
debug1: channel 0: free: client-session, nchannels 1
Connection to localhost closed.
Transferred: sent 2808, received 2640 bytes, in 5.5 seconds
Bytes per second: sent 512.3, received 481.6
debug1: Exit status 0

[test@ceshiserver234 .ssh]$ssh -v localhost
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /home/test/.ssh/identity type -1
debug1: identity file /home/test/.ssh/identity-cert type -1
debug1: identity file /home/test/.ssh/id_rsa type -1
debug1: identity file /home/test/.ssh/id_rsa-cert type -1
debug1: identity file /home/test/.ssh/id_dsa type 2
debug1: identity file /home/test/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/test/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_501' not found
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_501' not found
debug1: Unspecified GSS failure.  Minor code may provide more information
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_501' not found
debug1: Next authentication method: publickey
debug1: Trying private key: /home/test/.ssh/identity
debug1: Trying private key: /home/test/.ssh/id_rsa
debug1: Offering public key: /home/test/.ssh/id_dsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: password
test@localhost's password:

[test@ceshiserver234 .ssh]$/sbin/restorecon -r /root/.ssh
/sbin/restorecon:  lstat(/root/.ssh) failed:  Permission denied
[test@ceshiserver234 .ssh]$sudo /sbin/restorecon -r /root/.ssh
/sbin/restorecon:  lstat(/root/.ssh) failed:  No such file or directory
[test@ceshiserver234 .ssh]$ls -Z authorized_keys
-rw-------. test test unconfined_u:object_r:home_root_t:s0 authorized_keys
[test@ceshiserver234 .ssh]$/sbin/re
reboot      reload      resize2fs   restart     restorecon
[test@ceshiserver234 .ssh]$/sbin/re
reboot      reload      resize2fs   restart     restorecon
**[test@ceshiserver234 .ssh]$/sbin/restorecon -r /home/test/.ssh/**
[test@ceshiserver234 .ssh]$ls -Z authorized_keys
-rw-------. test test unconfined_u:object_r:ssh_home_t:s0 authorized_keys
[test@ceshiserver234 .ssh]$ssh localhost
Last login: Sat Dec 13 14:32:12 2014 from localhost
[test@ceshiserver234 ~]$ssh ceshiserver234
The authenticity of host 'ceshiserver234 (192.168.2.234)' can't be established.
RSA key fingerprint is de:ed:c7:17:09:c8:28:92:92:7d:c9:29:1d:7e:60:04.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ceshiserver234,192.168.2.234' (RSA) to the list of known hosts.
Last login: Sat Dec 13 14:36:06 2014 from localhost
[test@ceshiserver234 ~]$exit
logout
Connection to ceshiserver234 closed.
[test@ceshiserver234 ~]$ssh ceshiserver234
Last login: Sat Dec 13 14:36:18 2014 from ceshiserver234
[test@ceshiserver234 ~]$


另外:

su hadoop

chmod 700 /home/hadoop/

chmod 700 /home/hadoop/.ssh

chmod 644 authorized_keys

chmod 600 id_rsa
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息