非root免密码登录异常

跳板机: vmmelplinf01

远程机：melaitlned02

互信ID：aapp016

1, 在跳板机上使用aapp016登录，结果如下，需要密码

aapp016@vmmelplinf01:~> ssh melaitlned02
Password:

2，查看跳板机和远程机的 authorized_keys是否正确，由传了一次id_rsa.pub

aapp016@melaitlned02:~/.ssh> ll
total 8
-rw-r--r-- 1 root root 399 Dec 19 2016 authorized_keys
-r--r--r-- 1 root root 399 Dec 19 2016 id_rsa.pub
aapp016@melaitlned02:~/.ssh> pwd
/home/aapp016/.ssh
aapp016@melaitlned02:~/.ssh>

3,发现还是需要密码登录，偶然查看远程机的/var/log



4，查看该ID的组

melaitlned02:/sbin # id aapp016
uid=44016(aapp016) gid=55009(ops) groups=55009(ops),100(users)

5，查看配置文件/etc/ssh/sshd_config 中AllowGroups 参数中是否有加入aapp016的所属组，发现没有加进去，于是需要手动添加进去 ops 这个组

vim /etc/ssh/sshd_config

AllowGroups wheel svr_melaitlned02_access svr_melaitlned02_wheel root ops
DenyGroups login_disabled
AllowGroups wheel svr_melaitlned02_access svr_melaitlned02_wheel ops
DenyGroups login_disabled

6，重启sshd服务

/etc/init.d/sshd restart

再次测试, 成功登录

aapp016@vmmelplinf01:~> ssh melaitlned02
Last failed login: Mon Dec 4 17:01:13 AEDT 2017 from vmmelplinf01.aia.biz on ssh:notty
There were 16 failed login attempts since the last successful login.
****************************************************************************

Warning: These facilities are solely for the use of authorized employees or
agents of the Company, its subsidiaries and affiliates. Unauthorized use is
prohibited and subject to criminal and civil penalties. Individuals using this
computer system are subject to having all of their activities on this system
monitored and recorded by systems personnel.

****************************************************************************

aapp016@melaitlned02:~>

#面密码登录的本质是：跳板机上生成一个公钥传到远程机的./ssh/authorized_keys