SSH相互认证的问题 (authorized_keys )

时间:2021-10-05 04:10:18
今天公司做容灾测试的2台LINUX服务器的SSH相互认证出现了问题,重建公密钥老是提示输入密码。 

最后发现,可能是由于谁修改了/home/dbra3的权限(没修改前是777,我改后为了700) 

[dbra3@hzmc .ssh]$  chmod  700  ~/.ssh  
[dbra3@hzmc .ssh]$ /usr/bin/ssh-keygen -t rsa 
Generating public/private rsa key pair. 
Enter file in which to save the key (/home/dbra3/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/dbra3/.ssh/id_rsa. 
Your public key has been saved in /home/dbra3/.ssh/id_rsa.pub. 
The key fingerprint is: 
5d:ec:ad:a3:0e:29:4b:2a:f6:67:2e:da:41:09:0e:2c dbra3@hzmc 
The key's randomart image is: 
+--[ RSA 2048]----+ 
|                 | 
|.          .     | 
|E..         o    | 
|.o . .   . o .   | 
|  . o   S . . .  | 
|   .     .   .   | 
|    . o o   o    | 
|  o..+oo . . .   | 
| ..++=o  .o      | 
+-----------------+ 
[dbra3@hzmc .ssh]$ touch ~/.ssh/authorized_keys 
[dbra3@hzmc .ssh]$ ssh 172.16.4.28 
The authenticity of host '172.16.4.28 (172.16.4.28)' can't be established. 
RSA key fingerprint is 4d:51:34:7e:e8:18:58:b2:0f:f9:14:78:7d:da:3e:fb. 
Are you sure you want to continue connecting (yes/no)? yes 
Warning: Permanently added '172.16.4.28' (RSA) to the list of known hosts. 
dbra3@172.16.4.28's password: 



[dbra3@hzmc ~]$ su - root 
Password: 
[root@hzmc ~]# cd /home 
[root@hzmc home]# ls -l 
drwxrwxrwx  5 dbra3  dbra3     4096 Dec 30  2009 dbra3 
drwxrwxrwx  2 root   root     16384 Sep 22  2009 lost+found 
drwxrwxrwx 14 ora10g oinstall  4096 Dec 29  2009 ora10g 
drwxrwxrwx 18 oracle oinstall  4096 Dec 16  2009 oracle 
[root@hzmc home]# chmod 700 dbra3 
[root@hzmc home]#su - dbra3 
[dbra3@hzmc]$cd .ssh 
[dbra3@hzmc .ssh]$ chmod 644 ~/.ssh/authorized_keys 

就这样,ssh相互认证就可以了