I am trying to set up passwordless ssh on two fresh linux VM's from VM A to VM B but I'm having permissions issues. I installed openssh-server on both vm's and configured /etc/ssh/sshd_config as follows:
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
PasswordAuthentication no
All other fields are their default values. On VM AI ran ssh-keygen -t rsa
with the default options. I tried to use ssh-copy-id
but I got a permission denied(publickey) error. I then manually copied id_rsa.pub into authorized_keys on VM B. I used chmod 700
for ~/.ssh, chmod 600
for ~/.ssh/id_rsa, and chmod 644
for ~/.ssh/id_rsa.pub, ~/.ssh/authorized_keys, and ~/.ssh/known_hosts on both VM's. After running ssh -v VM-B I get the following output:
OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to hadoop-slave-1 [192.168.86.134] port 22.
debug1: Connection established.
debug1: identity file /home/hduser/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/hduser/.ssh/id_rsa-cert type -1
debug1: identity file /home/hduser/.ssh/id_dsa type -1
debug1: identity file /home/hduser/.ssh/id_dsa-cert type -1
debug1: identity file /home/hduser/.ssh/id_ecdsa type -1
debug1: identity file /home/hduser/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 45:48:fd:f0:db:1a:2a:c0:80:17:ec:18:5a:dd:f2:a5
debug1: Host 'hadoop-slave-1' is known and matches the ECDSA host key.
debug1: Found key in /home/hduser/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/hduser/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/hduser/.ssh/id_dsa
debug1: Trying private key: /home/hduser/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).
Is there something else I need to do?
Another cause of permission issues is the permissions set on the home directory. Check if this is 755 or less.
See http://www.openssh.org/faq.html#3.14 for more details.
try to follow Password-less logins with OpenSSH
in particular this should work:
ssh-copy-id -i ~/.ssh/id_rsa.pub username@mystery
This will prompt you for the login password for the host, then copy the keyfile for you, creating the correct directory and fixing the permissions as necessary
This line in the log you posted doesn't look right:
debug1: Offering RSA public key: /home/hduser/.ssh/id_rsa
Could you try:
ssh-copy-id remotemachine_username@remotemachine
尝试将 PasswordAuthentication no 更改为 yes
After completing these steps, hduser will be able to login using ssh keys without having to use password authentication on VM B. (note: we'll enable password authentication while working, but disable it again once everything is in order)
As root, open a terminal on VM B
Configure sshd_config to temporarily allow password authentication and ensure that your root user can log back in if connection is lost during any part of this process.
sudo nano /etc/ssh/sshd_config
Set PermitRootLogin to "yes" (we won't be leaving it this way)
Set PasswordAuthentication to "yes" (this is also temporary)
Save changes and return to terminal
ctrl + o
then Return/Enter
ctrl + x
Restart sshd services
sudo systemctl restart sshd
Become hduser
su - hduser
Remove /home/hduser/.ssh and replace it with a new (empty) ~/.ssh folder. Doing this as hduser ensures that hduser can write keys to this folder without having to specify ownership/group permissions with chmod (a common failure point in this process).
rm -r ~/.ssh
mkdir ~/.ssh
Let's call the current terminal "VM B Terminal." Keep VM B Terminal open and spawn a new terminal on VM A; we'll call this "VM A Terminal."
In VM A Terminal, we'll check for an "id_rsa.pub" file
ls ~/.ssh
If you see an "id_rsa.pub" file in here and know it to be a good key, you can safely move to the next step. Otherwise, generate a new key.
ssh-keygen
Use ssh-copy-id to copy hduser's credentials to the server. If ssh-copy-id is unavailable, scp is a good alternative.
Option 1: ssh-copy-id hduser@<ip-address>
Option 2: scp -r ~/.ssh hduser@<ip-address>:/home/hduser/.ssh
Switching back to VM B Terminal
sudo nano /etc/ssh/sshd_config
PasswordAuthentication no
Restart sshd services
sudo systemctl restart sshd
From VM A Terminal, connect over ssh as hduser. Note: if hduser's ssh-key is password protected (this is recommended), enter the file password when prompted.
Configure sshd_config with production settings
sudo nano /etc/ssh/sshd_config
PermitRootLogin no
systemctl restart sshd
Test hduser's connection again before closing out VM B terminal.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.