本文记录了一次SSH无密码登录认证失败的问题排查过程。主要问题是由于/home/wangshumin目录权限设置不当导致认证被拒绝。通过对日志的分析及权限调整最终解决了问题。
ssh无密码登录认证失败
serverA机器已经生产rsa密钥
且已经将public key添加到serverB机器/root/.ssh/authorized_keys
但是ssh root@135.251.208.141机器时仍然需要输入密码,即无密码认证失败
分析与处理:
用ssh -v debug访问,日志如下,但是从日志看不到失败原因,只知道在用publickey认证时,对端没有reply;
此时百度时,有文章提到可以查看/var/log/secure日志
通过查看serverB机器/var/log/secure,发现报错如下
Jan 8 13:31:34 wng-141 sshd[32366]: Authentication refused: bad ownership or modes for directory /root
Jan 8 13:31:34 wng-141 sshd[32367]: Connection closed by 135.251.218.231
由此日志,可以是/root目录的权限不对,再百度搜索"Authentication refused: bad ownership or modes for directory /root"
发现所有用户的HOME目录应该是700权限,否则会引起很多问题,这个问题同样是由于这个原因
(3)修改权限(需要修改~/.ssh文件夹和authorized_keys文件的,不然会报不允许的错误或者无法出现know_hosts文件)
chmod 700 ~/.ssh
chmod 700 ~/.ssh/authorized_keyschmod 700 ~/.ssh
chmod 700 ~/.ssh/authorized_keys
最终,执行chmod 700 root后解决
Feb 9 11:02:52 centoshostnameKL1 su: pam_unix(su:session): session opened for user root by wangshumin(uid=500)
Feb 10 17:40:16 centoshostnameKL1 su: pam_unix(su:session): session closed for user root
Feb 10 17:40:16 centoshostnameKL1 su: pam_unix(su:session): session closed for user root
Feb 10 17:40:16 centoshostnameKL1 su: pam_unix(su:session): session closed for user root
Feb 10 17:50:06 centoshostnameKL1 sudo: wangshumin : TTY=pts/2 ; PWD=/home/wangshumin/zookeeper/zookeeper-3.4.5/bin ; USER=root ; COMMAND=/usr/bin/vim /etc/profile
Feb 10 19:29:01 centoshostnameKL1 sshd[30650]: Authentication refused: bad ownership or modes for directory /home/wangshumin
Feb 10 19:35:16 centoshostnameKL1 sshd[31014]: Authentication refused: bad ownership or modes for directory /home/wangshumin
Feb 10 19:35:26 centoshostnameKL1 sshd[31014]: Failed password for wangshumin from 192.168.72.101 port 46370 ssh2
Feb 10 19:35:26 centoshostnameKL1 sshd[31014]: Failed password for wangshumin from 192.168.72.101 port 46370 ssh2
Feb 10 19:35:26 centoshostnameKL1 sshd[31015]: Connection closed by 192.168.72.101
Feb 10 19:42:24 centoshostnameKL1 sshd[31223]: Authentication refused: bad ownership or modes for directory /home/wangshumin
Feb 10 19:42:38 centoshostnameKL1 sshd[31223]: Failed password for wangshumin from 192.168.72.101 port 46399 ssh2
Feb 10 19:42:38 centoshostnameKL1 sshd[31223]: Failed password for wangshumin from 192.168.72.101 port 46399 ssh2
Feb 10 19:42:38 centoshostnameKL1 sshd[31224]: Connection closed by 192.168.72.101
Feb 10 19:43:54 centoshostnameKL1 sshd[31260]: Authentication refused: bad ownership or modes for directory /home/wangshumin
Feb 10 19:43:58 centoshostnameKL1 sshd[31260]: Accepted password for wangshumin from 192.168.72.101 port 46406 ssh2
Feb 10 19:43:58 centoshostnameKL1 sshd[31260]: pam_unix(sshd:session): session opened for user wangshumin by (uid=0)
Feb 10 19:43:58 centoshostnameKL1 sshd[31265]: Received disconnect from 192.168.72.101: 11: disconnected by user
Feb 10 19:43:58 centoshostnameKL1 sshd[31260]: pam_unix(sshd:session): session closed for user wangshumin
Feb 10 19:45:00 centoshostnameKL1 sshd[31439]: Authentication refused: bad ownership or modes for directory /home/wangshumin
Feb 10 19:45:06 centoshostnameKL1 sshd[31439]: Failed password for wangshumin from 192.168.72.101 port 46414 ssh2
Feb 10 19:45:06 centoshostnameKL1 sshd[31439]: Failed password for wangshumin from 192.168.72.101 port 46414 ssh2
Feb 10 19:45:06 centoshostnameKL1 sshd[31440]: Connection closed by 192.168.72.101
Feb 10 19:48:38 centoshostnameKL1 sshd[31967]: Authentication refused: bad ownership or modes for directory /home/wangshumin
Feb 10 19:50:05 centoshostnameKL1 sshd[31967]: Failed password for wangshumin from 192.168.72.101 port 46429 ssh2
Feb 10 19:50:05 centoshostnameKL1 sshd[31967]: Failed password for wangshumin from 192.168.72.101 port 46429 ssh2
扫一扫
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
