Linux信任主机(SSH)
一、两台Linux服务器和客户端 A:主机服务器 B:客户端服务器在主机服务器A上用ssh命令生成密匙对,命令如下:ssh-keygen -t rsa 然后一路回车即可
在当前用户目录:/home/root/.ssh/下找到 id_rsa.pub
scp 本地文件(id_rsa.pub) 远程用户名@远程主机(B)IP地址:远程主机的保存位置
现在到远程主机B查看是否有相应的文件,当然这里也要注意.ssh目录是否存在
把刚才传输过来的公钥追加到.ssh/authorized_keys文件里面
命令如下:
cat id_rsa.put >> .ssh/authorized_keys
chmod 700 .ssh
chmod 600 .ssh/authorized_keys
配置的时候注意权限的设置
二、rsync命令实现数据同步出错
在使用rsync同步时还是需要输入密码,查看系统日志发现:
Jan 21 09:49:05 localhost sshd: User tomcat not allowed because account is locked
Jan 21 09:49:05 localhost sshd: input_userauth_request: invalid user tomcat
Jan 21 09:49:11 localhost sshd: Connection closed by 192.168.2.250
通过日志查看,刚开始以为是 Tomcat用户被锁定了:
=============== linux 用户解锁 =====================
查看用户:pam_tally2 --user 账号
解锁用户:pam_tally2 -r -u 账号
通过pam_tally2 --user指令发现没有锁定,最终通过查找资料是sshd没有开启 PAM
[*]PAM is not enabled for SSH service, it is commented or set to "no" explicitly:
~# grep UsePAM /etc/ssh/sshd_config
#UsePAM yes
开启sshd_config UsePAM yes;service sshd restart 出现新的问题,普通用户无法登陆
cd /etc/pam.d;ls -l sshd 查看此文件是否存在,没有则需创建
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth 重新开启 UsePAM yes;service sshd restart成功解决问题!
页:
[1]