linux系统主机信任,Linux信任主机(SSH)
一、兩臺Linux服務器和客戶端 A:主機服務器?? B:客戶端服務器
在主機服務器A上用ssh命令生成密匙對,命令如下:ssh-keygen?-t?rsa然后一路回車即可
在當前用戶目錄:/home/root/.ssh/下找到 id_rsa.pub
scp 本地文件(id_rsa.pub) 遠程用戶名@遠程主機(B)IP地址:遠程主機的保存位置
現在到遠程主機B查看是否有相應的文件,當然這里也要注意.ssh目錄是否存在
把剛才傳輸過來的公鑰追加到.ssh/authorized_keys文件里面
命令如下:
cat id_rsa.put >> .ssh/authorized_keys
chmod 700 .ssh
chmod 600 .ssh/authorized_keys
配置的時候注意權限的設置
二、rsync命令實現數據同步出錯
在使用rsync同步時還是需要輸入密碼,查看系統日志發現:
Jan 21 09:49:05 localhost sshd[44946]: User tomcat not allowed because account is locked
Jan 21 09:49:05 localhost sshd[44946]: input_userauth_request: invalid user tomcat [preauth]
Jan 21 09:49:11 localhost sshd[44946]: Connection closed by 192.168.2.250 [preauth]
通過日志查看,剛開始以為是 Tomcat用戶被鎖定了:
=============== linux 用戶解鎖 =====================
查看用戶:pam_tally2 --user 賬號
解鎖用戶:pam_tally2 -r -u 賬號
通過pam_tally2 --user指令發現沒有鎖定,最終通過查找資料是sshd沒有開啟 PAMPAM is not enabled for SSH service, it is commented or set to "no" explicitly:~#?grep?UsePAM?/etc/ssh/sshd_config
#UsePAM?yes
開啟sshd_config UsePAM yes;service sshd restart 出現新的問題,普通用戶無法登陸
cd /etc/pam.d;ls -l sshd 查看此文件是否存在,沒有則需創建#%PAM-1.0
auth???????required?????pam_sepermit.so
auth???????include??????password-auth
account????required?????pam_nologin.so
account????include??????password-auth
password???include??????password-auth
#?pam_selinux.so?close?should?be?the?first?session?rule
session????required?????pam_selinux.so?close
session????required?????pam_loginuid.so
#?pam_selinux.so?open?should?only?be?followed?by?sessions?to?be?executed?in?the?user?context
session????required?????pam_selinux.so?open?env_params
session????optional?????pam_keyinit.so?force?revoke
session????include??????password-auth
重新開啟 UsePAM yes;service sshd restart成功解決問題!
總結
以上是生活随笔為你收集整理的linux系统主机信任,Linux信任主机(SSH)的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 如何加入民盟 详细解读民主同盟的加入流程
- 下一篇: linux内核md5,浅谈MD5及简单使