linux系统主机信任,Linux信任主机(SSH)
一、兩臺(tái)Linux服務(wù)器和客戶端 A:主機(jī)服務(wù)器?? B:客戶端服務(wù)器
在主機(jī)服務(wù)器A上用ssh命令生成密匙對(duì),命令如下:ssh-keygen?-t?rsa然后一路回車即可
在當(dāng)前用戶目錄:/home/root/.ssh/下找到 id_rsa.pub
scp 本地文件(id_rsa.pub) 遠(yuǎn)程用戶名@遠(yuǎn)程主機(jī)(B)IP地址:遠(yuǎn)程主機(jī)的保存位置
現(xiàn)在到遠(yuǎn)程主機(jī)B查看是否有相應(yīng)的文件,當(dāng)然這里也要注意.ssh目錄是否存在
把剛才傳輸過(guò)來(lái)的公鑰追加到.ssh/authorized_keys文件里面
命令如下:
cat id_rsa.put >> .ssh/authorized_keys
chmod 700 .ssh
chmod 600 .ssh/authorized_keys
配置的時(shí)候注意權(quán)限的設(shè)置
二、rsync命令實(shí)現(xiàn)數(shù)據(jù)同步出錯(cuò)
在使用rsync同步時(shí)還是需要輸入密碼,查看系統(tǒng)日志發(fā)現(xiàn):
Jan 21 09:49:05 localhost sshd[44946]: User tomcat not allowed because account is locked
Jan 21 09:49:05 localhost sshd[44946]: input_userauth_request: invalid user tomcat [preauth]
Jan 21 09:49:11 localhost sshd[44946]: Connection closed by 192.168.2.250 [preauth]
通過(guò)日志查看,剛開(kāi)始以為是 Tomcat用戶被鎖定了:
=============== linux 用戶解鎖 =====================
查看用戶:pam_tally2 --user 賬號(hào)
解鎖用戶:pam_tally2 -r -u 賬號(hào)
通過(guò)pam_tally2 --user指令發(fā)現(xiàn)沒(méi)有鎖定,最終通過(guò)查找資料是sshd沒(méi)有開(kāi)啟 PAMPAM is not enabled for SSH service, it is commented or set to "no" explicitly:~#?grep?UsePAM?/etc/ssh/sshd_config
#UsePAM?yes
開(kāi)啟sshd_config UsePAM yes;service sshd restart 出現(xiàn)新的問(wèn)題,普通用戶無(wú)法登陸
cd /etc/pam.d;ls -l sshd 查看此文件是否存在,沒(méi)有則需創(chuàng)建#%PAM-1.0
auth???????required?????pam_sepermit.so
auth???????include??????password-auth
account????required?????pam_nologin.so
account????include??????password-auth
password???include??????password-auth
#?pam_selinux.so?close?should?be?the?first?session?rule
session????required?????pam_selinux.so?close
session????required?????pam_loginuid.so
#?pam_selinux.so?open?should?only?be?followed?by?sessions?to?be?executed?in?the?user?context
session????required?????pam_selinux.so?open?env_params
session????optional?????pam_keyinit.so?force?revoke
session????include??????password-auth
重新開(kāi)啟 UsePAM yes;service sshd restart成功解決問(wèn)題!
總結(jié)
以上是生活随笔為你收集整理的linux系统主机信任,Linux信任主机(SSH)的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: 如何加入民盟 详细解读民主同盟的加入流程
- 下一篇: linux内核md5,浅谈MD5及简单使