您好,登錄后才能下訂單哦!
近日,在安裝GreenPlum數(shù)據(jù)庫的測式環(huán)境,在安裝過程中需要配置節(jié)點(diǎn)間的互信認(rèn)證,但是我卻收到了錯(cuò)誤提示:
Permission denied (publickey,password,keyboard-interactive).
1、從提示信息上看可能是SSH認(rèn)證方式出現(xiàn)問題,于是檢查SSH的配置文件
檢查以下3個(gè)參數(shù)是否為 yes
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication yes
[root@ora11g ~]# cat /etc/ssh/sshd_config | grep -i aut #SyslogFacility AUTH SyslogFacility AUTHPRIV # Authentication: #MaxAuthTries 6 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys #AuthorizedKeysCommand none #AuthorizedKeysCommandRunAs nobody #RhostsRSAAuthentication no #HostbasedAuthentication no # RhostsRSAAuthentication and HostbasedAuthentication #PasswordAuthentication yes PasswordAuthentication yes #ChallengeResponseAuthentication yes ChallengeResponseAuthentication no #KerberosAuthentication no GSSAPIAuthentication no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'.
檢查結(jié)果:三個(gè)參數(shù)的默認(rèn)值都為 yes,配置文件沒有問題
2、檢查SSH所需要的軟件包是否全部安裝
[root@ora11g ~]# rpm -qa | grep ssh openssh-clients-5.3p1-122.el6.x86_64 openssh-server-5.3p1-122.el6.x86_64 openssh-askpass-5.3p1-122.el6.x86_64 libssh3-1.4.2-2.el6_7.1.x86_64 openssh-5.3p1-122.el6.x86_64
檢查結(jié)果:軟件包也沒有問題
3、檢查防火墻和Selinux是否關(guān)閉
[root@ora11g ~]# service iptables status iptables: Firewall is not running. [root@ora11g ~]# [root@ora11g ~]# [root@ora11g ~]# [root@ora11g ~]# getenforce Disabled [root@ora11g ~]#
檢查結(jié)果:全部關(guān)閉
4、檢查SSH互信的配置文件
我的環(huán)境確認(rèn)都是正確的
5、檢查相關(guān)文件夾的權(quán)限
我的用戶為gpadmin,因此我檢查/home/gpadmin的文件夾權(quán)限
gpadmin文件夾的權(quán)限為 747,比較奇怪的權(quán)限,如下圖所示:
我將權(quán)限修改為 750 ,如下圖所示:
檢查/home/gpadmin/.ssh下文件的權(quán)限,下圖的權(quán)限都是正確的權(quán)限
經(jīng)過權(quán)限的修改解決了主機(jī)間的互信認(rèn)證問題,但是我一直不明白為什么文件夾權(quán)限與SSH互信認(rèn)正有關(guān),也許這就需要檢看相關(guān)源代碼了。
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。