近日,在安装GreenPlum数据库的测式环境,在安装过程中需要配置节点间的互信认证,但是我却收到了错误提示:
Permission denied (publickey,password,keyboard-interactive).从提示信息上看可能是SSH认证方式出现问题,于是检查SSH的配置文件
检查以下3个参数是否为 yes
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication yes
[root@ora11g ~]# cat /etc/ssh/sshd_config | grep -i aut#SyslogFacility AUTHSyslogFacility AUTHPRIV# Authentication:#MaxAuthTries 6#RSAAuthentication yes#PubkeyAuthentication yes#AuthorizedKeysFile .ssh/authorized_keys#AuthorizedKeysCommand none#AuthorizedKeysCommandRunAs nobody#RhostsRSAAuthentication no#HostbasedAuthentication no# RhostsRSAAuthentication and HostbasedAuthentication#PasswordAuthentication yesPasswordAuthentication yes#ChallengeResponseAuthentication yesChallengeResponseAuthentication no#KerberosAuthentication noGSSAPIAuthentication no# Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and# PasswordAuthentication. Depending on your PAM configuration,# PAM authentication via ChallengeResponseAuthentication may bypass# PAM authentication, then enable this but set PasswordAuthentication# and ChallengeResponseAuthentication to 'no'.检查结果:三个参数的默认值都为 yes,配置文件没有问题
检查SSH所需要的软件包是否全部安装
[root@ora11g ~]# rpm -qa | grep sshopenssh-clients-5.3p1-122.el6.x86_64openssh-server-5.3p1-122.el6.x86_64openssh-askpass-5.3p1-122.el6.x86_64libssh3-1.4.2-2.el6_7.1.x86_64openssh-5.3p1-122.el6.x86_64检查结果:软件包也没有问题
检查防火墙和Selinux是否关闭
[root@ora11g ~]# service iptables statusiptables: Firewall is not running.[root@ora11g ~]# [root@ora11g ~]# [root@ora11g ~]# [root@ora11g ~]# getenforceDisabled[root@ora11g ~]#检查结果:全部关闭
检查SSH互信的配置文件
我的环境确认都是正确的
检查相关文件夹的权限
我的用户为gpadmin,因此我检查/home/gpadmin的文件夹权限
gpadmin文件夹的权限为 747,比较奇怪的权限,如下图所示:
我将权限修改为 750 ,如下图所示:
检查/home/gpadmin/.ssh下文件的权限,下图的权限都是正确的权限
经过权限的修改解决了主机间的互信认证问题,但是我一直不明白为什么文件夹权限与SSH互信认正有关,也许这就需要检看相关源代码了。
