RHEL 5.3 建立用户等效性之权限设置

在两个机器都能ping 通的情况下,开始建立用户等效性:

[root@node1 opt]# su - oracle
[oracle@node1 ~]$ mkdir ~/.ssh
[oracle@node1 ~]$ chmod 700 ~/.ssh
[oracle@node1 ~]$ ssh-keygen -t rsa
[oracle@node1 ~]$ ssh-keygen -t dsa

然后换node2 执行
[root@node2 ~]# ping 192.168.100.102
[root@node2 ~]# ping 10.10.17.222
[root@node2 opt]# su - oracle
[oracle@node2 ~]$ mkdir ~/.ssh
[oracle@node2 ~]$ chmod 700 ~/.ssh
[oracle@node2 ~]$ ssh-keygen -t rsa
[oracle@node2 ~]$ ssh-keygen -t dsa

切换回node1,接着执行:
[oracle@node1 ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[oracle@node1 ~]$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
提示:下列命令会提示你输入node2 的oracle 密码,按照提示输入即可,如果失败可重新尝试执行命
令。
[oracle@node1 ~]$ ssh node2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'node2 (192.168.100.102)' can't be established.
RSA key fingerprint is 92:d1:ce:5b:c8:a1:52:d5:ac:00:5f:48:5d:12:06:e4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2,192.168.100.102' (RSA) to the list of known hosts.
oracle@node2's password:
[oracle@node1 ~]$ ssh node2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
0a:9a:20:46:a2:28:ec:72:23:82:f2:9d:f8:62:9b:d1 oracle@node1

[oracle@node1 ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[oracle@node1 ~]$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
提示:下列命令会提示你输入node2 的oracle 密码,按照提示输入即可,如果失败可重新尝试执行命
令。


[oracle@node1 ~]$ scp ~/.ssh/authorized_keys node2:~/.ssh/authorized_keys
oracle@node2's password:
authorized_keys 100% 1992 2.0KB/s 00:00
两机相互执行,看看是否还需要输入密码
[oracle@node1 ~]$ ssh node2 date

还是要求输入密码!

仔细检查操作步骤。。。

没问题。

从头再来设置一遍,步骤循环到此,还是要求输入密码。

各种想不明白,

网上有的文章中提到说权限的问题,权限是照着设置的没问题啊。

最后发现是home目录下oracle目录的权限设置过度了777。

更改家目录权限 700,更改 .ssh 目录权限 700

chmod 600 /home/oracle/.ssh/.*

然后再试 

[oracle@node1 ~]$ ssh node1 date
[oracle@node1 ~]$ ssh node2 date

OK 了!

更正了一个固有的思维,之前以为在linux下权限放的越松,对于访问越没有障碍,看来并非所有的服务都是这样的啊。

谨以此文以记之。

posted @ 2012-12-29 16:38  Alex-Zeng  阅读(296)  评论(0编辑  收藏  举报