在配置apache集群分布时,要使用SSH免密码登录。
假设现在有两台机器apache@svn(192.168.1.100)作为svn机,
apache@app(192.168.1.101)作为app机。
现在想apache@svn通过ssh免密码登录到apache@app。
1.在svn机下生成公钥/私钥对。
[apache@svn ~]$ ssh-keygen -t rsa -P ''
敲击回车键即可,它在/home/apache下生成.ssh目录,.ssh下有id_rsa和id_rsa.pub。
2.把svn机器下的id_rsa.pub复制到app机器下的~/.ssh/authorized_keys文件里。
[apache@svn ~]$ scp .ssh/id_rsa.pub apache@192.168.1.101:/home/apache/id_rsa.pub.svn apache@192.168.10.101's password:
由于还没有免密码登录的,所以要输入密码。
3.app机把从svn机复制来的id_rsa.pub.svn添加到~/.ssh/authorzied_keys文件里。
[apache@app ~]$ cat id_rsa.pub.svn >> .ssh/authorized_keys [apache@app ~]$ chmod 600 .ssh/authorized_keys [apache@app ~]$ chmod 700 .ssh/
authorized_keys的权限要是600。
.ssh/的权限要是700。 600、700的缘由(http://abomby.blog.sohu.com/168755260.html)
4.svn机登录app机。
[apache@svn ~]$ ssh -l root 192.168.10.101
第一次登录是时要你输入yes, 现在svn机可以无密码登录app机了。
小结:
登录的机子要有私钥,被登录的机子要有登录机子的公钥。这个公钥/私钥对一般在私钥宿主机产生。
上面是用rsa算法的公钥/私钥对,当然也可以用dsa(对应的文件是id_dsa,id_dsa.pub)
想让svn,app机无密码互登录,在svn机以上面同样的方式配置即可,把app的公钥复制过去添加到svn的~/.ssh/authorized_keys的末尾就行了。
至此完毕。
ps:
1.
#su apache
报 This account is currently not available:这个账户目前不可用;
解决办法:
#vi /etc/passwd
把apache:x:502:504::/home/apache:/sbin/nologin
修改为 apache:x:502:504::/home/apache:/bin/bash
http://my.oschina.net/u/1433006/blog/202995
2.
sshd[600]: Authentication refused: bad ownership or modes for file /home/apache/.ssh/authorized_keys
或 Authentication refused: bad ownership or modes for directory /home/git/.ssh
下面转贴来自其中的一段内容:
SSH doesn’t like it if your home or ~/.ssh directories have group write permissions. Your home directory should be writable only by you, ~/.ssh should be 700, and authorized_keys should be 600
You can also get around this by adding StrictModes off to your ssh_config file, but I’d advise against it - fixing permissions is the way to go.
解决办法:
#chmod 600 ~/.ssh/authorized_keys#chmod 700 ~/.ssh/
http://xwv.iteye.com/blog/1897479
文章内容来源参考:http://www.cnblogs.com/shuaiwhu/archive/2010/08/24/2065091.html