近日,在安裝GreenPlum數(shù)據(jù)庫(kù)的測(cè)式環(huán)境,在安裝過(guò)程中需要配置節(jié)點(diǎn)間的互信認(rèn)證,但是我卻收到了錯(cuò)誤提示:
創(chuàng)新互聯(lián)建站是專業(yè)的賽罕網(wǎng)站建設(shè)公司,賽罕接單;提供成都網(wǎng)站制作、成都網(wǎng)站設(shè)計(jì)、外貿(mào)營(yíng)銷網(wǎng)站建設(shè),網(wǎng)頁(yè)設(shè)計(jì),網(wǎng)站設(shè)計(jì),建網(wǎng)站,PHP網(wǎng)站建設(shè)等專業(yè)做網(wǎng)站服務(wù);采用PHP框架,可快速的進(jìn)行賽罕網(wǎng)站開(kāi)發(fā)網(wǎng)頁(yè)制作和功能擴(kuò)展;專業(yè)做搜索引擎喜愛(ài)的網(wǎng)站,專業(yè)的做網(wǎng)站團(tuán)隊(duì),希望更多企業(yè)前來(lái)合作!
Permission denied (publickey,password,keyboard-interactive).
1、從提示信息上看可能是SSH認(rèn)證方式出現(xiàn)問(wèn)題,于是檢查SSH的配置文件
檢查以下3個(gè)參數(shù)是否為 yes
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication yes
[root@ora11g ~]# cat /etc/ssh/sshd_config | grep -i aut #SyslogFacility AUTH SyslogFacility AUTHPRIV # Authentication: #MaxAuthTries 6 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys #AuthorizedKeysCommand none #AuthorizedKeysCommandRunAs nobody #RhostsRSAAuthentication no #HostbasedAuthentication no # RhostsRSAAuthentication and HostbasedAuthentication #PasswordAuthentication yes PasswordAuthentication yes #ChallengeResponseAuthentication yes ChallengeResponseAuthentication no #KerberosAuthentication no GSSAPIAuthentication no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'.
檢查結(jié)果:三個(gè)參數(shù)的默認(rèn)值都為 yes,配置文件沒(méi)有問(wèn)題
2、檢查SSH所需要的軟件包是否全部安裝
[root@ora11g ~]# rpm -qa | grep ssh openssh-clients-5.3p1-122.el6.x86_64 openssh-server-5.3p1-122.el6.x86_64 openssh-askpass-5.3p1-122.el6.x86_64 libssh3-1.4.2-2.el6_7.1.x86_64 openssh-5.3p1-122.el6.x86_64
檢查結(jié)果:軟件包也沒(méi)有問(wèn)題
3、檢查防火墻和Selinux是否關(guān)閉
[root@ora11g ~]# service iptables status iptables: Firewall is not running. [root@ora11g ~]# [root@ora11g ~]# [root@ora11g ~]# [root@ora11g ~]# getenforce Disabled [root@ora11g ~]#
檢查結(jié)果:全部關(guān)閉
4、檢查SSH互信的配置文件
我的環(huán)境確認(rèn)都是正確的
5、檢查相關(guān)文件夾的權(quán)限
我的用戶為gpadmin,因此我檢查/home/gpadmin的文件夾權(quán)限
gpadmin文件夾的權(quán)限為 747,比較奇怪的權(quán)限,如下圖所示:
我將權(quán)限修改為 750 ,如下圖所示:
檢查/home/gpadmin/.ssh下文件的權(quán)限,下圖的權(quán)限都是正確的權(quán)限
經(jīng)過(guò)權(quán)限的修改解決了主機(jī)間的互信認(rèn)證問(wèn)題,但是我一直不明白為什么文件夾權(quán)限與SSH互信認(rèn)正有關(guān),也許這就需要檢看相關(guān)源代碼了。