Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

After Linux operating system is configured with mutual trust authentication, login still needs to enter the user's password.

2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

Recently, in the test environment of installing GreenPlum database, mutual trust authentication between nodes needs to be configured during the installation process, but I received an error prompt:

Permission denied (publickey,password,keyboard-interactive).

1. From the prompt message, it may be a problem with SSH authentication mode, so check SSH configuration file.

Check if the following three parameters are yes

RSAAuthentication yes

PubkeyAuthentication yes

PasswordAuthentication yes

[root@ora11g ~]# cat /etc/ssh/sshd_config | grep -i aut#SyslogFacility AUTHSyslogFacility AUTHPRIV# Authentication:#MaxAuthTries 6#RSAAuthentication yes#PubkeyAuthentication yes#AuthorizedKeysFile .ssh/authorized_keys#AuthorizedKeysCommand none#AuthorizedKeysCommandRunAs nobody#RhostsRSAAuthentication no#HostbasedAuthentication no# RhostsRSAAuthentication and HostbasedAuthentication#PasswordAuthentication yesPasswordAuthentication yes#ChallengeResponseAuthentication yesChallengeResponseAuthentication no#KerberosAuthentication noGSSAPIAuthentication no# Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and# PasswordAuthentication. Depending on your PAM configuration,# PAM authentication via ChallengeResponseAuthentication may bypass# PAM authentication, then enable this but set PasswordAuthentication# and ChallengeResponseAuthentication to 'no'.

Check result: The default values of the three parameters are yes, and there is no problem with the configuration file

2. Check whether all the software packages required for SSH are installed

[root@ora11g ~]# rpm -qa | grep sshopenssh-clients-5.3p1-122.el6.x86_64openssh-server-5.3p1-122.el6.x86_64openssh-askpass-5.3p1-122.el6.x86_64libssh3-1.4.2-2.el6_7.1.x86_64openssh-5.3p1-122.el6.x86_64

Check result: There is no problem with the software package

3. Check whether firewall and Selinux are closed.

[root@ora11g ~]# service iptables statusiptables: Firewall is not running. [root@ora11g ~]# [root@ora11g ~]# [root@ora11g ~]# [root@ora11g ~]# getenforceDisabled[root@ora11g ~]#

Inspection results: All closed

4. Check SSH mutual trust configuration file

My environment confirms that everything is correct.

5, check the permissions of the relevant folder

My user is gpadmin, so I check folder permissions for/home/gpadmin

The permissions of the gpadmin folder are 747, which is a strange permission, as shown in the following figure:

I changed the permissions to 750, as shown below:

Check the permissions of the files under/home/gpadmin/.ssh. The permissions shown below are correct.

After the modification of permissions to solve the mutual authentication between hosts, but I have not understood why folder permissions and SSH mutual authentication, perhaps this needs to check the relevant source code.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report