Shulou(Shulou.com)06/02 Report--

Recently, in the test environment of installing GreenPlum database, mutual trust authentication between nodes needs to be configured during the installation process, but I received an error prompt:

Permission denied (publickey,password,keyboard-interactive).

1. From the prompt message, it may be a problem with SSH authentication mode, so check SSH configuration file.

Check if the following three parameters are yes

RSAAuthentication yes

PubkeyAuthentication yes

PasswordAuthentication yes

[root@ora11g ~]# cat /etc/ssh/sshd_config | grep -i aut#SyslogFacility AUTHSyslogFacility AUTHPRIV# Authentication:#MaxAuthTries 6#RSAAuthentication yes#PubkeyAuthentication yes#AuthorizedKeysFile .ssh/authorized_keys#AuthorizedKeysCommand none#AuthorizedKeysCommandRunAs nobody#RhostsRSAAuthentication no#HostbasedAuthentication no# RhostsRSAAuthentication and HostbasedAuthentication#PasswordAuthentication yesPasswordAuthentication yes#ChallengeResponseAuthentication yesChallengeResponseAuthentication no#KerberosAuthentication noGSSAPIAuthentication no# Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and# PasswordAuthentication. Depending on your PAM configuration,# PAM authentication via ChallengeResponseAuthentication may bypass# PAM authentication, then enable this but set PasswordAuthentication# and ChallengeResponseAuthentication to 'no'.

Check result: The default values of the three parameters are yes, and there is no problem with the configuration file

2. Check whether all the software packages required for SSH are installed

[root@ora11g ~]# rpm -qa | grep sshopenssh-clients-5.3p1-122.el6.x86_64openssh-server-5.3p1-122.el6.x86_64openssh-askpass-5.3p1-122.el6.x86_64libssh3-1.4.2-2.el6_7.1.x86_64openssh-5.3p1-122.el6.x86_64

Check result: There is no problem with the software package

3. Check whether firewall and Selinux are closed.

[root@ora11g ~]# service iptables statusiptables: Firewall is not running. [root@ora11g ~]# [root@ora11g ~]# [root@ora11g ~]# [root@ora11g ~]# getenforceDisabled[root@ora11g ~]#

Inspection results: All closed

4. Check SSH mutual trust configuration file

My environment confirms that everything is correct.

5, check the permissions of the relevant folder

My user is gpadmin, so I check folder permissions for/home/gpadmin

The permissions of the gpadmin folder are 747, which is a strange permission, as shown in the following figure:

I changed the permissions to 750, as shown below:

Check the permissions of the files under/home/gpadmin/.ssh. The permissions shown below are correct.

After the modification of permissions to solve the mutual authentication between hosts, but I have not understood why folder permissions and SSH mutual authentication, perhaps this needs to check the relevant source code.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.