GPDB:SSH 权限被拒绝(公钥)

Posted

技术标签:

【中文标题】GPDB:SSH 权限被拒绝(公钥)【英文标题】:GPDB : SSH permission denied (public key) 【发布时间】:2017-11-09 06:41:28 【问题描述】:

当尝试 ssh(来自 greenplum 系统用户)来自 Master gpdb 主机的数据节点之一时。

env - gpdb 4.3.10

出现错误

[gpadmin@mdw ~]$ ssh 数据节点

权限被拒绝(公钥、gssapi-keyex、gssapi-with-mic)。 [gpadmin@mdw ~]$

我们试过了 尝试过关键文档 https://discuss.pivotal.io/hc/en-us/articles/203777546-gpssh-exkeys-Fails-with-Error-Permission-denied-During-Local-Key-Exchange

此外,观察到的节点无法通过 SSH 连接任何数据节点/主控主机。

**Here is verbose mode  -v with SSH info**

debug1: Host 'datanode01' is known and matches the ECDSA host key.
debug1: Found key in /home/gpadmin/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure.  Minor code may provide more information
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/gpadmin/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: /home/gpadmin/.ssh/id_dsa
debug1: Trying private key: /home/gpadmin/.ssh/id_ecdsa
debug1: Trying private key: /home/gpadmin/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

【问题讨论】:

我会重试那个 Pivotal 文档。它会正确引导您解决问题。 当然。打算再试一次。我在这里发布的相同链接 我刚刚试了一下。仍然面临同样的错误 @JonRoberts 我尝试检查 ssh config 。值得注意的是 datanode 和除此节点之外的其他备用节点之一能够正确连接。 我想手动将公钥从源系统复制到目标系统上的 ~/.ssh/authorized_keys。那样可以么?因为 SSH 复制 pub 密钥是不可能的或者你能建议可能的方法吗? 【参考方案1】:

我认为问题不在于该文档建议的 root 登录,而是禁用了密码身份验证。尝试在所有节点上运行:

sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
sudo service sshd restart
echo "gpadmin:changeme" | sudo chpasswd

然后以 gpadmin 身份重试 gpssh-exkeys。

gpssh-exkey -f all_hosts

交换密钥后,您可以再次禁用密码验证。

sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config

【讨论】:

以上是关于GPDB:SSH 权限被拒绝(公钥)的主要内容,如果未能解决你的问题,请参考以下文章

无法连接 SSH 密钥,权限被拒绝(公钥)

ssh - Amazon EC2 上的权限被拒绝(公钥)

Bitbucket 权限被拒绝(公钥)。但适用于 ssh

SourceTree 总是权限被拒绝(公钥)

AWS ssh 访问“权限被拒绝(公钥)”问题[关闭]

尝试从其他计算机访问 ec2 时 ssh 权限被拒绝(公钥)