GPDB:SSH 权限被拒绝(公钥)
Posted
技术标签:
【中文标题】GPDB:SSH 权限被拒绝(公钥)【英文标题】:GPDB : SSH permission denied (public key) 【发布时间】:2017-11-09 06:41:28 【问题描述】:当尝试 ssh(来自 greenplum 系统用户)来自 Master gpdb 主机的数据节点之一时。
env - gpdb 4.3.10
出现错误
[gpadmin@mdw ~]$ ssh 数据节点
权限被拒绝(公钥、gssapi-keyex、gssapi-with-mic)。 [gpadmin@mdw ~]$
我们试过了 尝试过关键文档 https://discuss.pivotal.io/hc/en-us/articles/203777546-gpssh-exkeys-Fails-with-Error-Permission-denied-During-Local-Key-Exchange
此外,观察到的节点无法通过 SSH 连接任何数据节点/主控主机。
**Here is verbose mode -v with SSH info**
debug1: Host 'datanode01' is known and matches the ECDSA host key.
debug1: Found key in /home/gpadmin/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/gpadmin/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: /home/gpadmin/.ssh/id_dsa
debug1: Trying private key: /home/gpadmin/.ssh/id_ecdsa
debug1: Trying private key: /home/gpadmin/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
【问题讨论】:
我会重试那个 Pivotal 文档。它会正确引导您解决问题。 当然。打算再试一次。我在这里发布的相同链接 我刚刚试了一下。仍然面临同样的错误 @JonRoberts 我尝试检查 ssh config 。值得注意的是 datanode 和除此节点之外的其他备用节点之一能够正确连接。 我想手动将公钥从源系统复制到目标系统上的 ~/.ssh/authorized_keys。那样可以么?因为 SSH 复制 pub 密钥是不可能的或者你能建议可能的方法吗? 【参考方案1】:我认为问题不在于该文档建议的 root 登录,而是禁用了密码身份验证。尝试在所有节点上运行:
sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
sudo service sshd restart
echo "gpadmin:changeme" | sudo chpasswd
然后以 gpadmin 身份重试 gpssh-exkeys。
gpssh-exkey -f all_hosts
交换密钥后,您可以再次禁用密码验证。
sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
【讨论】:
以上是关于GPDB:SSH 权限被拒绝(公钥)的主要内容,如果未能解决你的问题,请参考以下文章