首先,提前感谢您的帮助。
我希望标题有意义。基本上,在头节点上,用户的主目录(即:headnode:/ home / eric)是NFS共享的,并安装到所有机器/ home目录(即:node01:/ home / eric)我正在尝试设置无密码头节点上的所有用户与集群中的所有计算机之间的 SSH 连接。这就是我到目前为止所做的,但我似乎无法使其发挥作用。
我在头节点和集群中的所有机器上运行 CentOS 7。
将头节点的/home挂载到集群中所有机器的/home。在头节点上,/etc/exports 看起来像这样。
/home *(rw,sync,no_root_squash,no_all_squash)
在用户 eric 的头节点上,我生成了 RSA 密钥。
eric@headnode $: ssh-keygen -t rsa
没有密码。
然后我将公钥添加到允许登录埃里克帐户的密钥列表中。
cat id_rsa.pub >> authorized_keys
我还在 /home/eric/.ssh 中创建了一个“配置”文件,其中包含以下几行。
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
我还编辑了 /etc/ssh/ssh_config 以反映
StrictHostKeyChecking no
我确保头节点上的 /home/eric/id_rsa.pub 密钥和 /home/eric/authorized_keys 中的 /home/eric/id_rsa.pub 密钥和 /home/eric/authorized_keys 中的计算机上的相同集群。它们是相同的,因为头节点上的 /home/eric 安装在集群中所有机器的 /home/eric 上。
我还确保头节点上的 /home/eric/.ssh 和集群中的计算机以及 .ssh 内的文件的权限是适当的。
~/.ssh/ 700
~/.ssh/authorized_keys 600
~/.ssh/config 600
~/.ssh/id_rsa 600
~/.ssh/id_rsa.pub 644
经过所有这些步骤后,我仍然无法在头节点和集群中的计算机之间建立无密码 ssh 连接。
这是我从头节点 ssh 到集群中的节点时的详细日志。
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /home/eric/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to tq3 [10.112.0.14] port 22.
debug1: Connection established.
debug1: identity file /home/eric/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/eric/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/eric/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/eric/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/eric/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/eric/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/eric/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/eric/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to tq3:22 as 'eric'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:M8Z5sDopU8J8sEkr9dkAwnIUbhcnLSKZjLfn5RykKA0
Warning: Permanently added 'tq3,10.112.0.14' (ECDSA) to the list of known hosts.
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/eric/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/eric/.ssh/id_dsa
debug1: Trying private key: /home/eric/.ssh/id_ecdsa
debug1: Trying private key: /home/eric/.ssh/id_ed25519
debug1: Next authentication method: password
我是否错过或错过配置了什么?
感谢大家的帮助。
埃里克
答案1
建立从头节点到所有计算节点的 SSH 无密码连接。
确保用户
/hone/user/.ssh在那里。如果没有创建.ssh目录,请运行以下命令:ssh-keygen该
.ssh目录可能存在,但 和id_rsa可能id_rsa.pub不存在 - 要创建id_rsa和 id_rsa.pub 密钥,请运行命令ssh-keygen确保按回车键输入空白密码。如果头节点和计算节点之间的 SSH 连接受密码保护,则 SSH 连接将失败。
将公钥导出到目标主机
ssh-copy-id user@node_in_your_cluster测试 SSH 无密码连接
ssh user@node_in_your_cluster测试与其他计算节点的 ssh 无密码连接。提示将要求您接受连接