服務器之間ssh無祕鑰認證失敗緣由

環境介紹：

A主機10.0.54.199    hostname：localhost

B主機10.0.54.181    hostname：ractest1

---

一、A主機建立公鑰和祕鑰

[root@localhost ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
bb:76:48:de:68:bd:1b:2d:62:d6:a6:ee:8b:f4:c2:d6 root@localhost.localdomain
The key's randomart p_w_picpath is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|                 |
|        S        |
|        .o .     |
|     ..+=== .    |
|     .+=E=+o     |
|     ..*Booo     |
+-----------------+

二、查看公鑰祕鑰

[root@localhost ~]# ll .ssh/
total 12
-rw------- 1 root root 1675 Dec  7 18:41 id_rsa
-rw-r--r-- 1 root root  408 Dec  7 18:41 id_rsa.pub
-rw-r--r-- 1 root root  393 Dec  7 18:42 known_hosts

---

三、拷貝A主機公鑰到B主機root帳戶下，輸入B主機密碼

[root@localhost ~]# ssh-copy-id root@10.0.54.181
The authenticity of host '10.0.54.181 (10.0.54.181)' can't be established.
RSA key fingerprint is f1:68:d6:d7:c8:94:4e:34:1c:42:96:86:98:5d:12:93.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.54.181' (RSA) to the list of known hosts.
root@10.0.54.181's password:
Now try logging into the machine, with "ssh 'root@10.0.54.181'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

---

四、登陸驗證

[root@localhost ~]# ssh root@10.0.54.181
Last login: Tue Dec 15 15:39:11 2015 from 10.0.54.199
[root@ractest1 ~]# w
 16:32:33 up 27 days, 8 min,  2 users,  load average: 0.06, 0.07, 0.01
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/1    10.0.54.70       13:28   46:56   0.06s  0.06s -bash
root     pts/2    10.0.54.199      16:32    0.00s  0.00s  0.00s w

---

五、若是登陸不上去請在B主機上查看root目錄權限，若是權限是700,750都是能夠登陸上去的，可是權限是775,此時A主機是不能無祕鑰登陸必須輸入密碼才能夠登陸，切記。被這個問題搞了一上午，寫下來告訴你們。

[root@ractest1 ~]# ll -d /root/drwxr-x--- 18 root root 4096 Dec 15 13:28 /root/