非root免密碼登陸異常

跳板機: vmmelplinf01

遠程機：melaitlned02

互信ID：aapp016

1, 在跳板機上使用aapp016登陸，結果以下，須要密碼

aapp016@vmmelplinf01:~> ssh melaitlned02
Password:

2，查看跳板機和遠程機的 authorized_keys是否正確，由傳了一次id_rsa.pub

aapp016@melaitlned02:~/.ssh> ll
total 8
-rw-r--r-- 1 root root 399 Dec 19  2016 authorized_keys
-r--r--r-- 1 root root 399 Dec 19  2016 id_rsa.pub
aapp016@melaitlned02:~/.ssh> pwd
/home/aapp016/.ssh
aapp016@melaitlned02:~/.ssh>

3,發現仍是須要密碼登陸，偶然查看遠程機的/var/log

4，查看該ID的組

melaitlned02:/sbin # id aapp016
uid=44016(aapp016) gid=55009(ops) groups=55009(ops),100(users)

5，查看配置文件/etc/ssh/sshd_config 中AllowGroups  參數中是否有加入aapp016的所屬組，發現沒有加進去，因而須要手動添加進去 ops 這個組

vim /etc/ssh/sshd_config

AllowGroups wheel svr_melaitlned02_access svr_melaitlned02_wheel root ops
DenyGroups login_disabled
AllowGroups wheel svr_melaitlned02_access svr_melaitlned02_wheel ops
DenyGroups login_disabled

6，重啓sshd服務

/etc/init.d/sshd restart

再次測試, 成功登陸

aapp016@vmmelplinf01:~> ssh melaitlned02
Last failed login: Mon Dec  4 17:01:13 AEDT 2017 from vmmelplinf01.aia.biz on ssh:notty
There were 16 failed login attempts since the last successful login.
****************************************************************************

Warning: These facilities are solely for the use of authorized employees or
agents of the Company, its subsidiaries and affiliates. Unauthorized use is
prohibited and subject to criminal and civil penalties. Individuals using this
computer system are subject to having all of their activities on this system
monitored and recorded by systems personnel.

****************************************************************************

aapp016@melaitlned02:~>

#面密碼登陸的本質是：跳板機上生成一個公鑰傳到遠程機的./ssh/authorized_keys