我试图让这个命令作为用户 postgres 工作(所以我可以发送 wal 文件):
rsync -a /tmp/test postgres@server2:/tmp/test
但我收到错误:
Permission denied (publickey).
我已经运行ssh-keygen eval `ssh-agent`,并ssh-add为server1上的Postgres用户。keygen 创建/var/lib/postgresql/.ssh/id_rsa,id_rsa.pub我可以看到它是通过使用ssh -vvv postgres@server2.
在我创建的 server2 上,/var/lib/postgresql/.ssh/authorized_keys将 id_rsa.pub 表单 server1 的内容放入其中。它归 postgres 用户和组以及 chmod 600 所有。该.ssh目录也归 postgres 和 chmod 700 所有。
我可以从 server2 上的详细 sshd 登录中看到 Failed publickey for postgres...
两台服务器上的 postgres 用户: postgres:x:106:114:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
ssh -vvv postgres@server2
...
debug1: Found key in /var/lib/postgresql/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /var/lib/postgresql/.ssh/id_rsa (0x7f468e434000)
debug2: key: /var/lib/postgresql/.ssh/id_dsa ((nil))
debug2: key: /var/lib/postgresql/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /var/lib/postgresql/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /var/lib/postgresql/.ssh/id_dsa
debug3: no such identity: /var/lib/postgresql/.ssh/id_dsa
debug1: Trying private key: /var/lib/postgresql/.ssh/id_ecdsa
debug3: no such identity: /var/lib/postgresql/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
server2 sshd_config(已删除注释行)
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel VERBOSE
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
server2 身份验证日志
Jan 16 03:54:21 ip-10-28-26-251 sshd[7972]: Set /proc/self/oom_score_adj to 0
Jan 16 03:54:21 ip-10-28-26-251 sshd[7972]: Connection from 10.28.123.97 port 49377
Jan 16 03:54:21 ip-10-28-26-251 sshd[7972]: Failed publickey for postgres from 10.28.123.97 port 49377 ssh2
Jan 16 03:54:21 ip-10-28-26-251 sshd[7972]: Connection closed by 10.28.123.97 [preauth]
我错过了什么?我猜 sshd 没有查看 server2 上的 authorized_keys 文件
您需要在sshd_configserver2 中输入以下内容:
AuthorizedKeysFile .ssh/authorized_keys
| 归档时间: |
|
| 查看次数: |
10766 次 |
| 最近记录: |