Configuration of a passwordless login failure can be caused by many reasons, for example,
the configuration of the firewall (or iptables, to be more specific), SELinux, and even the SSHD
server itself. We will discuss methods to deal with these potential problems.
Erroneous SSH settings:
If the /etc/ssh_config file contains the following lines:
RSAAuthentication no
PubkeyAuthentication no
It means that the public key authorization has been disabled. We need to change these
two lines to the following:
RSAAuthentication yes
PubkeyAuthentication yes
Make sure that the SSHD service has been successfully restarted on the remote machine
with the following command:
sudo service sshd restart
Manually check the ~/.ssh/authorized_hosts file on the remote host and see if the
local machine's public key string has been appended. If not, we can manually append the
local machine's public key to the ~/.ssh/authorized_hosts on the remote machine
with the following commands:
scp ~/.ssh/id_rsa.pub hduser@hdslave.host:~/
ssh hduser@hdslave.host -C "cat ~/id_rsa.pub >> ~/.ssh/authorized_hosts"
Log out of the remote machine and log in again, if the problem persists, go to the next section.
Erroneous iptables configuration:
Check the status of iptables with the following command:
sudo iptables -L
If no rules are printed, go to the next step, otherwise, disable iptables by flushing all the
existing rules with the following command:
sudo iptables -F
If the problem persists, go to the next section.
Erroneous SELinux configuration:
Security Enhanced Linux (SELinux) is a Linux feature that provides the mechanism
for supporting access control security policies. SELinux that is in enforcing mode can
block the passwordless login operation. We can check the current SELinux status with
the following command:
getenforce
If we get an output similar to the following:
Enforcing
The output means SELinux is currently in enforcing mode, we need to put it in permissive
mode with command:
sudo setenforce 0
Alternatively, we can disable SELinux by editing the /etc/selinux/config file and change
SELINUX=enforcing to SELINUX=disabled. Note that system reboot is required for the
changes to take effect in this method.
the configuration of the firewall (or iptables, to be more specific), SELinux, and even the SSHD
server itself. We will discuss methods to deal with these potential problems.
Erroneous SSH settings:
If the /etc/ssh_config file contains the following lines:
RSAAuthentication no
PubkeyAuthentication no
It means that the public key authorization has been disabled. We need to change these
two lines to the following:
RSAAuthentication yes
PubkeyAuthentication yes
Make sure that the SSHD service has been successfully restarted on the remote machine
with the following command:
sudo service sshd restart
Manually check the ~/.ssh/authorized_hosts file on the remote host and see if the
local machine's public key string has been appended. If not, we can manually append the
local machine's public key to the ~/.ssh/authorized_hosts on the remote machine
with the following commands:
scp ~/.ssh/id_rsa.pub hduser@hdslave.host:~/
ssh hduser@hdslave.host -C "cat ~/id_rsa.pub >> ~/.ssh/authorized_hosts"
Log out of the remote machine and log in again, if the problem persists, go to the next section.
Erroneous iptables configuration:
Check the status of iptables with the following command:
sudo iptables -L
If no rules are printed, go to the next step, otherwise, disable iptables by flushing all the
existing rules with the following command:
sudo iptables -F
If the problem persists, go to the next section.
Erroneous SELinux configuration:
Security Enhanced Linux (SELinux) is a Linux feature that provides the mechanism
for supporting access control security policies. SELinux that is in enforcing mode can
block the passwordless login operation. We can check the current SELinux status with
the following command:
getenforce
If we get an output similar to the following:
Enforcing
The output means SELinux is currently in enforcing mode, we need to put it in permissive
mode with command:
sudo setenforce 0
Alternatively, we can disable SELinux by editing the /etc/selinux/config file and change
SELINUX=enforcing to SELINUX=disabled. Note that system reboot is required for the
changes to take effect in this method.
No comments:
Post a Comment