hp unix 上配置ssh-wangyl1977-ChinaUnix博客

2010: 爱老婆,爱娃

首页　| 　博文目录　| 　关于我

wangyl1977

博客访问： 1196189
博文数量： 245
博客积分： 10185
博客等级：上将
技术积分： 2744
用户组：普通用户
注册时间： 2006-10-30 17:07

文章分类

全部博文（245）

rac11gR2（4）
aix（11）
SFRAC（10）
RAC（21）
NBU（3）
VCS（3）
VxVM（8）
health（1）
music（1）
joy（30）
worklife（30）
love（14）
myhouse（9）
solaris&linux（72）

experience（13）

disksuite（7）
inter（7）
oracle（21）
未分配的博文（0）

文章存档

2015年（1）

2014年（1）

2013年（1）

2012年（1）

2011年（37）

2010年（20）

2009年（14）

2008年（38）

2007年（88）

2006年（44）

我的朋友

最近访客

推荐博文

hp unix 上配置ssh

分类：

2010-06-13 17:21:48

写得有些乱, 等有时间再修补一下!!

hp02:/opt/ssh/etc #cd /opt/ssh/etc

hp02:/opt/ssh/etc # rm -rf ssh_host*key*

hp02:/.ssh # cd /.ssh ; ls -rlt
total 64
-rw-------   1 root       sys            668 May 28 16:14 id_dsa
-rw-r--r--   1 root       sys            599 May 28 16:14 id_dsa.pub
-rw-rw-rw-   1 root       sys           1795 May 28 16:15 authorized_keys
-rw-r--r--   1 root       sys            540 May 28 16:16 known_hosts
hp02:/.ssh # cp id_dsa /opt/ssh/etc/ssh_host_dsa_key
hp02:/.ssh # cp id_dsa.pub /opt/ssh/etc/ssh_host_dsa_key.pub
hp02:/.ssh # chmod 600 *
hp02:/.ssh # ls -rlt
total 64
-rw-------   1 root       sys            668 May 28 16:14 id_dsa
-rw-------   1 root       sys            599 May 28 16:14 id_dsa.pub
-rw-------   1 root       sys           1795 May 28 16:15 authorized_keys
-rw-------   1 root       sys            540 May 28 16:16 known_hosts

hp02:/.ssh # cd /opt/ssh/etc/;
hp02:/opt/ssh/etc # chmod 600 *
hp02:/.ssh # ls -rlt
total 64
-rw-------   1 root       sys            668 May 28 16:14 id_dsa
-rw-------   1 root       sys            599 May 28 16:14 id_dsa.pub
-rw-------   1 root       sys           1795 May 28 16:15 authorized_keys
-rw-------   1 root       sys            540 May 28 16:16 known_hosts

关键点:

log : 修改/opt/ssh/etc/sshd_config后,察看 /var/adm/syslog/syslog.log

/opt/ssh/etc/ssh_host_dsa_key
/opt/ssh/etc/ssh_host_dsa_key.pub是系统默认读取的地方

一些错误信息及相关日志
-----------表明Could not load host key: /opt/ssh/etc/ssh_host_rsa_key
[root@tf ~]# ssh hp01
ssh_exchange_identification: Connection closed by remote host

----------表明hosts.pub信息错误,需要cp id_dsa /opt/ssh/etc/ssh_host_dsa_key，cp id_dsa.pub /opt/ssh/etc/ssh_host_dsa_key.pub
May 28 15:40:23 hp01 sshd[20098]: SSH: Server;Ltype: Version;Remote: 10.200.6.16-36908;Protocol: 2.0;Client: OpenSSH_3.9p1
May 28 15:40:23 hp01 sshd[20098]: error: key_read: uudecode AAAAB3NzaC1kc3MAAACBAJEpVSHbtA62PE8BuE1vK2feLXsc1/zdIlHXKP+aDpTHFXTsuwQA3crsXC7dWHCpnuphWqY1YPLIedE2YjiXYN7CmvjhrMVVj\n failed

May 28 16:21:39 hp01 sshd[25243]: SSH: Server;LType: Throughput;Remote: 10.200.6.16-36928;IN: 2672;OUT: 816;Duration: 36.1;tPut_in: 74.1;tPut_out: 22.6
May 28 16:21:40 hp01 sshd[25829]: error: Could not load host key: /opt/ssh/etc/ssh_host_rsa_key
May 28 16:21:40 hp01 sshd[25829]: SSH: Server;Ltype: Version;Remote: 10.200.6.16-36929;Protocol: 2.0;Client: OpenSSH_3.9p1
May 28 16:21:40 hp01 sshd[25829]: Accepted publickey for root from 10.200.6.16 port 36929 ssh2
May 28 16:21:46 hp01 sshd[25829]: SSH: Server;LType: Throughput;Remote: 10.200.6.16-36929;IN: 2624;OUT: 768;Duration: 5.4;tPut_in: 486.3;tPut_out: 142.3
May 28 16:21:47 hp01 sshd[25951]: error: Could not load host key: /opt/ssh/etc/ssh_host_rsa_key
May 28 16:21:47 hp01 sshd[25951]: SSH: Server;Ltype: Version;Remote: 10.200.6.16-36930;Protocol: 2.0;Client: OpenSSH_3.9p1
May 28 16:21:47 hp01 sshd[25951]: Accepted publickey for root from 10.200.6.16 port 36930 ssh2
May 28 16:21:58 hp01 sshd[26186]: error: Could not load host key: /opt/ssh/etc/ssh_host_rsa_key
May 28 16:21:58 hp01 sshd[26186]: SSH: Server;Ltype: Version;Remote: 10.200.6.16-36931;Protocol: 2.0;Client: OpenSSH_3.9p1
May 28 16:21:58 hp01 sshd[26186]: Accepted publickey for root from 10.200.6.16 port 36931 ssh2
May 28 16:22:07 hp01 sshd[26186]: SSH: Server;LType: Throughput;Remote: 10.200.6.16-36931;IN: 2544;OUT: 720;Duration: 8.5;tPut_in: 298.2;tPut_out: 84.4
May 28 16:23:28 hp01 SQLAnywhere(veritas_dbms3_hp01): Starting checkpoint of "vxdbms" (vxdbms.db) at Fri May 28 2010 16:23

May 28 16:19:16 hp01 sshd[23712]: error: Could not load host key: /opt/ssh/etc/ssh_host_rsa_key
May 28 16:19:16 hp01 sshd[23712]: error: Could not load host key: /opt/ssh/etc/ssh_host_dsa_key
May 28 16:19:16 hp01 sshd[23712]: Disabling protocol version 2. Could not load host key
May 28 16:19:16 hp01 sshd[23712]: sshd: no hostkeys available -- exiting.

May 28 16:20:45 hp01 sshd[25000]: error: Could not load host key: /opt/ssh/etc/ssh_host_rsa_key
May 28 16:20:45 hp01 sshd[25000]: SSH: Server;Ltype: Version;Remote: 10.200.6.16-36927;Protocol: 2.0;Client: OpenSSH_3.9p1
May 28 16:20:47 hp01 sshd[25000]: Authentication refused: bad ownership or modes for file /.ssh/authorized_keys
May 28 16:20:50 hp01 sshd[25000]: Accepted keyboard-interactive/pam for root from 10.200.6.16 port 36927 ssh2
May 28 16:21:01 hp01 sshd[25243]: error: Could not load host key: /opt/ssh/etc/ssh_host_rsa_key
May 28 16:21:01 hp01 sshd[25243]: SSH: Server;Ltype: Version;Remote: 10.200.6.16-36928;Protocol: 2.0;Client: OpenSSH_3.9p1
May 28 16:21:01 hp01 sshd[25243]: Authentication refused: bad ownership or modes for file /.ssh/authorized_keys
May 28 16:21:03 hp01 sshd[25243]: Accepted keyboard-interactive/pam for root from 10.200.6.16 port 36928 ssh2

May 28 16:03:26 hp01 SQLAnywhere(veritas_dbms3_hp01): Starting checkpoint of "vxdbms" (vxdbms.db) at Fri May 28 2010 16:03
May 28 16:03:26 hp01 SQLAnywhere(veritas_dbms3_hp01): Finished checkpoint of "vxdbms" (vxdbms.db) at Fri May 28 2010 16:03
May 28 16:09:31 hp01 sshd[15481]: error: Could not load host key: /opt/ssh/etc/ssh_host_rsa_key
May 28 16:09:31 hp01 sshd[15481]: error: Could not load host key: /opt/ssh/etc/ssh_host_dsa_key
May 28 16:09:31 hp01 sshd[15481]: Disabling protocol version 2. Could not load host key
May 28 16:09:31 hp01 sshd[15481]: sshd: no hostkeys available -- exiting.
May 28 16:09:49 hp01 sshd[15723]: error: Could not load host key: /opt/ssh/etc/ssh_host_rsa_key
May 28 16:09:49 hp01 sshd[15723]: error: Could not load host key: /opt/ssh/etc/ssh_host_dsa_key
May 28 16:09:49 hp01 sshd[15723]: Disabling protocol version 2. Could not load host key
May 28 16:09:49 hp01 sshd[15723]: sshd: no hostkeys available -- exiting.
May 28 16:10:59 hp01 sshd[16715]: error: Could not load host key: /opt/ssh/etc/ssh_host_rsa_key
May 28 16:10:59 hp01 sshd[16715]: error: Could not load host key: /opt/ssh/etc/ssh_host_dsa_key
May 28 16:10:59 hp01 sshd[16715]: Disabling protocol version 2. Could not load host key
May 28 16:10:59 hp01 sshd[16715]: sshd: no hostkeys available -- exiting.
May 28 16:16:26 hp01 sshd[21300]: error: Could not load host key: /opt/ssh/etc/ssh_host_rsa_key
May 28 16:16:26 hp01 sshd[21300]: error: Could not load host key: /opt/ssh/etc/ssh_host_dsa_key
May 28 16:16:26 hp01 sshd[21300]: Disabling protocol version 2. Could not load host key
May 28 16:16:26 hp01 sshd[21300]: sshd: no hostkeys available -- exiting.
May 28 16:18:40 hp01 sshd[23232]: error: Could not load host key: /opt/ssh/etc/ssh_host_rsa_key
May 28 16:18:40 hp01 sshd[23232]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
May 28 16:18:40 hp01 sshd[23232]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
May 28 16:18:40 hp01 sshd[23232]: error: Permissions 0644 for '/opt/ssh/etc/ssh_host_dsa_key' are too open.
May 28 16:18:40 hp01 sshd[23232]: error: It is recommended that your private key files are NOT accessible by others.
May 28 16:18:40 hp01 sshd[23232]: error: This private key will be ignored.
May 28 16:18:40 hp01 sshd[23232]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
May 28 16:18:40 hp01 sshd[23232]: error: bad permissions: ignore key: /opt/ssh/etc/ssh_host_dsa_key
May 28 16:18:40 hp01 sshd[23232]: error: Could not load host key: /opt/ssh/etc/ssh_host_dsa_key
May 28 16:18:40 hp01 sshd[23232]: Disabling protocol version 2. Could not load host key
May 28 16:18:40 hp01 sshd[23232]: sshd: no hostkeys available -- exiting.

############## solaris,linux上配ssh 的方法 #####################

配ssh 等效
在rac1上以oracle user run: (假定是要配置主机rac1,rac2的oracle用户等效的话）
先在两机上生成key( 如果只需要配置单向的信任关系，只需要在一个机器上配置key即可，
可参照http://space.itpub.net/228190/viewspace-481809 )

rac1-> mkdir ~/.ssh
rac1-> chmod 700 ~/.ssh
rac1-> ssh-keygen -t dsa
rac1-> touch $HOME/.ssh/authorized_keys
rac1-> chmod 600 $HOME/.ssh/authorized_keys

rac2-> mkdir ~/.ssh
rac2-> chmod 700 ~/.ssh
rac2-> ssh-keygen -t dsa
rac2-> touch $HOME/.ssh/authorized_keys
rac2-> chmod 600 $HOME/.ssh/authorized_keys

在rac1上以oracle user run:
rac1-> ssh rac2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
:

rac2-> ssh rac1 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
:
authorized_keys 100% 1716 1.7KB/s 00:00

这两步其实就是将对方的公钥id_dsa.pub传到本地上来并存为authorized_keys。
第一次连接的话，可能还要输入密码，好生成known_hosts 文件。以后就能直接连接了

阅读(5097) | 评论(0) | 转发(0) |

上一篇：SFHA 5.1 版本

下一篇：sfrac install oracle rac 9iR2

给主人留下些什么吧！~~

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6