非root免密码登陆异常

跳板机: vmmelplinf01

远程机：melaitlned02

互信ID：aapp016

1, 在跳板机上使用aapp016登陆，结果以下，须要密码

aapp016@vmmelplinf01:~> ssh melaitlned02
Password:

2，查看跳板机和远程机的 authorized_keys是否正确，由传了一次id_rsa.pub

aapp016@melaitlned02:~/.ssh> ll
total 8
-rw-r--r-- 1 root root 399 Dec 19  2016 authorized_keys
-r--r--r-- 1 root root 399 Dec 19  2016 id_rsa.pub
aapp016@melaitlned02:~/.ssh> pwd
/home/aapp016/.ssh
aapp016@melaitlned02:~/.ssh>

3,发现仍是须要密码登陆，偶然查看远程机的/var/log

4，查看该ID的组

melaitlned02:/sbin # id aapp016
uid=44016(aapp016) gid=55009(ops) groups=55009(ops),100(users)

5，查看配置文件/etc/ssh/sshd_config 中AllowGroups  参数中是否有加入aapp016的所属组，发现没有加进去，因而须要手动添加进去 ops 这个组

vim /etc/ssh/sshd_config

AllowGroups wheel svr_melaitlned02_access svr_melaitlned02_wheel root ops
DenyGroups login_disabled
AllowGroups wheel svr_melaitlned02_access svr_melaitlned02_wheel ops
DenyGroups login_disabled

6，重启sshd服务

/etc/init.d/sshd restart

再次测试, 成功登陆

aapp016@vmmelplinf01:~> ssh melaitlned02
Last failed login: Mon Dec  4 17:01:13 AEDT 2017 from vmmelplinf01.aia.biz on ssh:notty
There were 16 failed login attempts since the last successful login.
****************************************************************************

Warning: These facilities are solely for the use of authorized employees or
agents of the Company, its subsidiaries and affiliates. Unauthorized use is
prohibited and subject to criminal and civil penalties. Individuals using this
computer system are subject to having all of their activities on this system
monitored and recorded by systems personnel.

****************************************************************************

aapp016@melaitlned02:~>

#面密码登陆的本质是：跳板机上生成一个公钥传到远程机的./ssh/authorized_keys