docker ssh连接到本地主机的运行权限被拒绝(公钥、密码、键盘交互)

roejwanj  于 2021-05-29  发布在  Hadoop
关注(0)|答案(1)|浏览(536)

我正在为单节点hadoop容器构建一个docker容器,在为hadoop用户设置无密码ssh登录时遇到问题(我没有使用 root 运行hadoop服务)。我在互联网上搜索了可能的修复程序,授权的\u密钥的权限,/.ssh等等,看起来都不错。以下是调试日志的相关部分:

debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/hdadmin/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
...
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).

尝试ssh之前的文件权限:

drwx------    1 hdadmin  hdadmin       4096 Feb 25 14:33 /home/hdadmin/.ssh
-rw-------    1 hdadmin  hdadmin        402 Feb 25 04:54 authorized_keys
-rw-------    1 hdadmin  hdadmin         87 Feb 25 04:54 config
-rw-------    1 hdadmin  hdadmin       1671 Feb 25 04:54 id_rsa
-rw-r--r--    1 hdadmin  hdadmin        402 Feb 25 04:54 id_rsa.pub
-rw-------    1 hdadmin  hdadmin       1637 Feb 25 04:54 known_hosts

以及dockerfile中的相关代码:

RUN ... \
&& mkdir -p /home/hdadmin \
&& mkdir -p /home/hdadmin/.ssh \
&& touch /home/hdadmin/.ssh/authorized_keys \
&& touch /home/hdadmin/.ssh/config \
&& touch /home/hdadmin/.ssh/known_hosts \
&& addgroup hadoop \
&& adduser -D -g hadoop -h /home/hdadmin hdadmin -s /etc/passwd \
&& chown -R hdadmin:hdadmin /home/hdadmin \
&& chmod -R 0700 /home/hdadmin \
&& ssh-keygen -A
&& HOST_KEY="$(cat /etc/ssh/ssh_host_rsa_key.pub)" \
&& echo "127.0.0.1 ${HOST_KEY}" >> /home/hdadmin/.ssh/known_hosts \
&& echo "localhost ${HOST_KEY}" >> /home/hdadmin/.ssh/known_hosts \
&& echo "$HOSTNAME ${HOST_KEY}" >> /home/hdadmin/.ssh/known_hosts \
&& echo "0.0.0.0 ${HOST_KEY}"   >> /home/hdadmin/.ssh/known_hosts \
&& su-exec hdadmin ssh-keygen -q -N '' -t rsa -f /home/hdadmin/.ssh/id_rsa \
&& cat /home/hdadmin/.ssh/id_rsa.pub >> /home/hdadmin/.ssh/authorized_keys \
&& echo "Host *" >> /home/hdadmin/.ssh/config \
&& echo -e "\tUser hdadmin" >> /home/hdadmin/.ssh/config \
&& echo -e "\tPubKeyAuthentication yes" >> /home/hdadmin/.ssh/config \
&& echo -e "\tIdentityFile /home/hdadmin/.ssh/id_rsa" >> /home/hdadmin/.ssh/config \
&& eval $(ssh-agent) \
&& ssh-add /home/hdadmin/.ssh/id_rsa \
&& chmod 0600 /home/hdadmin/.ssh/* \
&& chmod 0644 /home/hdadmin/.ssh/*.pub \
&& /usr/sbin/sshd \
&& su-exec hdadmin ssh -vvv localhost

sshd_config文件是所有默认文件,尚未修改。我不明白为什么这样不行,我想我做的一切都是对的。
编辑1:在dockerfile示例中添加了更多内容。

hadoopdockersshopenssh

1条答案

按热度按时间
yrefmtwq

yrefmtwq1#

所以我最终弄明白了。首先,我安装了一个syslog功能,以便实际查看日志消息。这是在alpine linux上运行的,因此我在dockerfile中执行了以下操作,以便获得消息:

COPY init.sh /tmp/init.sh   # This sh file just contains /usr/sbin/rsyslogd -n -f /etc/rsyslog.conf & so that it runs in the background
RUN apk add --no-cache rsyslog \
&& echo "\$ModLoad inmark.so" >> /etc/rsyslog.conf \
&& echo "\$IncludeConfig /etc/rsyslog.d/*.conf" >> /etc/rsyslog.conf \
&& echo "auth,authpriv.* /var/log/auth.log" >> /etc/rsyslog.conf \
&& sed -i "s/#LogLevel.*/LogLevel DEBUG/g" /etc/ssh/sshd_config \
&& sed -i "s/#SyslogFacility.*/SyslogFacility AUTH/g" /etc/ssh/sshd_config \

一旦我这么做了,在 /var/log/auth.log 我找到的文件:

2018-02-25T19:23:18.942070+00:00 c97682336915 sshd[29]: User hdadmin not allowed because account is locked

我没有为这个帐户设置密码,因为它不会以交互方式使用。所以我在dockerfile前面设置了一个:

usermod -p '*' hdadmin

然后我得到了这些信息:

2018-02-25T19:23:18.942070+00:00 c97682336915 sshd[29]: User hdadmin not allowed because shell /etc/passwd is not executable

所以我把adduser行改为:

&& adduser -D -g hadoop -h /home/hdadmin -s /bin/bash hdadmin \

现在一切都好了。我相信这仍然会使hdadmin帐户处于一种无法与密码或任何交互式登录一起使用的状态,但它仍然可以通过编程方式与公钥身份验证一起使用。

赞(0)分享  回复(0)举报  2021-05-29
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com