普通用户SSH无密码互信建立 出现的问题以及解决办法_no such identity: /home/dbapp/.ssh/id_rsa: no such

配置前提醒：.ssh目录不需要手动创建！命令会自动完成这一切。
当你看见这篇文章时，假设你已经安装好了ssh相关服务。

作为普通用户，用sudo权限去修改配置文件/etc/ssh/sshd_config

$ sudo vim /etc/ssh/sshd_config
 ...
 RSAAuthentication yes # 启用 RSA 认证
 PubkeyAuthentication yes # 启用公钥私钥配对认证方式
 AuthorizedKeysFile %h/.ssh/authorized_keys # 公钥文件路径
 ...
1
2
3
4
5
6

重启SSH服务（不同版本有不同的重启方式）：
Debian / Ubuntu

$ sudo service ssh restart 
or
$ /etc/init.d/ssh restart 
1
2
3

CentOS / RHEL / Fedora / Redhat

$ /etc/init.d/sshd restart
or
$ service sshd restart
1
2
3

创建私钥和公钥
创建密钥对时，一定不要在命令前加sudo
创建密钥对时，一定不要在命令前加sudo
创建密钥对时，一定不要在命令前加sudo

# -t 指定类型，-f指定文件生成路径，-P指定文件密码（''表示无密码）
$ ssh-keygen -t rsa -f ~/.ssh/id_rsa -P ''
Generating public/private rsa key pair.
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:sRWB6v9sTYvBAJVc40QFZs49JQuQVkPjB6fRc7xETDM user@192.168.1.212
The key's randomart image is:
+---[RSA 2048]----+
|       ooX^=+=E  |
|      . *O %o+=o |
|       +. B =+ . |
|      . .+ . ..  |
|     .  So       |
|      .   o .    |
|       .   = .   |
|        ..o o    |
|         oo      |
+----[SHA256]-----+
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

此时生成了一对密钥
公钥：id_rsa.pub
密钥：id_rsa

将生成的公钥(id_ras.pub)拷贝至另外一台服务器

$ ssh-copy-id -i .ssh/id_rsa.pub user@192.168.1.213
...
Are you sure you want to continue connecting (yes/no)? yes
...
user@192.168.1.213's password: #这里提示输入密码
...
Now try logging into the machine, with:   "ssh 'user@192.168.1.213'"
and check to make sure that only the key(s) you wanted were added.
1
2
3
4
5
6
7
8
9

拷贝成功，测试连接

$ ssh 192.168.1.213 'ifconfig'
ens33     Link encap:Ethernet  HWaddr 00:0c:29:c6:7e:6b  
          inet addr:192.168.1.213  Bcast:192.168.1.255  Mask:255.255.255.0
          ...

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          ...
1
2
3
4
5
6
7
8

连接成功，则对另外一台服务器主机进行相同的操作，完成互信无密码连接。

注意：如果创建公钥私钥的时候，加上了sudo，比如像这样：

$ sudo ssh-keygen -t rsa -f ~/.ssh/id_rsa -P ''
1

系统会给以下提示：

Generating public/private rsa key pair.
Saving key "/home/****/.ssh/id_rsa" failed: No such file or directory
1
2

提示没有这个文件或目录
网上一些解答说，创建一个目录就好了，然后就去这样做

$ mkdir ~/.ssh
1

然后再来一次生成公钥私钥：

$ sudo ssh-keygen -t rsa -f ~/.ssh/id_rsa -P ''
Generating public/private rsa key pair.
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:/OxKIyjs01Z9yWae/Bnke1wQF1WMDSLmKH7XFQK3qyA root@192.168.1.212
The key's randomart image is:
+---[RSA 2048]----+
|          +.+ o**|
|         + o +o.+|
|      . . . . .o |
|     . o   . o.  |
|      E.S...+  . |
| .   ..o.=*+    .|
|  o.... o*+.o. . |
| ...o  o o+  +o  |
|  .o    ....+.   |
+----[SHA256]-----+
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

一看结果，成功！
但是。。。 用户此时会把公钥远程传送给另外一台服务器上，像这样：

$ ssh-copy-id -i .ssh/id_rsa.pub user@192.168.1.213

/usr/bin/ssh-copy-id: ERROR: failed to open ID file '.ssh/id_rsa': Permission denied
    (to install the contents of '.ssh/id_rsa.pub' anyway, look at the -f option)
1
2
3
4

权限不够？加上sudo吧。。。

$ sudo ssh-copy-id -i .ssh/id_rsa.pub user@192.168.1.213
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@ip's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'user@192.168.1.213'"
and check to make sure that only the key(s) you wanted were added.
1
2
3
4
5
6
7
8
9
10
11

心中默念：完美！公钥已经成功拷贝到服务器，可以免密远程登录了！接着就开心的去连接…

$ ssh 192.168.1.213                                      
Load key "/home/user/.ssh/id_rsa": Permission denied
user@192.168.1.213's password: 
1
2
3

什么？居然还要我输入密码！！！不能忍。
接着各种查资料，然而毫无进展。。。
接着查看连接过程是不是出了错：

$ ssh -vvv 192.168.1.213      
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "192.168.1.213" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.1.213 [192.168.1.213] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
...
...
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

去google搜索半天也没任何结果。
就当准备放弃的时候，用ll -a ~/.ssh/查看了一下.ssh目录下的文件们….

$ ll -a ~./ssh/
-rw------- 1 root root 1.7K Oct  4 00:45 id_rsa
-rw-r--r-- 1 root root  406 Oct  4 00:45 id_rsa.pub
1
2
3

！！！居然我这个user用户创建的文件变成了root所有！好吧，把属于我的夺回来：

$ sudo chown user /home/user/.ssh/id_rsa
$ sudo chgrp user /home/user/.ssh/id_rsa
1
2

再试一次连接

$ ssh 192.168.1.213
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-87-generic x86_64)
...
...
$
1
2
3
4
5

这下终于成功了。
虽说成功了，但是绕了好大的一个圈子，哎，人生苦短，千万不要因为一些小细节，浪费掉自己大把时间。

写这篇博客的目的在于，希望能够帮助一些遇到类似问题的朋友，虽然说到最后问题看似简单，但往往bug就出现在一些很简单的细节问题上，难以察觉。细节决定成败。。。

总结：多注意细节上的东西，时间就是生命，多总结，多积累。