Uwaga
Dostęp do tej strony wymaga autoryzacji. Może spróbować zalogować się lub zmienić katalogi.
Dostęp do tej strony wymaga autoryzacji. Możesz spróbować zmienić katalogi.
On secure clusters, by default, all domain users in Microsoft Entra Domain Services are allowed to SSH into the head and edge nodes. These users are not part of the sudoers group and do not get root access. The SSH user created during cluster creation has root access.
Zarządzanie dostępem
To modify SSH access to specific users or groups, update /etc/ssh/sshd_config
on each of the nodes.
Użyj polecenia ssh, aby nawiązać połączenie z klastrem. Zmodyfikuj następujące polecenie, zastępując ciąg CLUSTERNAME nazwą klastra, a następnie wprowadź polecenie:
ssh sshuser@CLUSTERNAME-ssh.azurehdinsight.net
Open the
ssh_confi
g file.sudo nano /etc/ssh/sshd_config
Modify the
sshd_config
file as desired. If you restrict users to certain groups, then the local accounts cannot SSH into that node. The following command is only an example of syntax:AllowUsers useralias1 useralias2 AllowGroups groupname1 groupname2
Then save changes: Ctrl + X, Y, Enter.
Restart sshd.
sudo systemctl restart sshd
Repeat above steps for each node.
SSH authentication log
SSH authentication log is written into /var/log/auth.log
. If you see any login failures through SSH for local or domain accounts, you need to go through the log to debug the errors. Often the issue might be related to specific user accounts and it's usually a good practice to try other user accounts or SSH using the default SSH user (local account) and then attempt a kinit.
SSH debug log
To enable verbose logging, you need to restart sshd
with the -d
option. Like /usr/sbin/sshd -d
You can also run sshd
at a custom port (like 2222) so that you don't have to stop the main SSH daemon. You can also use -v
option with the SSH client to get more logs (client side view of the failures).