srh's questions

我们有一组配置有 100GB/tmp和 400GB/scratch分区的 Centos7 机器。我们正在使用的工具消耗的/tmp空间比预期的要多，因此我们需要重新分配一些/scratch空间给/tmp.

我们的系统在 RAID-1 中设置了两个 1TB NVME 驱动器；相关的 lsblk 输出：

nvme0n1              259:0    0 894.3G  0 disk
├─nvme0n1p1          259:4    0     1G  0 part
│ └─md126              9:126  0  1023M  0 raid1 /boot
├─nvme0n1p2          259:6    0   201M  0 part
│ └─md125              9:125  0   201M  0 raid1 /boot/efi
└─nvme0n1p3          259:8    0 893.1G  0 part
  └─md127              9:127  0   893G  0 raid1
    ├─centos-root    253:0    0   200G  0 lvm   /
    ├─centos-swap    253:1    0   256G  0 lvm   [SWAP]
    ├─centos-tmp     253:3    0   100G  0 lvm   /tmp
    └─centos-scratch 253:4    0   300G  0 lvm   /scratch
nvme1n1              259:1    0 894.3G  0 disk
├─nvme1n1p1          259:3    0     1G  0 part
│ └─md126              9:126  0  1023M  0 raid1 /boot
├─nvme1n1p2          259:5    0   201M  0 part
│ └─md125              9:125  0   201M  0 raid1 /boot/efi
└─nvme1n1p3          259:7    0 893.1G  0 part
  └─md127              9:127  0   893G  0 raid1
    ├─centos-root    253:0    0   200G  0 lvm   /
    ├─centos-swap    253:1    0   256G  0 lvm   [SWAP]
    ├─centos-tmp     253:3    0   100G  0 lvm   /tmp
    └─centos-scratch 253:4    0   300G  0 lvm   /scratch

我正在努力确定如何将 的大小缩小/scratch100GB，并将大小增加/tmp100GB。fdisk找不到分区图：

[root /tmp]# fdisk /dev/md127
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x6fb1c8c6.

Command (m for help): p

Disk /dev/md127: 958.8 GB, 958774902784 bytes, 1872607232 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x6fb1c8c6

      Device Boot      Start         End      Blocks   Id  System

我可以为此过程使机器脱机，但不清楚从哪里开始。如何缩小 RAID-1 上一个卷的大小并使用该空间扩展另一个卷？

我已经阅读了很多解决这个问题的方法，但似乎没有一个适用于我所看到的。大多数关注目录权限，但在这种情况下似乎是正确的。TL;DR：两个具有相同主目录的 Centos7 服务器；sshd即使已启用，一个人也不允许公钥身份验证。

我有两台 centos7 服务器，我们称它们centos-a为centos-b. 主目录是通过 NFS 挂载的，因此.ssh两者之间的目录是相同的（下面对此进行确认）。我可以从 sshcentos-a到centos-a，但不能到centos-b。我可以从centos-btocentos-a和 to SSH centos-b。

[myuser@centos-a ~]$ ls -la ~/.ssh
total 16
drwx------. 1 myuser domain users    0 Jul  6 11:45 .
drwx------. 1 myuser domain users    0 Jul  7 13:44 ..
-rw-------. 1 myuser domain users 1212 Jul  6 12:02 authorized_keys
-rw-------. 1 myuser domain users 1675 Jul  6 11:45 id_rsa
-rw-r--r--. 1 myuser domain users  402 Jul  6 11:45 id_rsa.pub
-rw-r--r--. 1 myuser domain users 1119 Jul  6 17:49 known_hosts

[myuser@centos-a ~]$ md5sum ~/.ssh/*
65b4fdf2d59cee3ae45b8480454453ec  /home/myuser/.ssh/authorized_keys
fa3e9fc5a8ff08787ff2ba8f979da24e  /home/myuser/.ssh/id_rsa
dca36ab3ec342423c5eca588f2ad5678  /home/myuser/.ssh/id_rsa.pub
f67bc94bc7a30b9876e3027b24f893d8  /home/myuser/.ssh/known_hosts

[myuser@centos-a ~]$ ssh centos-a hostname
centos-a

[myuser@centos-a ~]$ ssh centos-b hostname
myuser@centos-b's password:

[myuser@centos-b ~]$ ls -la ~/.ssh
total 16
drwx------. 1 myser domain users    0 Jul  6 11:45 .
drwx------. 1 myser domain users    0 Jul  7 13:44 ..
-rw-------. 1 myser domain users 1212 Jul  6 12:02 authorized_keys
-rw-------. 1 myser domain users 1675 Jul  6 11:45 id_rsa
-rw-r--r--. 1 myser domain users  402 Jul  6 11:45 id_rsa.pub
-rw-r--r--. 1 myser domain users 1119 Jul  6 17:49 known_hosts

[myuser@centos-b ~]$ md5sum ~/.ssh/*
65b4fdf2d59cee3ae45b8480454453ec  /home/myuser/.ssh/authorized_keys
fa3e9fc5a8ff08787ff2ba8f979da24e  /home/myuser/.ssh/id_rsa
dca36ab3ec342423c5eca588f2ad5678  /home/myuser/.ssh/id_rsa.pub
f67bc94bc7a30b9876e3027b24f893d8  /home/myuser/.ssh/known_hosts

[myuser@centos-b ~]$ ssh centos-b hostname
centos-b

[myuser@centos-b ~]$ ssh centos-a hostname
centos-a

如上所示，.ssh 目录上的权限似乎是正确的（无论如何，两台机器之间的权限都是相同的）。

ssh -vvv在失败的 ssh 上显示：

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
...
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
...
debug1: Host 'centos-b' is known and matches the ECDSA host key.
...
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1211402155)

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1211402155)

debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/myuser/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/myuser/.ssh/id_dsa
debug3: no such identity: /home/myuser/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/myuser/.ssh/id_ecdsa
debug3: no such identity: /home/myuser/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/myuser/.ssh/id_ed25519
debug3: no such identity: /home/myuser/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
myuser@centos-b's password:

将此与我看到的从centos-bto 进行对比centos-a，这很有效：

...
debug1: Unspecified GSS failure.  Minor code may provide more information
Server not found in Kerberos database

debug3: send packet: type 50
debug2: we sent a gssapi-with-mic packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/myuser/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:nAO5pVOzqUQzEUSEBN37WKp6ADs9Sk4rfTRGmk0FHEY
debug3: sign_and_send_pubkey: RSA SHA256:nAO5pVOzqUQzEUSEBN37WKp6ADs9Sk4rfTRGmk0FHEY
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).

我已启用 sshd 登录消息/etc/ssh/sshd_config并重新启动服务

# Logging
SyslogFacility AUTH
SyslogFacility AUTHPRIV
LogLevel INFO

但是/var/log/secure或中没有其他有用的消息/var/log/messages。

有趣的是，ssh from centos-btocentos-b正在使用 gssapi 身份验证。如果我强制它使用 publickey 它会失败：

[myuser@centos-b ~]$ ssh -vvv -o PreferredAuthentications=publickey centos-b hostname
...
debug1: Offering RSA public key: /home/myuser/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
...
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

我看到/var/log/messages：

Jul  7 13:52:10 centos-b sshd[23266]: Connection closed by 192.168.1.100 port 48064 [preauth]

公钥已启用：

[root@centos-b ssh]# sshd -T | grep -i pub
pubkeyauthentication yes
pubkeyacceptedkeytypes [email protected],ecdsa-sha...

这sshd_config是一个股票 Centos7 ，并且在andsshd_config之间是相同的（通过在两台机器上通过管道传递以下命令来验证centos-acentos-bmd5sum

[root@centos-b ssh]# grep -v -e '^#' -e '^$' /etc/ssh/sshd_config
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
AuthorizedKeysFile      .ssh/authorized_keys
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem       sftp    /usr/libexec/openssh/sftp-server

对我所缺少的有什么建议吗？