Linux
不允許使用者通過 SSH 登錄(Bash、OpenSSH、CentOS 6.5)
我正在通過 SSH 遠端執行 CentOS 6.5 機器。我使用 RSA 密鑰並禁用了密碼驗證。我遇到的問題是,每當我添加一個新使用者並希望他/她通過 SSH 登錄時,他們都會被拒絕訪問。
起初,這似乎是一個簡單的問題。這些是我已經嘗試過的:
- 檢查 pub 鍵是否有明顯錯誤
- 確保對 authorized_keys 和 ~/.ssh 的正確權限
- 確保它們在 ssh_config 的 AllowUsers 列表中
- 檢查防火牆權限
- 確保他們的私鑰正在被使用
- 重啟SSHD
這是我設置的內容
sshd_config
:PermitRootLogin no AllowUsers keving moman muser
這就是我的日誌告訴我的:
Login attempted when not in AllowUsers list: muser : 3 Time(s) root : 127 Time(s)
為什麼 SSH 不允許登錄,而 AllowUsers 列表顯然列出了 muser?還有其他地方可以設置嗎?
更新:在將我的 pub 密鑰添加到帶有詳細標誌的使用者的 authorized_keys 文件後,我嘗試在我的機器上登錄該帳戶
-v
。這些是結果(出於安全原因,使用假 IP 和伺服器主機密鑰):$ ssh -v mattm@111.111.111.111 OpenSSH_6.6.1, OpenSSL 1.0.1i 6 Aug 2014 debug1: Reading configuration data /c/Users/[user]/.ssh/config debug1: Connecting to 111.111.111.111 [111.111.111.111] port 22. debug1: Connection established. debug1: identity file /c/Users/[user]/.ssh/id_rsa type 1 debug1: identity file /c/Users/[user]/.ssh/id_rsa-cert type -1 debug1: identity file /c/Users/[user]/.ssh/id_dsa type -1 debug1: identity file /c/Users/[user]/.ssh/id_dsa-cert type -1 debug1: identity file /c/Users/[user]/.ssh/id_ecdsa type -1 debug1: identity file /c/Users/[user]/.ssh/id_ecdsa-cert type -1 debug1: identity file /c/Users/[user]/.ssh/id_ed25519 type -1 debug1: identity file /c/Users/[user]/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA [censored] debug1: Host '111.111.111.111' is known and matches the RSA host key. debug1: Found key in /c/Users/[user]/.ssh/known_hosts:4 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: Next authentication method: publickey debug1: Offering RSA public key: /c/Users/[user]/.ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: Trying private key: /c/Users/[user]/.ssh/id_dsa debug1: Trying private key: /c/Users/[user]/.ssh/id_ecdsa debug1: Trying private key: /c/Users/[user]/.ssh/id_ed25519 debug1: No more authentication methods to try. Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
正如@toppledwagon 在對我的問題的評論中所建議的那樣,我檢查並確定在包括主目錄
/var/log/security
的樹上有一個錯誤權限條目。~/.ssh/authorized_keys
進行這些編輯後,我能夠使用 RSA 密鑰通過 ssh 登錄到使用者的帳戶:
$ chmod g-w /home/your_user $ chmod 700 /home/your_user/.ssh $ chmod 600 /home/your_user/.ssh/authorized_keys
參考:http ://www.daveperrett.com/articles/2010/09/14/ssh-authentication-refused/
調整這些權限後,我可以登錄了。有趣的是,我已經將
.ssh
dir 和authorized_keys
file 分別設置為700
和600
。由於某種原因,未正確設置主目錄。感謝所有在評論中提供幫助的人。