Linux
即使在我將公鑰複製到遠端機器之後,SSH 也會要求輸入密碼
希望有人能幫我解決這個噩夢。我做了一個關於 vagrant 配置 4 台 ubuntu 機器、1 台控制器和 3 台伺服器的項目。在控制器和 ssh-copy-id 命令上創建 SSH 密鑰到 3 個伺服器節點。我可以在 3 台伺服器上的 authorized_keyes 中看到公鑰。
根據我在網際網路上可以找到的內容,etc/ssh/sshd_config 轉儲似乎沒問題。
# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #PubkeyAuthentication yes # Expect .ssh/authorized_keys2 to be disregarded by default in future. #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # Allow client to pass locale environment variables AcceptEnv LANG LC_* # override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server UseDNS no GSSAPIAuthentication no
當我嘗試從我的控制器機器連接到其中一台伺服器時調試輸出。
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to server1 [172.16.1.51] port 22. debug1: Connection established. debug1: identity file /home/vagrant/.ssh/id_rsa type 0 debug1: key_load_public: No such file or directory debug1: identity file /home/vagrant/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/vagrant/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/vagrant/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/vagrant/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/vagrant/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/vagrant/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/vagrant/.ssh/id_ed25519-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000 debug1: Authenticating to server1:22 as 'vagrant' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Qe4c4KKdHXNjhZ3PMFqTKrVFASCX3O8kvtCRKTifkfs debug1: Host 'server1' is known and matches the ECDSA host key. debug1: Found key in /home/vagrant/.ssh/known_hosts:1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 134217728 blocks debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering public key: RSA SHA256:gmW3Caq3TNEnCYHCa+BMgMm7lINsBlo7Y73bE596LZo /home/vagrant/.ssh/id_rsa debug1: Server accepts key: pkalg rsa-sha2-512 blen 279 Enter passphrase for key '/home/vagrant/.ssh/id_rsa':
我已經嘗試了大部分我能找到的關於這個主題的東西。我仍然無法無密碼訪問我的伺服器機器。歡迎任何建議。
謝謝你。
不會要求您輸入遠端主機的密碼。您被要求輸入您創建的 ssh 密鑰的密碼。
要解決此問題,請提供密碼。
如果您不想在密鑰上設置密碼,則在創建密鑰時不應再設置密碼。您也可以通過設置一個空的密碼來刪除它。
只需通過命令將控制器 SSH 密鑰複製到
ssh-copy-id
3 個伺服器節點,即可允許從節點訪問伺服器。您必須反向執行相同操作(即
ssh-copy-id
從每個節點到伺服器)以允許從控制器訪問節點。