Linux
Google 計算引擎實例中的 SSH 公有/私有身份驗證失敗
我有兩個在 Google 計算引擎上執行的 Ubuntu 14.04 LTS 實例(主機名是 namenode 和 datanode1 )。我正在努力在它們之間設置 ssh root 訪問權限。
我正在提供一些資訊,以便您可以幫助我解決此問題
我在namenode上生成了密鑰對(namenode,namenode.pub)。namenode 上的公鑰如下所示
root@namenode:~# cat .ssh/namenode.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsxYETzfP3Kv9QgRZ5AnJGu6LNTuAJj67DhUzJVad1Cis7qQ7X7GSv1S+HQESiK/H1u3duVunMB+eiV1ktF/V42r5o3HCTTckiChSuu4B+wkHCqaHFYtGJZIMncPb4CvuyhzPz+Zb mlV7YRGqw5lO+cQLSxCQpmBkIR1iQHRbtLIRenUTI3cXnJ22OhRea63R1/d+LspJreI8lnfmVLMr3MLUfi/U2vX3kR2EaH1QAoO1+dnRzuqsZE/ehbzT/DfBifRdoRCzhXuWgNKNxc/O0V3MwflnvPaWxxDC7FNQ7//nFg4gl8j4yV8 XFvuCyzJTQ9nS3wN+6Dms7MfDQtl4v root@namenode
我將此公鑰添加到 datanode1 的授權密鑰中。
root@datanode1:~# cat .ssh/authorized_keys # namenode ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsxYETzfP3Kv9QgRZ5AnJGu6LNTuAJj67DhUzJVad1Cis7qQ7X7GSv1S+HQESiK/H1u3duVunMB +eiV1ktF/V42r5o3HCTTckiChSuu4B+wkHCqaHFYtGJZIMncPb4CvuyhzPz+ZbmlV7YRGqw5lO+cQLSxCQpmBkIR1iQHRbtLIRenUTI3cXnJ22OhR ea63R1/d+LspJreI8lnfmVLMr3MLUfi/U2vX3kR2EaH1QAoO1+dnRzuqsZE/ehbzT/DfBifRdoRCzhXuWgNKNxc/O0V3MwflnvPaWxxDC7FNQ7//n Fg4gl8j4yV8XFvuCyzJTQ9nS3wN+6Dms7MfDQtl4v root@namenode
我添加了這樣的身份
root@namenode:~# eval `ssh-agent -s` Agent pid 4030 root@namenode:~# ssh-add .ssh/namenode Identity added: .ssh/namenode (.ssh/namenode)
這是詳細的輸出
root@namenode:~# ssh -v -i .ssh/namenode.pub root@datanode1 OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to datanode1 [10.240.218.126] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file .ssh/namenode.pub type 1 debug1: identity file .ssh/namenode.pub-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA b8:70:6e:f6:8c:4e:8e:ed:2b:46:d6:d4:d9:4d:ec:bb debug1: Host 'datanode1' is known and matches the ECDSA host key. debug1: Found key in /root/.ssh/known_hosts:4 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: .ssh/namenode.pub debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. Permission denied (publickey).
datanode1 上授權密鑰的權限是
-rw------- 1 root root 3695 Mar 19 18:53 .ssh/authorized_keys
請幫我解決這個問題。自2天以來,我一直在苦苦掙扎。
ssh -v -i .ssh/namenode.pub root@datanode1
在命令行上指定 ssh 密鑰時,它應該是私鑰文件,而不是公共文件。所以你應該
.ssh/namenode
在這裡參考,而不是.ssh/namenode.pub
.看起來您將私鑰添加到
ssh-add
,但 ssh 調試跟踪中沒有任何跡象表明它與 ssh 代理通信或將私鑰提供給遠端伺服器。也許您在與 ssh-add 命令不同的會話(終端視窗)中執行 ssh,因此 ssh 無法訪問告訴它如何訪問代理的環境變數。最後,該
namenode.pub
行的內容是一長行。authorized_keys
確保將其作為一長行而不是三行複製到遠端文件中。