Linux
SSH公鑰/私鑰登錄
我正在嘗試使 ssh 與 pp 鍵一起工作。但是在遵循了幾個howto之後,我仍然遇到登錄問題。伺服器是opensuse 12.1,客戶端是mac。這是詳細的輸出:
debug1: Reading configuration data /etc/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.1.139 [192.168.1.139] port 22. debug1: Connection established. debug1: identity file /Users/me/.ssh/id_rsa type 1 debug1: identity file /Users/me/.ssh/id_rsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8 debug1: match: OpenSSH_5.8 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.6 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '192.168.1.139' is known and matches the RSA host key. debug1: Found key in /Users/me/.ssh/known_hosts:7 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/me/.ssh/id_rsa debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: keyboard-interactive Password:有人知道在哪裡尋找嗎?謝謝
無法從客戶端進一步調試。客戶端提供密鑰,它沒有被接受,這一定是伺服器端的問題。找出原因的最快方法(如果可行的話)是在調試模式下啟動另一個 sshd,它會告訴您密鑰被拒絕的確切原因。在伺服器端:
/usr/sbin/sshd -d -p 2222這將在埠 2222 上以調試模式啟動 sshd(一個不同的埠,這樣我們就不會干擾在埠 22 上執行的伺服器)。
然後在客戶端:
ssh -p 2222 user@remotehost您應該在啟動 sshd 的終端中看到您鍵入的密鑰被拒絕的原因。
通常問題在於權限過於寬鬆。authorized_keys 文件和整個目錄祖先不得被除使用者之外的任何人寫入。因此,如果authorized_keys 文件位於/home/username/.ssh/authorized_keys 中,那麼例如/、/home、/home/username 都不能是組可寫的。