Linux

SSH公鑰/私鑰登錄

  • September 10, 2012

我正在嘗試使 ssh 與 pp 鍵一起工作。但是在遵循了幾個howto之後,我仍然遇到登錄問題。伺服器是opensuse 12.1,客戶端是mac。這是詳細的輸出:

debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.139 [192.168.1.139] port 22.
debug1: Connection established.
debug1: identity file /Users/me/.ssh/id_rsa type 1
debug1: identity file /Users/me/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8
debug1: match: OpenSSH_5.8 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.1.139' is known and matches the RSA host key.
debug1: Found key in /Users/me/.ssh/known_hosts:7
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/me/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password: 

有人知道在哪裡尋找嗎?謝謝

無法從客戶端進一步調試。客戶端提供密鑰,它沒有被接受,這一定是伺服器端的問題。找出原因的最快方法(如果可行的話)是在調試模式下啟動另一個 sshd,它會告訴您密鑰被拒絕的確切原因。在伺服器端:

/usr/sbin/sshd -d -p 2222

這將在埠 2222 上以調試模式啟動 sshd(一個不同的埠,這樣我們就不會干擾在埠 22 上執行的伺服器)。

然後在客戶端:

ssh -p 2222 user@remotehost

您應該在啟動 sshd 的終端中看到您鍵入的密鑰被拒絕的原因。

通常問題在於權限過於寬鬆。authorized_keys 文件和整個目錄祖先不得被除使用者之外的任何人寫入。因此,如果authorized_keys 文件位於/home/username/.ssh/authorized_keys 中,那麼例如/、/home、/home/username 都不能是組可寫的。

引用自:https://serverfault.com/questions/383476