Linux

儘管配置為僅公鑰身份驗證,ssh 仍然接受密碼身份驗證(有效!)

  • January 16, 2022

我已將 Ubuntu 10.04LTS 桌面安裝配置為僅允許公鑰身份驗證。

結果:公鑰認證完美執行!

問題:問題是儘管被配置為只接受公鑰認證,客戶端仍然接受密碼認證——為什麼?

當然可以使用一些建議,因為我已經看到並遵循了這裡的建議:ssh:設置密鑰後仍然可以使用密碼

遵循這些建議後沒有成功:

  • chmod 700 /home//.ssh

  • chmod 600 /home//.ssh/authorized_keys

  • 添加到 /etc/ssh/ssh_config:

    • 密碼驗證無
    • ChallengeResponseAuthentication 否
  • 重新啟動 sshd(命令:/usr/sbin/service ssh restart)。

客戶端的 /etc/ssh/ssh_config 讀取:

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#   ForwardAgent no
#   ForwardX11 no
#   ForwardX11Trusted yes
#   RhostsRSAAuthentication no
   RSAAuthentication yes
   PasswordAuthentication no
   PermitRootLogin no
   PubKeyAuthentication yes
   ChallengeResponseAuthentication no
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-c                                                    bc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
   SendEnv LANG LC_*
   HashKnownHosts yes
   GSSAPIAuthentication yes
   GSSAPIDelegateCredentials no

我錯過了另一個選擇嗎?也許匹配(儘管這似乎對我沒有幫助)?

謝謝。

/etc/ssh/ssh_config是給客戶的。您想在伺服器配置文件上設置這些選項,即/etc/ssh/sshd_config.

我知道這個問題真的很老,並且已經得到解答,但是當我遇到這個問題時,這是Google上排名第一的搜尋結果,我想我會把資訊放在這裡。

換了之後不知什麼原因

PasswordAuthentication yes

PasswordAuthentication no

在我的 sshd_config 文件中,它仍在詢問密碼。

我已經檢查了這裡的一切,我也跑了

sudo /etc/init.d/ssh restart #or sshd

對配置文件的更改不會有任何區別,所以我最終嘗試重新啟動機器,並且成功了。我猜 /etc/init.d/ssh restart 由於某種原因沒有工作?無論如何,我希望這對某人有所幫助。

引用自:https://serverfault.com/questions/265894