Linux
使用密鑰登錄的 ssh 從 Mac OSX 到 CentOS 5 遠端伺服器失敗
我正在嘗試設置從我的 mac 到執行 CentOS 的遠端伺服器的無密碼登錄,並使用“user1”的公鑰身份驗證。
我曾經
$ ssh-keygen -t rsa
在我的 mac 上設置一個公鑰,然後將 mykey.pub 文件複製到 CentOS user1 的 .ssh 目錄,然後做了一個cat mykey.pub >> authorized_keys
在 .ssh 目錄中。
我還將 .ssh 目錄的權限設置為 700,將 authorized_keys 設置為 600。
當我做一個:
ssh user1@myremoteserver.com
它仍然提示我輸入密碼。這是怎麼回事?
這是我在遠端機器上的 sshd_config 文件的副本:
Protocol 2 SyslogFacility AUTHPRIV PermitRootLogin no RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication yes PermitEmptyPasswords no ChallengeResponseAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials yes UsePAM no AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL X11Forwarding yes Subsystem sftp /usr/libexec/openssh/sftp-server
更多資訊:
這是我的 ssh -v 輸出。我認為系統預設使用 id_rsa.pub 而不是我命名的 mykey.pub 和 mykey(私鑰文件)。
OpenSSH_5.2p1, OpenSSL 0.9.8r 8 Feb 2011 debug1: Reading configuration data /etc/ssh_config debug1: Connecting to myremoteserver.com [1.1.1.1 (fake IP)] port 22. debug1: Connection established. debug1: identity file /Users/LocalUser/.ssh/identity type -1 debug1: identity file /Users/LocalUser/.ssh/id_rsa type -1 debug1: identity file /Users/LocalUser/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH_4* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'myremoteserver.com' is known and matches the RSA host key. debug1: Found key in /Users/LocalUser/.ssh/known_hosts:11 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: publickey debug1: Trying private key: /Users/LocalUser/.ssh/identity debug1: Trying private key: /Users/LocalUser/.ssh/id_rsa debug1: Trying private key: /Users/LocalUser/.ssh/id_dsa debug1: Next authentication method: password
如何告訴系統使用 mykey 而不是 id_rsa?
看起來你真正的問題就在最後:
如何告訴系統使用 mykey 而不是 id_rsa?
與
-i
國旗。FTFM:
-i identity_file Selects a file from which the identity (private key) for RSA or DSA authentication is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for pro- tocol version 2. Identity files may also be specified on a per- host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in config- uration files).
那麼:
ssh -i mykey user1@myremoteserver.com