Ssh
git私有伺服器錯誤:“權限被拒絕(公鑰)。”
我按照此處的說明在我的 Amazon EC2 實例上設置了一個私有 git 伺服器。但是,我在嘗試 SSH 到 git 帳戶時遇到問題。具體來說,我收到錯誤“權限被拒絕(公鑰)”。
以下是我在 EC2 伺服器上的文件/文件夾的權限:
drwx------ 4 git git 4096 Aug 13 19:52 /home/git/ drwx------ 2 git git 4096 Aug 13 19:52 /home/git/.ssh -rw------- 1 git git 400 Aug 13 19:51 /home/git/.ssh/authorized_keys
以下是我自己電腦上文件/文件夾的權限:
drwx------ 5 CYT staff 170 Aug 13 14:51 .ssh -rw------- 1 CYT staff 1679 Aug 13 13:53 .ssh/id_rsa -rw-r--r-- 1 CYT staff 400 Aug 13 13:53 .ssh/id_rsa.pub -rw-r--r-- 1 CYT staff 1585 Aug 13 13:53 .ssh/known_hosts
檢查我的登錄時
/var/log/secure
,我每次嘗試 SSH 時都會收到以下錯誤消息:Authentication refused: bad ownership or modes for file /home/git/.ssh/authorized_keys
但是,在進行了一些權限更改後,我不再收到此錯誤消息。儘管如此,我仍然收到“權限被拒絕(公鑰)”。每次我嘗試 SSH 時都會收到消息。
我用於 SSH 的命令是
ssh -T git@my-ip
.這是我執行時得到的完整日誌
ssh -vT git@my.ip
:OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug1: Connecting to my-ip [my-ip] port 22. debug1: Connection established. debug1: identity file /Users/CYT/.ssh/id_rsa type -1 debug1: identity file /Users/CYT/.ssh/id_rsa-cert type -1 debug1: identity file /Users/CYT/.ssh/id_dsa type -1 debug1: identity file /Users/CYT/.ssh/id_dsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2 debug1: match: OpenSSH_6.2 pat OpenSSH* debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA 08:ad:8a:bc:ab:4d:5f:73:24:b2:78:69:46:1a:a5:5a debug1: Host 'my-ip' is known and matches the RSA host key. debug1: Found key in /Users/CYT/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /Users/CYT/.ssh/id_rsa debug1: Trying private key: /Users/CYT/.ssh/id_dsa debug1: No more authentication methods to try. Permission denied (publickey).
我花了幾個小時瀏覽各種網站上的執行緒,包括 SO 和 SF,尋找解決方案。似乎我的文件的權限都還可以,但我就是想不通問題所在。任何幫助將不勝感激。
編輯:
EEAA:這是您要求的輸出:
$ getent passwd git git:x:503:504::/home/git:/bin/bash $ grep ssh ~git/.ssh/authorized_keys | wc -l grep: /home/git/.ssh/authorized_keys: Permission denied 0
我應該更仔細地檢查日誌。我的 SSH 密鑰的位置未正確指定。我曾經
SSH -i
指定正確的目錄並且能夠成功SSH。
這個錯誤
Authentication refused: bad ownership or modes for file /home/git/.ssh/authorized_keys
通常意味著路徑鏈上的權限使得不僅root和伺服器端使用者(‘git’)可以改變/home/git/.ssh/authorized_keys,其他人也可以。
每當我看到這個錯誤時,結果證明authorized_keys 文件本身或其父目錄之一是例如組可寫或全域可寫的。您列出了 /home/git/.ssh 和 /home/git 的權限,但沒有列出 /home 和 / !
您可以通過在伺服器端設置“StrictModes=no”來放寬此要求,請參閱sshd_config(5)