Ssh

git私有伺服器錯誤:“權限被拒絕(公鑰)。”

  • August 22, 2014

我按照此處的說明在我的 Amazon EC2 實例上設置了一個私有 git 伺服器。但是,我在嘗試 SSH 到 git 帳戶時遇到問題。具體來說,我收到錯誤“權限被拒絕(公鑰)”。

以下是我在 EC2 伺服器上的文件/文件夾的權限:

drwx------ 4 git git 4096 Aug 13 19:52 /home/git/
drwx------ 2 git git 4096 Aug 13 19:52 /home/git/.ssh
-rw------- 1 git git  400 Aug 13 19:51 /home/git/.ssh/authorized_keys

以下是我自己電腦上文件/文件夾的權限:

drwx------  5 CYT  staff   170 Aug 13 14:51 .ssh
-rw-------  1 CYT  staff  1679 Aug 13 13:53 .ssh/id_rsa
-rw-r--r--  1 CYT  staff   400 Aug 13 13:53 .ssh/id_rsa.pub
-rw-r--r--  1 CYT  staff  1585 Aug 13 13:53 .ssh/known_hosts

檢查我的登錄時/var/log/secure,我每次嘗試 SSH 時都會收到以下錯誤消息:

Authentication refused: bad ownership or modes for file /home/git/.ssh/authorized_keys

但是,在進行了一些權限更改後,我不再收到此錯誤消息。儘管如此,我仍然收到“權限被拒絕(公鑰)”。每次我嘗試 SSH 時都會收到消息。

我用於 SSH 的命令是ssh -T git@my-ip.

這是我執行時得到的完整日誌ssh -vT git@my.ip

OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to my-ip [my-ip] port 22.
debug1: Connection established.
debug1: identity file /Users/CYT/.ssh/id_rsa type -1
debug1: identity file /Users/CYT/.ssh/id_rsa-cert type -1
debug1: identity file /Users/CYT/.ssh/id_dsa type -1
debug1: identity file /Users/CYT/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 08:ad:8a:bc:ab:4d:5f:73:24:b2:78:69:46:1a:a5:5a
debug1: Host 'my-ip' is known and matches the RSA host key.
debug1: Found key in /Users/CYT/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/CYT/.ssh/id_rsa
debug1: Trying private key: /Users/CYT/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).

我花了幾個小時瀏覽各種網站上的執行緒,包括 SO 和 SF,尋找解決方案。似乎我的文件的權限都還可以,但我就是想不通問題所在。任何幫助將不勝感激。

編輯:

EEAA:這是您要求的輸出:

$ getent passwd git
git:x:503:504::/home/git:/bin/bash

$ grep ssh ~git/.ssh/authorized_keys | wc -l
grep: /home/git/.ssh/authorized_keys: Permission denied
0

我應該更仔細地檢查日誌。我的 SSH 密鑰的位置未正確指定。我曾經SSH -i指定正確的目錄並且能夠成功SSH。

這個錯誤

Authentication refused: bad ownership or modes for file /home/git/.ssh/authorized_keys

通常意味著路徑鏈上的權限使得不僅root和伺服器端使用者(‘git’)可以改變/home/git/.ssh/authorized_keys,其他人也可以。

每當我看到這個錯誤時,結果證明authorized_keys 文件本身或其父目錄之一是例如組可寫或全域可寫的。您列出了 /home/git/.ssh 和 /home/git 的權限,但沒有列出 /home 和 / !

您可以通過在伺服器端設置“StrictModes=no”來放寬此要求,請參閱sshd_config(5)

引用自:https://serverfault.com/questions/620253