Ssh
我怎樣才能讓 sshd 告訴我為什麼它無法通過公鑰身份驗證?
我使用 OpenSSH 6.9p1(在 Lubuntu 上)作為我的 SSH 伺服器。當嘗試連接到它時(在 Cygwin 中使用 SSH 客戶端),我一直被恢復為密碼身份驗證,儘管我已經正確生成了我的密鑰,將它們放在伺服器上的授權密鑰文件中,檢查了權限等。
所以,我看看
/var/log/auth.log
伺服器說什麼。我發現這個:Nov 1 09:50:10 er-thinkpad sshd[16148]: Accepted password for joeuser from 192.168.2.6 port 53325 ssh2 Nov 1 09:50:10 er-thinkpad sshd[16148]: pam_unix(sshd:session): session opened for user joeuser by (uid=0) Nov 1 09:50:10 er-thinkpad systemd-logind[590]: New session 497 of user joeuser.
…在第一行之前沒有關於公鑰認證失敗的任何內容。好的,讓我們增加詳細程度。所以我
LogLevel
從INFO
to更改VERBOSE
並再試一次。現在我得到:Nov 1 09:53:12 er-thinkpad sshd[16269]: Connection from 192.168.2.6 port 53349 on 192.168.2.2 port 22 Nov 1 09:53:12 er-thinkpad sshd[16269]: Failed publickey for joeuser from 192.168.2.6 port 53349 ssh2: RSA SHA256:removedthis Nov 1 09:53:12 er-thinkpad sshd[16269]: Failed publickey for joeuser from 192.168.2.6 port 53349 ssh2: ECDSA SHA256:removedthis Nov 1 09:53:15 er-thinkpad sshd[16269]: Accepted password for joeuser from 192.168.2.6 port 53349 ssh2 Nov 1 09:53:15 er-thinkpad sshd[16269]: pam_unix(sshd:session): session opened for user joeuser by (uid=0) Nov 1 09:53:15 er-thinkpad systemd-logind[590]: New session 499 of user joeuser. Nov 1 09:53:15 er-thinkpad sshd[16269]: User child is on pid 16271 Nov 1 09:53:15 er-thinkpad sshd[16271]: Starting session: shell on pts/5 for joeuser from 192.168.2.6 port 53349
太好了,它失敗了,但為什麼它失敗了?我怎樣才能讓 sshd 告訴我呢?
PS - 如您所知,這是客戶所看到的:
debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/joeuser/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Skipping ssh-dss key /home/joeuser/.ssh/id_dsa for not in PubkeyAcceptedKeyTypes debug1: Offering ECDSA public key: /home/joeuser/.ssh/id_ecdsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/joeuser/.ssh/id_ed25519 debug1: Next authentication method: password
在伺服器端,將日誌級別設置為
DEBUG3
. 在客戶端,使用該-vvv
選項連接(這也為您DEBUG3
提供客戶端)。