Ssh
SSH無密碼登錄
我知道您可以使用 ssh-keygen 生成公鑰/私鑰對。然後您可以在遠端伺服器上安裝公鑰。然後,您無需提供密碼即可登錄。我沒有成功設置基於密鑰的身份驗證。SSH 總是提示輸入密碼。
有人可以幫我理解調試資訊嗎?
伺服器資訊
伺服器 A
-bash-3.00$ uname -a SunOS cusd2 5.10 Generic_118833-33 sun4u sparc SUNW,UltraAX-i2
伺服器 B
bash-2.05$ uname -a SunOS apc_dev1db1 5.9 Generic_118558-27 sun4u sparc SUNW,Sun-Fire-V240
植物鑰匙
我在伺服器 A 上生成了密鑰對,然後將公鑰複製到伺服器 B。然後我將其重命名為 authorized_keys。
使用調試資訊登錄
-bash-3.00$ ssh sybase@apc_dev1db1 -v Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to apc_dev1db1 [192.168.1.44] port 22. debug1: Connection established. debug1: identity file /export/home/attlmw1/.ssh/identity type -1 debug1: identity file /export/home/attlmw1/.ssh/id_rsa type 1 debug1: identity file /export/home/attlmw1/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1 debug1: no match: Sun_SSH_1.1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-Sun_SSH_1.1 debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible Unknown code 0 ) debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: Peer sent proposed langtags, ctos: en-US,es,fr,hi-IN,ja-JP,ko,ko-KR,zh,zh-CN,zh-HK,zh-TW,en-CA,es-MX,fr-CA,ja,th,th-TH,i-default debug1: Peer sent proposed langtags, stoc: en-US,es,fr,hi-IN,ja-JP,ko,ko-KR,zh,zh-CN,zh-HK,zh-TW,en-CA,es-MX,fr-CA,ja,th,th-TH,i-default debug1: We proposed langtags, ctos: i-default debug1: We proposed langtags, stoc: i-default debug1: Negotiated lang: i-default debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: Remote: Negotiated main locale: C debug1: Remote: Negotiated messages locale: C debug1: dh_gen_key: priv key bits set: 139/256 debug1: bits set: 1592/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'apc_dev1db1' is known and matches the RSA host key. debug1: Found key in /export/home/attlmw1/.ssh/known_hosts:1 debug1: bits set: 1595/3191 debug1: ssh_rsa_verify: signature correct debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /export/home/attlmw1/.ssh/identity debug1: Trying public key: /export/home/attlmw1/.ssh/id_rsa debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Trying private key: /export/home/attlmw1/.ssh/id_dsa debug1: Next authentication method: keyboard-interactive Password:
相關文件的權限
bash-2.05$ uname -a SunOS apc_dev1db1 5.9 Generic_118558-27 sun4u sparc SUNW,Sun-Fire-V240 bash-2.05$ ls -ld .ssh/ drwx------ 2 sybase sybase 512 Sep 6 13:16 .ssh/ bash-2.05$ bash-2.05$ ls -l .ssh/authorized_keys -rw------- 1 sybase sybase 224 Sep 6 08:31 .ssh/authorized_keys -bash-3.00$ uname -a SunOS cusd2 5.10 Generic_118833-33 sun4u sparc SUNW,UltraAX-i2 -bash-3.00$ -bash-3.00$ ls -ld .ssh/ drwx------ 2 attlmw1 other 512 Sep 6 08:08 .ssh/ -bash-3.00$ ls -l .ssh/ total 6 -rw------- 1 attlmw1 other 887 Sep 5 18:10 id_rsa -rw-r--r-- 1 attlmw1 other 223 Sep 5 18:10 id_rsa.pub -rw-r--r-- 1 attlmw1 other 234 Sep 6 08:08 known_hosts
確保:
- 有
authorized_keys
權限600。- 的
sybase
$HOME 文件夾,$HOME/.ssh
權限為 700,歸sybase
.另請查看伺服器 B 上的 sshd 日誌,它會告訴您更多詳細資訊。
在 solaris 上,您應該將使用者的主目錄設置為 755,將 .ssh 目錄設置為 755,將 .ssh/authorized_keys 設置為 600。