Ssh
SSH 公鑰身份驗證不適用於 PuTTY
我創建了一個虛擬機並安裝了 Redhat 6。我在使用公鑰身份驗證進行連接時遇到問題。
我可以在我的 Windows 主機上使用 PuTTY 連接到 redhat 來賓,在那裡我會被提示輸入密碼。我正在嘗試為 root 使用者設置公鑰身份驗證,因此我創建了一個
~/.ssh
我認為具有正確權限的文件夾。[root@redhat ~]# cd ~/.ssh [root@redhat .ssh]# pwd /root/.ssh [root@redhat .ssh]# ls -la total 16 drwx------. 2 root root 4096 Aug 21 16:28 . dr-x------. 3 root root 4096 Aug 20 17:20 .. -rw-r--r--. 1 root root 250 Aug 20 17:20 authorized_keys -rw-r--r--. 1 root root 391 Aug 21 16:28 known_hosts
我在載入我的私鑰的情況下執行 Pageant,這與其他主機一起成功,所以我認為這不是問題。
當我嘗試 PuTTY 到 VM 來賓時,系統提示我輸入密碼。
如果我檢查 PuTTY 事件日誌,我會發現以下消息。
2012-08-21 17:29:41 Pageant is running. Requesting keys. 2012-08-21 17:29:41 Pageant has 1 SSH-2 keys 2012-08-21 17:29:46 Trying Pageant key #0 2012-08-21 17:29:46 Server refused our key
我啟用了代理轉發,我偶然發現的一件事是有人建議在調試模式下執行另一個 sshd 副本,我試過了。(我已經剪掉了部分輸出以保持簡短)。
[root@redhat ~]# /usr/sbin/sshd -d -p 2222 debug1: sshd version OpenSSH_5.3p1 debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA <...> debug1: Bind to port 2222 on 0.0.0.0. Server listening on 0.0.0.0 port 2222. <...>
此時我使用命令從 vm 上的另一個會話連接
ssh localhost -p 2222
<...> Connection from ::1 port 36844 debug1: Client protocol version 2.0; client software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 <...> debug1: userauth-request for user root service ssh-connection method none debug1: attempt 0 failures 0 debug1: PAM: initializing for "root" debug1: PAM: setting PAM_RHOST to "localhost" debug1: userauth-request for user root service ssh-connection method publickey debug1: attempt 1 failures 0 debug1: test whether pkalg/pkblob are acceptable debug1: PAM: setting PAM_TTY to "ssh" debug1: temporarily_use_uid: 0/0 (e=0/0) debug1: trying public key file /root/.ssh/authorized_keys debug1: fd 4 clearing O_NONBLOCK debug1: matching key found: file /root/.ssh/authorized_keys, line 1 Found matching RSA key: <snip> debug1: restore_uid: 0/0 Postponed publickey for root from ::1 port 36844 ssh2 debug1: userauth-request for user root service ssh-connection method publickey debug1: attempt 2 failures 0 debug1: temporarily_use_uid: 0/0 (e=0/0) debug1: trying public key file /root/.ssh/authorized_keys debug1: fd 4 clearing O_NONBLOCK debug1: matching key found: file /root/.ssh/authorized_keys, line 1 Found matching RSA key: <snip> debug1: restore_uid: 0/0 debug1: ssh_rsa_verify: signature correct debug1: do_pam_account: called Accepted publickey for root from ::1 port 36844 ssh2 debug1: monitor_child_preauth: root has been authenticated by privileged process <...>
至此,我已經使用我的公鑰成功地進行了身份驗證,然後按 註銷
Ctrl-D
。debug1: Received SIGCHLD. <...> Received disconnect from ::1: 11: disconnected by user <...> [root@redhat ~]#
奇怪的是,使用 SSH 代理轉發足以成功地對在調試模式下執行的 sshd 進行身份驗證,但不是在埠 22 上執行的“正常”sshd。
有誰知道為什麼會這樣?
謝謝!
您目錄上的 SELinux 上下文
/root/.ssh
很可能是錯誤的。通過以下方式驗證問題:
ls -alZ /root/.ssh
這些文件的類型應為
ssh_home_t
.解決問題:
restorecon -r -v /root/.ssh