Ssh
SSH 公鑰登錄失敗,沒有模式
我正在執行一堆帶有 Ubuntu 14.04.1(sun、hyperion、…)的伺服器,所有這些伺服器都使用公鑰(OpenSSH_6.6.1,OpenSSL 1.0.1f 6 Jan 2014 在所有機器上)進行 rsync 沒有問題。幾乎所有的…
一個連接失敗,而配置或密鑰沒有任何更改。然後我會嘗試重新添加密鑰,檢查 ECDSA,重新啟動/重新啟動 ssh,它會再次工作。或者它沒有。在這種情況下,我只是等待隨機的時間(1 小時到 3 個月)然後做同樣的事情。這次它解決了問題 - 一段時間。
ssh -vvv diff 的相關部分:
連接成功
debug1: Host 'hyperion.internal' is known and matches the ECDSA host key. debug1: Found key in /home/bar/.ssh/known_hosts:20 debug1: ssh_ecdsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/bar/.ssh/id_rsa (0x7f..), debug2: key: /home/bar/.ssh/id_dsa ((nil)), debug2: key: /home/bar/.ssh/id_ecdsa ((nil)), debug2: key: /home/bar/.ssh/id_ed25519 ((nil)), debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/bar/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 279 debug2: input_userauth_pk_ok: fp 95:... debug3: sign_and_send_pubkey: RSA 95:... debug1: key_parse_private2: missing begin marker debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). Authenticated to hyperion.internal ([172.16.0.10]:22).連接失敗
debug1: Host 'hyperion.internal' is known and matches the ECDSA host key. debug1: Found key in /home/bar/.ssh/known_hosts:20 debug1: ssh_ecdsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/bar/.ssh/id_rsa (0x7f..), debug2: key: /home/bar/.ssh/id_dsa ((nil)), debug2: key: /home/bar/.ssh/id_ecdsa ((nil)), debug2: key: /home/bar/.ssh/id_ed25519 ((nil)), debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/bar/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/bar/.ssh/id_dsa debug3: no such identity: /home/bar/.ssh/id_dsa: No such file or directory debug1: Trying private key: /home/bar/.ssh/id_ecdsa debug3: no such identity: /home/bar/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /home/bar/.ssh/id_ed25519 debug3: no such identity: /home/bar/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password我檢查過幾次的事情:
- 所有機器上 .ssh/ 和 id_rsa 的權限
- 我正在使用正確的鍵
- 將
ssh-copy-id -i /home/bar/.ssh/id_rsa europa@hyperion.internal正確的密鑰複製到正確的 authorized_hosts 文件什麼並沒有真正幫助,但添加到 vodoo/heisenbug 效果:
- 重新啟動機器
- 重新啟動 ssh 服務
- 擺弄全域 ssh 選項
我已經在 pastebin 粘貼了帶有一些編輯資訊的完整日誌:日誌牆
問題已解決,根本與 ssh 無關:
hyperion.internal 有一個加密的 home,所以當它沒有掛載到
/home/europe.事後看來相當明顯,但它解釋了在觀察機器上的日誌時不會失敗的 heisenbug 效果(當然是在登錄時……)
希望這至少有助於其他一些。
debug1: Offering RSA public key: /home/bar/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password這表明伺服器不接受您的私鑰。不幸的是,伺服器沒有向客戶端提供關於它為什麼不接受密鑰的更多細節,所以你真的需要在伺服器上解決這個問題。
我將首先檢查
/var/log伺服器上的系統日誌,以獲取任何sshd指示它拒絕身份驗證嘗試的原因的消息。如果您在遠端伺服器上具有 root 訪問權限,則可以執行調試實例,
sshd然後使用客戶端連接到它。在遠端伺服器上,成為 root 並執行/path/to/sshd -d -p 2222. 這將啟動一個偵聽埠 2222 的 sshd 實例。它將接受一個連接,並將調試資訊列印到您的終端。然後,在客戶端上,
ssh正常執行,但包括-p 2222連接到正確的埠。如果登錄失敗,請查看伺服器列印的調試輸出。