Ssh
為什麼 ssh 使用 .ssh/id_rsa 作為 pubkeyauthentication?
嘗試 ssh -v ‘somehost’ 時
Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/kaldown/.ssh/id_rsa debug1: Authentications that can continue: publickey debug1: Trying private key: /home/kaldown/.ssh/id_dsa debug1: Trying private key: /home/kaldown/.ssh/id_ecdsa debug1: Trying private key: /home/kaldown/.ssh/id_ed25519 debug1: No more authentication methods to try. Permission denied (publickey).
以及為什麼他說它是 1 型而不是 2 型
debug1: identity file /home/kaldown/.ssh/id_rsa type 1 debug1: identity file /home/kaldown/.ssh/id_rsa-cert type -1 debug1: identity file /home/kaldown/.ssh/id_dsa type -1 debug1: identity file /home/kaldown/.ssh/id_dsa-cert type -1 debug1: identity file /home/kaldown/.ssh/id_ecdsa type -1 debug1: identity file /home/kaldown/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/kaldown/.ssh/id_ed25519 type -1 debug1: identity file /home/kaldown/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
在 sshd_config 中:
PermitRootLogin no RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PermitEmptyPasswords no PasswordAuthentication no ChallengeResponseAuthentication no GSSAPIAuthentication no UsePAM yes UsePrivilegeSeparation sandbox
PS 我正在使用 FreeBSD 10.1,它的 ssh-copy-id 有問題,說的很奇怪
Unmatched '
所以我只是在確切使用者的 .ssh/authorized_keys 中 scp 我的公鑰
- 為什麼它使用 .ssh/id_rsa 而不是 .ssh/id_rsa.pub 作為公鑰?
2)為什麼它告訴我類型 1,當我使用 ssh -t rsa (rsa2) key 創建它時
3)為什麼我不能用鑰匙連接,但只能用那個配置密碼。
伺服器端:CentOS 7、3.10
謝謝你。
您的
id_rsa
文件包含有關您的私鑰和公鑰的資訊。它只提供密鑰的公共部分。我相信類型 1 或類型 2 指定它是 RSA 還是 DSA 密鑰。
sshd_config 用於伺服器,因此您要在此文件中查找公鑰,以確保它與您的客戶端發送的私鑰匹配。
伺服器上的公鑰進入 ~/.ssh/authorized_keys
然後客戶端在 ~/.ssh/id_rsa 中發送其私鑰,伺服器將它們匹配並允許您進入
客戶端設置在這裡
[root@chef01-east.domain.com /etc/ssh]# grep IdentityFile /etc/ssh/ssh_config # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa
這些評論還意味著它們是客戶的預設設置。
如果您想發送不同的密鑰,您可以隨時執行
ssh -i /path/to/key/file user@host.com