從 OS X 到 Ubuntu 的權限被拒絕(Publickey)
我知道這個問題已經被問了好幾次了,但是我無法在我的機器上解決它,我覺得我已經嘗試了所有方法。
我想使用我機器上的公鑰通過 ssh 登錄到我的 ubuntu 機器——這樣我就不必輸入密碼了。
我總是總是得到
permission denied (publickey)
我已經創建了具有各種選項的新密鑰,但似乎沒有任何改變。
密碼身份驗證工作正常 - 所以我沒有被鎖定或任何東西,但如果我可以在我經常使用的電腦上,我希望能夠使用 SSH 密鑰登錄。
這是我的日誌:
`01 OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 02 debug1: Reading configuration data /etc/ssh_config 03 debug1: /etc/ssh_config line 20: Applying options for * 04 debug1: Connecting to bcs.net.nz [203.167.215.130] port 22. 05 debug1: Connection established. 06 debug1: identity file /Users/jeff/.ssh/id_rsa type 1 07 debug1: identity file /Users/jeff/.ssh/id_rsa-cert type -1 08 debug1: identity file /Users/jeff/.ssh/id_dsa type -1 09 debug1: identity file /Users/jeff/.ssh/id_dsa-cert type -1 10 debug1: Enabling compatibility mode for protocol 2.0 11 debug1: Local version string SSH-2.0-OpenSSH_6.2 12 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 13 debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH* 14 debug1: SSH2_MSG_KEXINIT sent 15 debug1: SSH2_MSG_KEXINIT received 16 debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none 17 debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none 18 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent 19 debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP 20 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent 21 debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY 22 debug1: Server host key: RSA 3b:2d:96:07:cf:f9:63:82:b1:3f:ae:5d:a0:83:24:84 23 debug1: Host 'bcs.net.nz' is known and matches the RSA host key. 24 debug1: Found key in /Users/jeff/.ssh/known_hosts:1 25 debug1: ssh_rsa_verify: signature correct 26 debug1: SSH2_MSG_NEWKEYS sent 27 debug1: expecting SSH2_MSG_NEWKEYS 28 debug1: SSH2_MSG_NEWKEYS received 29 debug1: Roaming not allowed by server 30 debug1: SSH2_MSG_SERVICE_REQUEST sent 31 debug1: SSH2_MSG_SERVICE_ACCEPT received 32 debug1: Authentications that can continue: publickey 33 debug1: Next authentication method: publickey 34 debug1: Offering RSA public key: /Users/jeff/.ssh/id_rsa 35 debug1: Authentications that can continue: publickey 36 debug1: Trying private key: /Users/jeff/.ssh/id_dsa 37 debug1: Next authentication method: keyboard-interactive 38 debug1: Authentications that can continue: publickey 39 debug1: No more authentication methods to try. 40 Permission denied (publickey,keyboard-interactive).`
我的客戶端機器是Macbook Air,在
~/.ssh/
目錄中具有以下權限
-rw------- 1 jeff staff 1675 2 Apr 22:32 id_rsa -rw------- 1 jeff staff 405 2 Apr 22:32 id_rsa.pub -rw------- 1 jeff staff 405 2 Apr 23:39 known_hosts
我的伺服器機器中有這些
~/.ssh
-rw------- 1 git git 1 Apr 2 23:36 authorized_keys
被
id_rsa.pub
複製到authorized_keys
我束手無策,因為我嘗試了這麼多組合:-) 還有什麼可以幫助的嗎?
======== 添加伺服器日誌 =======
Apr 3 11:19:16 bcs sshd[19198]: debug1: Forked child 19300. Apr 3 11:19:16 bcs sshd[19300]: Set /proc/self/oom_score_adj to 0 Apr 3 11:19:16 bcs sshd[19300]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 Apr 3 11:19:16 bcs sshd[19300]: debug1: inetd sockets after dupping: 3, 3 Apr 3 11:19:16 bcs sshd[19300]: Connection from 103.26.16.233 port 58988 on 172.16.1.102 port 22 Apr 3 11:19:16 bcs sshd[19300]: debug1: Client protocol version 2.0; client software version OpenSSH_6.2 Apr 3 11:19:16 bcs sshd[19300]: debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000 Apr 3 11:19:16 bcs sshd[19300]: debug1: Enabling compatibility mode for protocol 2.0 Apr 3 11:19:16 bcs sshd[19300]: debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 Apr 3 11:19:16 bcs sshd[19300]: debug1: permanently_set_uid: 116/65534 [preauth] Apr 3 11:19:16 bcs sshd[19300]: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] Apr 3 11:19:16 bcs sshd[19300]: debug1: SSH2_MSG_KEXINIT sent [preauth] Apr 3 11:19:16 bcs sshd[19300]: debug1: SSH2_MSG_KEXINIT received [preauth] Apr 3 11:19:16 bcs sshd[19300]: debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none [preauth] Apr 3 11:19:16 bcs sshd[19300]: debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none [preauth] Apr 3 11:19:16 bcs sshd[19300]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth] Apr 3 11:19:16 bcs sshd[19300]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth] Apr 3 11:19:16 bcs sshd[19300]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth] Apr 3 11:19:16 bcs sshd[19300]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth] Apr 3 11:19:16 bcs sshd[19300]: debug1: SSH2_MSG_NEWKEYS sent [preauth] Apr 3 11:19:16 bcs sshd[19300]: debug1: expecting SSH2_MSG_NEWKEYS [preauth] Apr 3 11:19:16 bcs sshd[19300]: debug1: SSH2_MSG_NEWKEYS received [preauth] Apr 3 11:19:16 bcs sshd[19300]: debug1: KEX done [preauth] Apr 3 11:19:16 bcs sshd[19300]: debug1: userauth-request for user git service ssh-connection method none [preauth] Apr 3 11:19:16 bcs sshd[19300]: debug1: attempt 0 failures 0 [preauth] Apr 3 11:19:17 bcs sshd[19300]: reverse mapping checking getaddrinfo for 103-26-16-233.ufb.ff.net.nz [103.26.16.233] failed - POSSIBLE BREAK-IN ATTEMPT! Apr 3 11:19:17 bcs sshd[19300]: debug1: userauth-request for user git service ssh-connection method publickey [preauth] Apr 3 11:19:17 bcs sshd[19300]: debug1: attempt 1 failures 0 [preauth] Apr 3 11:19:17 bcs sshd[19300]: debug1: test whether pkalg/pkblob are acceptable [preauth] Apr 3 11:19:17 bcs sshd[19300]: debug1: temporarily_use_uid: 1008/1007 (e=0/0) Apr 3 11:19:17 bcs sshd[19300]: debug1: trying public key file /root/.ssh/authorized_keys Apr 3 11:19:17 bcs sshd[19300]: debug1: Could not open authorized keys '/root/.ssh/authorized_keys': Permission denied Apr 3 11:19:17 bcs sshd[19300]: debug1: restore_uid: 0/0 Apr 3 11:19:17 bcs sshd[19300]: Failed publickey for git from 103.26.16.233 port 58988 ssh2: RSA a3:40:f0:b3:8d:c7:fa:d2:6e:c4:53:93:1b:30:82:92 Apr 3 11:19:17 bcs sshd[19300]: Connection closed by 103.26.16.233 [preauth] Apr 3 11:19:17 bcs sshd[19300]: debug1: do_cleanup [preauth] Apr 3 11:19:17 bcs sshd[19300]: debug1: monitor_read_log: child log fd closed Apr 3 11:19:17 bcs sshd[19300]: debug1: do_cleanup Apr 3 11:19:17 bcs sshd[19300]: debug1: Killing privsep child 19301
在伺服器的 sshd_config 中檢查以下內容
PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys
出於某種原因,您的 sshd 正在嘗試打開 /root/.ssh/authorized_keys 文件(來自您的 sshd 日誌),儘管您嘗試使用使用者“git”登錄,所以它實際上應該讀取 /home/git/.ssh/授權密鑰。我懷疑 AuthorizedKeysFile 條目配置錯誤。通常,不需要設置 AuthorizedKeysFile 條目,因為它預設為上述值。
在伺服器上添加:
ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key ssh-keygen -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key