我有 5 个 VPS Ubuntu 18.04 LTS。
每个人的 SSH 配置都相同。
- 无root访问权限
- 具有“sudo”权限的User2
- 无需密码请求
- 通过 SSH 密钥 RSA 访问
从我的电脑(Xubuntu 18.04)访问 4 台服务器我必须:
ssh user2@Server
(我使用配置文件)- 输入密码
- 我以 User2 身份登录
su -
以及 root 密码以 root 身份登录。
对于一台服务器,一切都一样,但在输入密码后,系统仍要求我输入 User2 的密码。
我不明白为什么以及如何解决这个问题。
我检查了 authorized_keys 文件 (0600) 的权限。
这是 sshd_config 的内容。
Port 22
LoginGraceTime 1m
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication yes
UsePAM yes
X11Forwarding no
PrintMotd no
Banner /etc/ssh/banner-login.txt
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
======== 更新 ===========
使用 -vvv 我看到这些(最后一行)
...
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:xxxxxxxxxxxx
debug3: hostkeys_foreach: reading file "/home/pc-user/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/pc-user/.ssh/known_hosts:8
debug3: load_hostkeys: loaded 1 keys from server
debug3: hostkeys_foreach: reading file "/home/pc-user/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/pc-user/.ssh/known_hosts:9
debug3: load_hostkeys: loaded 1 keys from IP-Server
debug1: Host 'server' is known and matches the ECDSA host key.
debug1: Found key in /home/pc-user/.ssh/known_hosts:8
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: ./.ssh/OpenSSH-Private.txt ((nil)), explicit
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: input_userauth_banner
** My Banner **
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: ./.ssh/OpenSSH-Private.txt
Enter passphrase for key './.ssh/OpenSSH-Private.txt':
debug3: sign_and_send_pubkey: xxxxxxxxxxxx
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password: