我有两台机器在同一个无线局域网上。我可以从机器 A ssh 到机器 B,但不能反过来。错误是:
fred@ms-Precision-5510:~$ ssh 192.168.1.245
The authenticity of host '192.168.1.245 (192.168.1.245)' can't be established.
ECDSA key fingerprint is 51:29:ce:63:64:31:4c:d2:de:d1:fe:12:a6:76:08:33.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.245' (ECDSA) to the list of known hosts.
Permission denied (publickey).
fred@ms-Precision-5510:~$
(以上内容来自我创建的新测试用户帐户“fred”,只是为了确保问题不是我自己的帐户特有的。192.168.1.245 是机器 A。“fred”用户可以从机器 A ssh 到机器 B。)
两台机器的 /etc/ssh/ssh_config 相同。我尝试在两台机器上删除 ~/.ssh,但没有成功。我还尝试在 ssh 的命令行上使用 -o“PreferredAuthentications password”运行,同样没有成功。我尝试过重新启动。总是出现相同的错误:权限被拒绝(公钥)。
请注意,我可以从另一台机器 ping 任何一台机器。
我这里唯一真正的线索是:1)这个方法上周有效;2)使用 -vvv 调用 ssh 会在调试记录结束时产生以下内容:
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/ms/.ssh/id_rsa ((nil)),
debug2: key: /home/ms/.ssh/id_dsa ((nil)),
debug2: key: /home/ms/.ssh/id_ecdsa ((nil)),
debug2: key: /home/ms/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ms/.ssh/id_rsa
debug3: no such identity: /home/ms/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/ms/.ssh/id_dsa
debug3: no such identity: /home/ms/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/ms/.ssh/id_ecdsa
debug3: no such identity: /home/ms/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/ms/.ssh/id_ed25519
debug3: no such identity: /home/ms/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
请注意“可以继续的身份验证”行。当我(成功)从机器 A ssh 到机器 B 时,该行是:
debug1: Authentications that can continue: publickey,password
因此,显然我已经以某种方式告诉机器 A 不要接受通过密码进行的身份验证。但我找不到可能在哪里这样做。
有任何想法吗?