我有两个 Raspberry Pi(带有 Raspbian 7 和 8)连接到同一 LAN。其中一个与 APC UPS 具有数据连接。两台机器上都有几个类似的脚本可以在断电情况下运行。在/etc/apcupsd/onbattery和/etc/apcupsd/offbattery(来自 UPS 连接的 Pi)中,我有类似的内容:
# [...]
# after the e-mail stuff
# this is for the remote machine
/usr/bin/ssh -f pi@piac-pal_wired "sh -c '/home/pi/bin/my_script.sh > /dev/null 2>&1'"
# this is for the local machine, connected to the UPS
/home/pi/bin/my_script.sh
本地脚本可以工作,但远程 Pi 的脚本不能工作(错误:“权限被拒绝(公钥)。”如果以普通用户身份运行它,它确实可以工作。同样,如果使用 ,sudo从壳。
所以我明白问题是 root 用户无法使用共享密钥方法通过 SSH 连接到另一台机器。
运行sudo ssh命令-vv显示所提供的密钥是 中的密钥/root/.ssh/id_rsa。相应的公钥已添加到root/.ssh/authorized_keys远程计算机上,并且其/etc/ssh/sshd_config配置包括:
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no
PermitRootLogin without-password
如果我更改上面的最后两行:
PasswordAuthentication yes
PermitRootLogin yes
连接 UPS 的 Pi 的 root 用户可以登录到远程 Pi,但该命令要求输入密码,当 apcupsd 脚本无人值守运行时,这是无法完成的。
任何建议都非常受欢迎。谢谢。
ssh -vvv编辑:按照建议添加命令输出。我认为相关部分在最后:
debug3: load_hostkeys: loaded 1 keys
debug1: Host '$HOSTNAME' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:7
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa (0x7f8c72a8)
debug2: key: /root/.ssh/id_dsa ((nil))
debug2: key: /root/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
答案1
问题是 ssh 命令正在调用pi用户,而不是root用户,因此,检查的authorized_keys是 中的用户/home/pi/.ssh,而不是 中的用户/root/.ssh。我所需要做的就是将客户端的根密钥添加到服务器的/home/pi/.ssh/authorized_keys.就这样。