如何为单个服务器配置第二个 SSH 密钥 + 用户?

如何为单个服务器配置第二个 SSH 密钥 + 用户?

我有一个受密码保护的 SSH 密钥。服务器身份验证仅通过 SSH 密钥进行,密码身份验证已禁用。服务器和我的桌面都运行 Ubuntu 14.04,并且使用该密钥和服务器的身份验证已经过测试并且正常运行。

我的目标是cron通过 将文件从我的台式机复制到服务器rsync。我计划在服务器上创建一个新的“备份用户”(具有有限的权限),并在我的台式机上运行 cron 以将文件作为第二个用户复制到服务器。这应该可以避免必须输入我的主要 SSH 密钥的密码的问题。

我的问题是,当我尝试将ssh-copy-id第二个 SSH 密钥连接到服务器时,不断收到“权限被拒绝(公钥)”错误。

两个 SSH 密钥(公钥和私钥)都已创建并保存~/.ssh/在我的桌面上。服务器上已创建用户“backups-user”,但我还无法以该用户身份登录。

我是否以错误的方式处理这个问题,或者是否有更好的方法来实现我想要做的事情的自动化?

以下是输出ssh -v

tom@desktop:~$ ssh -v [email protected]
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to XX.XX.XX.XX [XX.XX.XX.XX] port 22.
debug1: Connection established.
debug1: identity file /home/tom/.ssh/id_rsa type -1
debug1: identity file /home/tom/.ssh/id_rsa-cert type -1
debug1: identity file /home/tom/.ssh/id_dsa type -1
debug1: identity file /home/tom/.ssh/id_dsa-cert type -1
debug1: identity file /home/tom/.ssh/id_ecdsa type -1
debug1: identity file /home/tom/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/tom/.ssh/id_ed25519 type -1
debug1: identity file /home/tom/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA (redacted)
debug1: Host 'XX.XX.XX.XX' is known and matches the ECDSA host key.
debug1: Found key in /home/tom/.ssh/known_hosts:2
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: tom@Desktop
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: tom@Desktop
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/tom/.ssh/id_rsa
debug1: Trying private key: /home/tom/.ssh/id_dsa
debug1: Trying private key: /home/tom/.ssh/id_ecdsa
debug1: Trying private key: /home/tom/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).

答案1

ssh-copy-id基本上就是启动 SSH 连接并复制任何缺失的密钥。但是,问题在于启动 SSH 连接。由于只允许公钥身份验证,因此服务器只能接受 的公钥backups-user。但是,服务器上没有 相关的 SSH 密钥backup-user。因此,没有人(远程)可以以 的身份登录backups-user

您需要暂时允许密码验证,或者将公钥文件复制到您的主目录,然后sudo cp id_rsa.pub ~backups-user/.ssh/authorized_keys在服务器上使用将公钥复制到该用户的主目录。

相关内容