关于 ssh-agent 有很多问题,但所描述的情况似乎都与我的问题不符。
首先,我使用的是 Lubuntu 14.04.4。
我已遵循以下说明(在 arch wiki 中找到):
$ ssh-agent
$ eval $(ssh-agent)
$ ssh-add ~/.ssh/id_dsa
但当我这样做时:
$ ssh -p 22 [email protected]
它要求输入密码。
(有一个实际的 IP 地址,我只是不想分享它 ;-))
我找到了一个地方来验证以下内容:
$ echo $SSH_AUTH_SOCK
/tmp/ssh-tw1EdcXYFnDd/agent.6550
我理解这是一个有效的输出。
那么我遗漏了什么?
我也尝试使用 ssh-pass,但没有任何反应。
否则,我可以手动登录,只是不断输入密码很麻烦......
提前致谢。
Muru 询问输出
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx [xx.xxx] port xxx.
debug1: Connection established.
debug1: identity file /home/jofre/.ssh/id_rsa type 1
debug1: identity file /home/jofre/.ssh/id_rsa-cert type -1
debug1: identity file /home/jofre/.ssh/id_dsa type -1
debug1: identity file /home/jofre/.ssh/id_dsa-cert type -1
debug1: identity file /home/jofre/.ssh/id_ecdsa type -1
debug1: identity file /home/jofre/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/jofre/.ssh/id_ed25519 type -1
debug1: identity file /home/jofre/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup [email protected]
debug1: kex: server->client aes128-ctr [email protected] none
debug2: mac_setup: setup [email protected]
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ccccccccccccccccccccccccc (modified by Jofre)
debug1: Host '[xxxxxxxxx]:yyy' is known and matches the ECDSA host key.
debug1: Found key in /home/jofre/.ssh/known_hosts:6
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/jofre/.ssh/id_rsa (xxxxxxxxxxxxxxxx),
debug2: key: /home/jofre/.ssh/id_dsa ((nil)),
debug2: key: /home/jofre/.ssh/id_ecdsa ((nil)),
debug2: key: /home/jofre/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/jofre/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/jofre/.ssh/id_dsa
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/jofre/.ssh/id_dsa':
我已经用 xxxxxxx 或 cccccccc 替换了我认为的敏感信息。
无论如何,感谢您询问更多信息。
2016 年 5 月 27 日更新:根据 Waltinator 的观察,我收到了有关文件格式的消息,我检查了一下,没有发现任何明显的错误。很正常,因为该文件从未被手动编辑过。
我干脆放弃了,按照 Julen 的建议生成一个新的无密码密钥并使用 ssh-copy-id。它有效。我已将标题标记为已解决。
答案1
使用 查看你的钥匙圈中有哪些钥匙ssh-add -l。
最后几行日志:
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/jofre/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/jofre/.ssh/id_dsa
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/jofre/.ssh/id_dsa':
显示您的ssh命令从 发送您的公钥/home/jofre.ssh.id_rsa,并等待回复。sshd另一端的服务器不接受您的私钥(正如@julen-larrucea:所说,使用ssh-copy-id来获取另一端可用的密钥)。
然后,您ssh尝试使用不同的密钥文件,/home/jofre/.ssh/id_dsa但该文件格式不正确(missing begin marker),因此它放弃并提示您输入/home/jofre/.ssh/id_dsa格式错误的文件的密码。阅读man ssh-keygen,并可能mv /home/jofre/.ssh/id_dsa\{,.hidden\}将其重命名为/home/jofre/.ssh/id_dsa.hidden,这将使它ssh被忽略,并将其保存在您可以取回的地方。