我对 Linux 世界还很陌生,正在设置 Ubuntu 服务器 16.04。
我能够使用生成密钥ssh-keygen并将其保存在/home/ther4nd0moo/.ssh/id_rsa
然后我使用ssh-copy-id ther4nd0moo@my_ip并确保authorized_keys文件位于正确的位置。
当我ssh -v ther4nd0moo@my_ip在另一台计算机上使用时,会出现一些奇怪的东西(至少对我来说)
OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.0.0.189 [10.0.0.189] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/edgar/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/edgar/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/edgar/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/edgar/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/edgar/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/edgar/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/edgar/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/edgar/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 10.0.0.189:22 as 'need206'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:YzQwUoOherHwxOOhzEhue7ecx+OMi0FpmIcSONi8X1o
debug1: Host '10.0.0.189' is known and matches the ECDSA host key.
debug1: Found key in /home/edgar/.ssh/known_hosts:3
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/edgar/.ssh/id_rsa
debug1: Trying private key: /home/edgar/.ssh/id_dsa
debug1: Trying private key: /home/edgar/.ssh/id_ecdsa
debug1: Trying private key: /home/edgar/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
让我烦恼的是它如何寻找身份文件和私钥/home/edgar/(edgar 是我在安装服务器时输入的名字)。为了解决这个问题,我复制了密钥内容/home/ther4nd0mmoo/.ssh并创建了文件夹/home/edgar/.ssh,这可能是它显示消息的原因Found key in /home/edgar/.ssh/known_hosts:3,但我仍然无法访问服务器。
我试过了ssh -i /home/ther4nd0moo/.ssh/id_rsa ther4nd0moo@my_ip,我的终端说是not accessible: No such file or directory
难道我做错了什么?
答案1
SSH 密钥的工作原理是在本地计算机上拥有一个私钥,并在远程计算机上拥有一个相应的公钥。
因此 - 当您运行 ssh-keygen 时,您创建了 2 个密钥:私有密钥(~/.ssh/id_rsa)和公共密钥(~/.ssh/id_rsa.pub)。
您需要将公钥文件 ( ~/.ssh/id_rsa.pub) 的内容从本地计算机复制到~/.ssh/authorizedkeys远程计算机上的文件中。只需将其添加到新行即可。
如果您从不同的本地机器登录到远程机器,那么您需要将 id_rsa 文件从原始机器复制到第二台本地机器,或者(更好)为第二台本地机器创建另一个私钥/公钥对,然后将第二台机器的公钥复制到远程服务器。
远程服务器可以拥有任意数量的公钥~/.ssh/authorizedkeys,并且我认为,为每台本地机器配备不同的密钥对是一种很好的做法。
如果您需要从远程机器 ssh 到另一台机器(比如说,如果您必须从远程机器 ssh 返回到您的笔记本电脑),那么您可以使用它自己的私钥/公钥对设置远程机器,并将远程机器的公钥复制到笔记本电脑的~/.ssh/authorizedkeys文件中。
可以这样想:每台机器都可以有一把门钥匙(私钥),而每台其他机器都有一个钥匙孔(authorizedkeys 文件)——如果另一台机器有一个钥匙孔设置,您的钥匙可以插入其中,您就可以获得访问权限。要反向工作,您需要设置另一把钥匙和钥匙孔设置。(可能解释得不是很好——但我希望它能有所帮助!)。
该ssh-copy-id命令基本上只是一个快捷命令,可以节省手动操作的时间。
我个人更喜欢手动复制公钥,因为我喜欢用困难的方式做事。;)