SSH 不断要求输入密码

Question 1

使用ssh 代理. 在 X 环境中GNOME 钥匙圈或者KDE 钱包可以自动处理密钥。在控制台环境中，ssh-agent像这样启动：

$ eval $(ssh-agent)

## The output without the eval will look like this:
$ ssh-agent
ssh-agent 
SSH_AUTH_SOCK=/tmp/ssh-hvcwJQnSOHOi/agent.125894; export SSH_AUTH_SOCK;
SSH_AGENT_PID=125895; export SSH_AGENT_PID;
echo Agent pid 125895;

启动后ssh-agent（使用eval）。您可以使用ssh 添加

$ ssh-add ~/.ssh/google
$ ssh-add ~/.ssh/id_rsa

使用当前版本的 SSH，你还可以添加选项添加密钥到代理到~/.ssh/config文件：

## ~/.ssh/config
AddKeysToAgent yes

如果设置了SSH_AUTH_SOCK环境变量，这将自动将密钥添加到代理。SSH_AGENT_PID

另请查看此帖子sign_and_send_pubkey：签名失败：代理拒绝操作错误。

Answer

使用ssh 代理. 在 X 环境中GNOME 钥匙圈或者KDE 钱包可以自动处理密钥。在控制台环境中，ssh-agent像这样启动：

$ eval $(ssh-agent)

## The output without the eval will look like this:
$ ssh-agent
ssh-agent 
SSH_AUTH_SOCK=/tmp/ssh-hvcwJQnSOHOi/agent.125894; export SSH_AUTH_SOCK;
SSH_AGENT_PID=125895; export SSH_AGENT_PID;
echo Agent pid 125895;

启动后ssh-agent（使用eval）。您可以使用ssh 添加

$ ssh-add ~/.ssh/google
$ ssh-add ~/.ssh/id_rsa

使用当前版本的 SSH，你还可以添加选项添加密钥到代理到~/.ssh/config文件：

## ~/.ssh/config
AddKeysToAgent yes

如果设置了SSH_AUTH_SOCK环境变量，这将自动将密钥添加到代理。SSH_AGENT_PID

另请查看此帖子sign_and_send_pubkey：签名失败：代理拒绝操作错误。

Question 2

@Simon Sudler 的答案和另一个答案的组合：

1. Your home directory ~, your ~/.ssh directory and the ~/.ssh/authorized_keys file on the remote machine must be writable only by you: rwx------ and rwxr-xr-x are fine, but rwxrwx--- is no good¹, even if you are the only user in your group (if you prefer numeric modes: 700 or 755, not 775).

2. If ~/.ssh or authorized_keys is a symbolic link, the canonical path (with symbolic links expanded) is checked.
Your ~/.ssh/authorized_keys file (on the remote machine) must be readable (at least 400), but you'll need it to be also writable (600) if you will add any more keys to it.

3. Your private key file (on the local machine) must be readable and writable only by you: rw-------, i.e. 600.

（权限具体回答）

https://unix.stackexchange.com/questions/36540/why-am-i-still-getting-a-password-prompt-with-ssh-with-public-key-authentication

很快就解决了我的问题。

Answer

@Simon Sudler 的答案和另一个答案的组合：

1. Your home directory ~, your ~/.ssh directory and the ~/.ssh/authorized_keys file on the remote machine must be writable only by you: rwx------ and rwxr-xr-x are fine, but rwxrwx--- is no good¹, even if you are the only user in your group (if you prefer numeric modes: 700 or 755, not 775).

2. If ~/.ssh or authorized_keys is a symbolic link, the canonical path (with symbolic links expanded) is checked.
Your ~/.ssh/authorized_keys file (on the remote machine) must be readable (at least 400), but you'll need it to be also writable (600) if you will add any more keys to it.

3. Your private key file (on the local machine) must be readable and writable only by you: rw-------, i.e. 600.

（权限具体回答）

https://unix.stackexchange.com/questions/36540/why-am-i-still-getting-a-password-prompt-with-ssh-with-public-key-authentication

很快就解决了我的问题。

SSH 不断要求输入密码

答案1

答案2

相关内容