在两台机器之间设置 ssh 密钥时,身份验证只能单向进行。一台服务器在尝试连接时不接受另一台服务器的公钥。有什么想法吗?以下是详细输出。
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: Connecting to xxxxxx.com [xx.xx.xx.xx] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5
debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'xxxxxx.com' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:17
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
编辑:如果这很重要,这是root
答案1
检查ssh服务器上以下选项的值:
PubkeyAuthentication Yes
RSAAuthentication Yes
PermitRootLogin Yes
答案2
我刚刚遇到过 SELinux 阻止 sshd 读取 /root/.ssh/authorized_keys 文件的情况。/var/log/messages 将显示 sshd 进程被拒绝访问 authorized_keys 文件进行读取操作。
运行之后restorecon -v /root/.ssh/authorized_keys,使用公钥的 SSH 工作正常。
答案3
将 StrictModes 更改为“否”/etc/ssh/sshd_config对我有用。
sysadmin@suselinux1:~> con sysadmin kaiser
Welcome to Ubuntu 12.04.1 LTS (GNU/Linux 3.2.0-25-generic i686)
* Documentation: https://help.ubuntu.com/
Last login: Fri Nov 9 15:40:11 2012 from 10.1.3.25
sysadmin@kaiser:~$ date
vie nov 9 17:53:11 CST 2012
sysadmin@kaiser:~$
答案4
为了防止其他人遇到和我一样的问题,而我花了很长时间才弄清楚;请始终使用ssh-copy-id可用的地方来安装您的公钥。
从您尝试配置无密码登录的客户端调用此方法,如下所示:
ssh-copy-id -i ~/.ssh/id_rsa.pub -p <port_number> <username>@<host>
交换port_number(如果定制)以及username您host尝试连接到远程主机的用户。
这将避免通过其他方式复制公钥时出现任何不一致,因为即使一个不正确或意外的字符也会阻止登录,而且很容易出错!