我正在尝试在 CentOS 5.4 上设置无密码 SSH 登录:
- 我在客户端生成了 RSA 公钥。
- ssh-copy-id 从客户端到服务器。
- 已验证 ~/.ssh/authorized_keys 包含客户端密钥。
客户端仍然提示输入密码。我错过了什么?
谢谢。
编辑:按照建议检查了 ssh_config 和权限。这是来自客户端的调试信息:
debug2: key: /home/saguna/.ssh/identity ((nil))
debug2: key: /home/saguna/.ssh/id_rsa (0x2b31921be9a0)
debug2: key: /home/saguna/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-with-mic,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 192.168.1.75.
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/saguna/.ssh/identity
debug3: no such identity: /home/saguna/.ssh/identity
debug1: Offering public key: /home/saguna/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/saguna/.ssh/id_dsa
debug3: no such identity: /home/saguna/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
[email protected]'s password:
答案1
9/10 次是因为 ~/.ssh/authorized_keys 不在正确的模式。
chmod 600 ~/.ssh/authorized_keys
答案2
签入/etc/ssh/sshd_config以允许使用密钥进行身份验证。您应该在其中看到类似这样的内容,并确保这些行没有被注释掉:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
sshd修改文件后然后重新启动:
/etc/init.d/sshd restart
答案3
我发现我的系统的问题在于用户目录 (/home/username) 的权限设置有误。确实如此,drwxr-x-w-而且也需要如此drwxr-xr-x(只有所有者才具有写入权限)。解决方案是使用 chmod:
sudo chmod 0755 /home/username
答案4
最常见的问题是服务器端的权限无效。请检查您的主目录~/.ssh和~/.ssh/authorized_keys目录是否只有您本人可写(特别是它们不能是组可写的)。
如果这不是问题,请运行ssh -vvv server并查看客户端对对话的看法。特别是,检查客户端是否正在向服务器尝试密钥。