publickey仅当我已打开一个 ssh 会话时,身份验证才对我有效。
我正在尝试使用身份验证登录运行 Ubuntu 10.10 桌面的主机publickey,但第一次登录失败:
[me@my-laptop:~]$ ssh -vv host
...
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/me/.ssh/id_rsa
...
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
me@hosts's password:
/var/log/auth.log 输出:
Jan 16 09:57:11 host sshd[1957]: reverse mapping checking getaddrinfo for cpe-70-114-155-20.austin.res.rr.com [70.114.155.20] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 16 09:57:13 host sshd[1957]: pam_sm_authenticate: Called
Jan 16 09:57:13 host sshd[1957]: pam_sm_authenticate: username = [astacy]
Jan 16 09:57:13 host sshd[1959]: Passphrase file wrapped
Jan 16 09:57:15 host sshd[1959]: Error attempting to add filename encryption key to user session keyring; rc = [1]
Jan 16 09:57:15 host sshd[1957]: Accepted password for astacy from 70.114.155.20 port 42481 ssh2
Jan 16 09:57:15 host sshd[1957]: pam_unix(sshd:session): session opened for user astacy by (uid=0)
Jan 16 09:57:20 host sudo: astacy : TTY=pts/0 ; PWD=/home/astacy ; USER=root ; COMMAND=/usr/bin/tail -f /var/log/auth.log
奇怪的是,一旦我有了这个第一个登录会话,我运行完全相同的 ssh 命令,并且publickey身份验证就可以正常工作:
[me@my-laptop:~]$ ssh -vv host
...
debug1: Server accepts key: pkalg ssh-rsa blen 277
...
[me@host:~]$
/var/log/auth.log 输出为:
Jan 16 09:59:11 host sshd[2061]: reverse mapping checking getaddrinfo for cpe-70-114-155-20.austin.res.rr.com [70.114.155.20] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 16 09:59:11 host sshd[2061]: Accepted publickey for astacy from 70.114.155.20 port 39982 ssh2
Jan 16 09:59:11 host sshd[2061]: pam_unix(sshd:session): session opened for user astacy by (uid=0)
我需要做什么才能使publickey身份验证在第一次登录时成功完成?
笔记:当我安装 Ubuntu 10.10 时,我选中了“加密主文件夹”选项。我想知道这是否与日志消息“尝试将文件名加密密钥添加到用户会话密钥环时出错”有关
答案1
这错误报告这表明这可能与 encfs 有关。我猜第一次需要你的密码才能读取加密卷上的 authorized_keys2。没有它,它就没有解密密钥。