我家里有两台 Ubuntu Server 机器。一台是 192.168.1.15(我们称之为 15),另一台是 192.168.1.25(我们称之为 25)。出于某种原因,当我想从 15 设置无密码登录到 25 时,它运行得非常好。当我在 25 上重复这些步骤,以便 25 可以在 15 上无需密码登录时,没有成功。我检查了两个 sshd_config 文件。两者都有:
RSAAuthentication yes
PubkeyAuthentication yes
我已经检查了两台服务器上的权限:
drwx------ 2 bion2 bion2 4096 Dec 4 12:51 .ssh
-rw------- 1 bion2 bion2 398 Dec 4 13:10 authorized_keys
25日。
drwx------ 2 shimdidly shimdidly 4096 Dec 4 19:15 .ssh
-rw------- 1 shimdidly shimdidly 1018 Dec 4 18:54 authorized_keys
15日。
我只是不明白什么时候事情会这样进行,而不是那样。我知道这可能是显而易见的事情,但我无论如何也想不通到底发生了什么。当我尝试从 25 到 15 进行 ssh 时,ssh -v 会显示以下内容:
ssh -v -p 51337 192.168.1.15
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.1.15 [192.168.1.15] port 51337.
debug1: Connection established.
debug1: identity file /home/shimdidly/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/shimdidly/.ssh/id_rsa-cert type -1
debug1: identity file /home/shimdidly/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: identity file /home/shimdidly/.ssh/id_dsa-cert type -1
debug1: identity file /home/shimdidly/.ssh/id_ecdsa type -1
debug1: identity file /home/shimdidly/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 54:5c:60:80:74:ab:ab:31:36:a1:d3:9b:db:31:2a:ee
debug1: Host '[192.168.1.15]:51337' is known and matches the ECDSA host key.
debug1: Found key in /home/shimdidly/.ssh/known_hosts:2
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/shimdidly/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Offering DSA public key: /home/shimdidly/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/shimdidly/.ssh/id_ecdsa
debug1: Next authentication method: password
答案1
您可能需要使用公钥~/.ssh/authorized_keys2而不是~/authorized_keys。
我不知道使用这些文件的具体顺序和条件,但如果你将 sshd 设置为仅接受 ssh2 身份验证,那么它可能只尊重中的密钥.ssh/authorized_keys2。
答案2
检查整个路径的权限非常重要。如果路径上的任何目录是组或世界可写的,则无法保证该目录就是您想要的目录。
答案3
我找到了答案。我不知道为什么会出现这种情况,但直到我将 ~/.ssh/authorized_keys 从我的主目录移到 /etc/ssh/username/authorized_keys 后,它才起作用,正如故障排除中建议的那样:https://help.ubuntu.com/community/SSH/OpenSSH/Keys。它还建议权限如下:目录为 755,authorized_keys 文件为 644。