尝试使用密钥验证和无密码短语设置到我的 CentOS VPS 的 SSH,以便我可以从我的 Debian 7 本地服务器自动连接。我甚至从网上的两个不同指南中复制和粘贴了内容(这里和这里),但系统仍要求我输入密码。(不是密码短语)
我的远程 sshd_config 身份验证部分,在 kerberos 部分之前被切断:
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile ~/.ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
远程 /var/log/secure 没有错误:
Jun 13 07:02:14 *remote host* sshd[4206]: Accepted password for admin from *my-ip* port 48919 ssh2
Jun 13 07:02:15 *remote host* sshd[4206]: pam_unix(sshd:session): session opened for user admin by (uid=0)
Jun 13 07:02:20 *remote host* sshd[4220]: Received disconnect from *my-ip*: 11: disconnected by user
Jun 13 07:02:20 *remote host* sshd[4206]: pam_unix(sshd:session): session closed for user admin
并且客户端上的详细连接没有错误,只发送私钥并跳转到密码:
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: *local/user/home*/.ssh/id_rsa ((nil))
debug2: key: *local/user/home*/.ssh/id_dsa ((nil))
debug2: key: *local/user/home*/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found
debug2: we did not send a packet, disable method
debug1: Next authentication method: publickey
debug1: Trying private key: *local/user/home*/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: *local/user/home*/.ssh/id_dsa
debug1: Trying private key: *local/user/home*/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
admin@*remote server*'s password:
在阅读建议并遵循第二份指南后,我尝试在本地和远程 ~/.ssh/ 目录中的所有内容上设置 755 和 600,但仍然不起作用。正如我所说,我复制并粘贴了此命令:
cat id_rsa.pub >> authorized_keys
将密钥复制到authorized_keys文件中;我复制并粘贴了两个指南中的所有命令,以确保我的配置没有任何错误。
有任何想法吗?
答案1
您的 AuthorizedKeysFile 参数值有误。来自 man sshd_config:
AuthorizedKeysFile 可能包含 %T 形式的令牌,这些令牌在连接设置期间被替换。定义了以下令牌:%% 被文字“%”替换,%h 被正在验证的用户的主目录替换,%u 被该用户的用户名替换。扩展后,AuthorizedKeysFile 被视为绝对路径或相对于用户主目录的路径。默认值为“.ssh/authorized_keys”。
答案2
感谢大家的帮助。我想你们都不愿意听到它今天神奇地自行修复了。没错:我醒来后,在 VPS 上安装了一些其他软件(一些与 irssi 相关的东西),重新启动,(尽管我昨晚试过了,同时重新加载了 sshd 服务)登录 SSH 尝试一些建议,它给了我一条新消息WARNING: UNPROTECTED PRIVATE KEY FILE!
。由于我最近一直chmod -R 755 .ssh/
在本地 SSH 文件上执行此操作,因为 600 出于某种奇怪的原因不允许它发出密钥,所以我chmod -R 700 .ssh/
在收到此警告后使用它,现在一切正常。我真的不知道发生了什么。再次感谢大家的时间。
答案3
SELinux 阻止 sshd 读取 $HOME/.ssh 的另一种解决方案是使用 restorecon,请参阅我的答案https://superuser.com/a/764020/213743。
答案4
另一个可能导致这种情况的we did not send a packet, disable method
原因是服务器配置为拒绝您的登录。例如,如果您尝试以 身份登录,而root
配置中包含PermitRootLogin no
。