ssh key auth 仍然要求输入密码(未设置密码)

ssh key auth 仍然要求输入密码(未设置密码)

尝试使用密钥验证和无密码短语设置到我的 CentOS VPS 的 SSH,以便我可以从我的 Debian 7 本地服务器自动连接。我甚至从网上的两个不同指南中复制和粘贴了内容(这里这里),但系统仍要求我输入密码。(不是密码短语)

我的远程 sshd_config 身份验证部分,在 kerberos 部分之前被切断:

    # Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile ~/.ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

远程 /var/log/secure 没有错误:

Jun 13 07:02:14 *remote host* sshd[4206]: Accepted password for admin from *my-ip* port 48919 ssh2
Jun 13 07:02:15 *remote host* sshd[4206]: pam_unix(sshd:session): session opened for user admin by (uid=0)
Jun 13 07:02:20 *remote host* sshd[4220]: Received disconnect from *my-ip*: 11: disconnected by user
Jun 13 07:02:20 *remote host* sshd[4206]: pam_unix(sshd:session): session closed for user admin

并且客户端上的详细连接没有错误,只发送私钥并跳转到密码:

debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: *local/user/home*/.ssh/id_rsa ((nil))
debug2: key: *local/user/home*/.ssh/id_dsa ((nil))
debug2: key: *local/user/home*/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found

debug2: we did not send a packet, disable method
debug1: Next authentication method: publickey
debug1: Trying private key: *local/user/home*/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: *local/user/home*/.ssh/id_dsa
debug1: Trying private key: *local/user/home*/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
admin@*remote server*'s password:

在阅读建议并遵循第二份指南后,我尝试在本地和远程 ~/.ssh/ 目录中的所有内容上设置 755 和 600,但仍然不起作用。正如我所说,我复制并粘贴了此命令:

cat id_rsa.pub >> authorized_keys

将密钥复制到authorized_keys文件中;我复制并粘贴了两个指南中的所有命令,以确保我的配置没有任何错误。

有任何想法吗?

答案1

您的 AuthorizedKeysFile 参数值有误。来自 man sshd_config:

AuthorizedKeysFile 可能包含 %T 形式的令牌,这些令牌在连接设置期间被替换。定义了以下令牌:%% 被文字“%”替换,%h 被正在验证的用户的主目录替换,%u 被该用户的用户名替换。扩展后,AuthorizedKeysFile 被视为绝对路径或相对于用户主目录的路径。默认值为“.ssh/authorized_keys”。

答案2

感谢大家的帮助。我想你们都不愿意听到它今天神奇地自行修复了。没错:我醒来后,在 VPS 上安装了一些其他软件(一些与 irssi 相关的东西),重新启动,(尽管我昨晚试过了,同时重新加载了 sshd 服务)登录 SSH 尝试一些建议,它给了我一条新消息WARNING: UNPROTECTED PRIVATE KEY FILE!。由于我最近一直chmod -R 755 .ssh/在本地 SSH 文件上执行此操作,因为 600 出于某种奇怪的原因不允许它发出密钥,所以我chmod -R 700 .ssh/在收到此警告后使用它,现在一切正常。我真的不知道发生了什么。再次感谢大家的时间。

答案3

SELinux 阻止 sshd 读取 $HOME/.ssh 的另一种解决方案是使用 restorecon,请参阅我的答案https://superuser.com/a/764020/213743

答案4

另一个可能导致这种情况的we did not send a packet, disable method原因是服务器配置为拒绝您的登录。例如,如果您尝试以 身份登录,而root配置中包含PermitRootLogin no

相关内容