通过 .ssh/config 进行 SSH 证书认证

通过 .ssh/config 进行 SSH 证书认证

如果我直接在 shell 中发出命令,我可以使用证书登录到我的服务器:

$ ssh -p 26000 [email protected]

但是,当我在 .ssh/config 中配置此主机时,会恢复到密码验证。

Host jumanji
  HostName jumanji.gov
  User rambo
  Port 26000
  IdentityFile ~/.ssh/jumanji_rsa.pub

所以

$ ssh jumanji
[email protected]'s password

之前 SSH 抱怨 jumanji_rsa.pub 上的权限设置得太开放,设置为 644。我将其改为 600,权限错误消失,并获得了密码回退。然后我将其改回 644,SSH 仍然没有抱怨权限,但仍然需要密码。

我也重新启动了 sshd 几次。

ssh -v jumanji评论中每个请求的输出:

$ ssh -v jumanji
OpenSSH_5.9p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /Users/bronson/.ssh/config
debug1: /Users/bronson/.ssh/config line 11: Applying options for jumanji
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to jumanji.gov [192.***.***.**] port 26000.
debug1: Connection established.
debug1: identity file /Users/bronson/tmp/ssh/jumanji_rsa.pub type -1
debug1: identity file /Users/bronson/tmp/ssh/jumanji_rsa.pub-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4
debug1: match: OpenSSH_6.0p1 Debian-4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 14:3b:75:e0:03:24:f9:f9:69:3d:9d:80:14:3d:1c:bd
debug1: checking without port identifier
debug1: Host 'jumanji.gov' is known and matches the RSA host key.
debug1: Found key in /Users/bronson/.ssh/known_hosts:15
debug1: found matching key w/out port
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/bronson/tmp/ssh/jumanji_rsa.pub
debug1: Next authentication method: password
[email protected]'s password:

答案1

600是正确的权限——适用于您的 ssh 配置和私钥。IdentityFile应该指向您的私钥,而不是公钥。因此您应该想要:

Host jumanji
  HostName jumanji.gov
  User rambo
  Port 26000
  IdentityFile ~/.ssh/jumanji_rsa

这是假设的内容jumanji_rsa.pub已经附加到远程服务器的~/.ssh/authorized_keys

相关内容