OpenSSH 客户端拒绝使用新的密钥文件

OpenSSH 客户端拒绝使用新的密钥文件

在一台服务器上生成新的 ssh 私钥(id_rsa)并将其分发到服务器网络中后,一台服务器无法使用新密钥,而是回退到密码认证。

将 id_rsa 复制到新文件并使用它可以。

$ ssh -i id_rsa user@server
user@server's password:
$ cp id_rsa id_rsa.copy
$ chmod --reference=id_rsa id_rsa.copy
$ ssh -i id_rsa.copy user@server
Last login: Wed Apr  2 06:30:36 2014 from otherhost
[user@server ~]$

运行ssh -vvv调试:

id_rsa:

debug3: Not a RSA1 key file id_rsa.
...
debug1: identity file id_rsa type 1
...
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password

id_rsa.复制:

debug3: Not a RSA1 key file id_rsa.copy.
...
debug1: identity file id_rsa.copy type -1
...
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: id_rsa.copy
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug1: Authentication succeeded (publickey).

因此,出于某种原因,OpenSSH 以不同的方式处理密钥文件。但为什么呢?

答案1

原来出现问题的服务器两个都 id_rsa以及id_rsa.pub之前复制的密钥文件。复制新密钥文件时,我只覆盖了id_rsa原文件id_rsa.pub。这导致 ssh 使用id_rsa不正确。

删除id_rsa.pub或更新为正确的版本解决了问题。

相关内容