我已经设置了一个 ssh 密钥,并且想要仅使用密钥连接到 localhost,而无需密码(注意:这只是一个测试;最终我想连接到内部 git 服务器,那里也会出现同样的问题)。以下是输出ssh-v 本地主机
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/myusername/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/myusername/.ssh/id_rsa type 1
debug1: identity file /home/myusername/.ssh/id_rsa-cert type -1
debug1: identity file /home/myusername/.ssh/id_dsa type -1
debug1: identity file /home/myusername/.ssh/id_dsa-cert type -1
debug1: identity file /home/myusername/.ssh/id_ecdsa type -1
debug1: identity file /home/myusername/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/myusername/.ssh/id_ed25519 type -1
debug1: identity file /home/myusername/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 7f:96:64:b2:df:f5:de:e8:af:ff:5d:da:5e:3d:e4:c1
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /home/myusername/.ssh/known_hosts:12
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/myusername/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/myusername/.ssh/id_dsa
debug1: Trying private key: /home/myusername/.ssh/id_ecdsa
debug1: Trying private key: /home/myusername/.ssh/id_ed25519
debug1: Next authentication method: password
我阅读了几篇关于类似问题的帖子,并检查了几个提示:
- $HOME 目录 (700)、.ssh (700) 和 .ssh/* (644,authorized_keys 和 id_rsa 除外,它们有 600) 权限应该正确
- 通过密码连接有效
有趣的是,我的计算机明确指出它接受该密钥:
debug1: Server accepts key: pkalg ssh-rsa blen 279
编辑:相应的 auth.log 条目:
May 18 16:34:44 desktop-178 sshd[3330]: error: RSA_public_decrypt failed: error:0407006A:lib(4):func(112):reason(106)
May 18 16:34:52 desktop-178 sshd[3330]: Connection closed by 127.0.0.1 [preauth]
但是最后系统要求我输入密码。我该如何解决这个问题?
答案1
我会将其作为答案发布,因为它部分解决了这个问题,但我并不满意,因为我不明白出了什么问题。
发现于:https://www.redhat.com/archives/rhl-list/2009-June/msg03099.html
如果我将私钥的名称更改为 id_rsa.old,然后使用 -i 标志指定它,那么我就可以登录到第一个主机。
我可以确认这是有效的,但这充其量只是一种麻烦,而且完全令人困惑。