我正在使用这个 .ssh/config:
Host myserver
HostName 12.34.67.89
User anyuser
IdentityFile /root/.ssh/anything_rsa
但运行ssh myserver会返回Permission denied (publickey)错误。
root/.ssh/anything_rsa为什么不使用给定的身份文件 ( )?相反,它似乎使用/root/.ssh/id_rsa
OpenSSH_7.0p1, OpenSSL 1.0.1r 28 Jan 2016
debug1: Connecting to myserver [12.34.67.89] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to myserver:22 as 'admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: XXXXX
debug1: Host 'myserver' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:4
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
跑步ssh -v -i /root/.ssh/anything_rsa -l anyuser myserver是有作用的。所以看来配置文件没有正确使用......我根本不明白......
答案1
您的帖子下面的评论表明这/root/.ssh是另一个目录的符号链接。我从来没有理由使用符号链接的 .ssh 目录,但我相当确定 ssh 将完全忽略不属于相关用户所有的 .ssh 目录,或者是组或世界可读的。 IOW,它必须是chown root所有权chmod 0700和权限。我的预感是,符号链接的目标目录 ( /etc/config/ssh) 要么不属于 root,要么不是 0700,因此 ssh 会忽略您的配置文件并使用默认的 IdentityFile 名称 id_rsa。
更新:您在本文下面的评论表明,尽管您引用的IdentityFile是 root 的 .ssh 目录,但您实际上并未以 root 身份运行。以下部分已被编辑以反映您的用户名admin。
为了排除故障,请考虑尝试:
cd ~admin
mkdir .ssh
chmod 700 .ssh
cp -RLp /etc/config/ssh/* .ssh
chown -R admin .ssh
然后再试一次。
答案2
您需要IdentitiesOnly yes在您的~/.ssh/config(或全局/etc/ssh/ssh_config)中进行设置,否则也会尝试所有其他可用的身份。
仅使用用IdentitiesOnly yes定义的身份IdentityFile(以及用 定义的证书CertificateFile)(如果未在命令行上传递)。
Host myserver
HostName 12.34.67.89
User anyuser
IdentitiesOnly yes
IdentityFile /root/.ssh/anything_rsa
答案3
如果有人像我一样因为尝试建立从 QNAP NAS 到 Linux 机器的 SSH 而来到这个帖子,答案如下:
就我而言,我id_rsa在 NAS 上从admin( /share/homes/admin/.ssh/id_rsa) 生成,这是默认的sudo。我尝试使用命令连接到linux主机
ssh root@hostname
返回一个错误。但
ssh -i /share/homes/admin/.ssh/id_rsa root@hostname
作品。
因此,要连接到远程主机上的根用户,您不需要从管理员生成新密钥,您需要使用/root/.ssh/NAS 上已经存在的密钥对。或者在那里生成一对新的。