我已生成 ssh 密钥,我已取消注释公钥身份验证,并在 /etc/ssh/sshd_config 文件中将其设置为 yes。有人发现我的配置中遗漏或不理解的内容了吗?输入密码让我很难过。._。
wsl home ssh 文件夹 -- ~/.ssh
weh@workPC:/mnt/c/Users/weh/Downloads$ ls -l ~/.ssh
total 16
-rw------- 1 weh weh 1675 Jun 2 09:27 id_rsa
-rw-r--r-- 1 weh weh 399 Jun 2 09:27 id_rsa.pub
-rw-r--r-- 1 weh weh 10832 Jul 20 10:41 known_hosts
centos sshd 文件夹 /etc/ssh
ls -l /etc/ssh
total 276
-rw-r--r--. 1 root root 242153 Apr 12 09:05 moduli
-rw-r--r--. 1 root root 2208 Apr 12 09:05 ssh_config
-rw-------. 1 root root 4471 Jul 27 12:18 sshd_config
-rw-r-----. 1 root ssh_keys 227 Apr 23 2016 ssh_host_ecdsa_key
-rw-r--r--. 1 root root 162 Apr 23 2016 ssh_host_ecdsa_key.pub
-rw-r-----. 1 root ssh_keys 387 Apr 23 2016 ssh_host_ed25519_key
-rw-r--r--. 1 root root 82 Apr 23 2016 ssh_host_ed25519_key.pub
-rw-r-----. 1 root ssh_keys 1679 Apr 23 2016 ssh_host_rsa_key
-rw-r--r--. 1 root root 382 Apr 23 2016 ssh_host_rsa_key.pub
centos sshd_config 文件
#$OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Ciphers and keying
#RekeyLimit default none
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
LogLevel DEBUG
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
MaxAuthTries 2
#MaxSessions 10
MaxSessions 6
#GSSAPIEnablek5users no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
PermitTunnel yes
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
ssh 从 wsl 到 centos 详细模式
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for my.spout.com
debug1: /etc/ssh/ssh_config line 29: Applying options for *
debug1: Connecting to my.spout.com [8.8.8.8] port 22.
debug1: Connection established.
debug1: identity file /home/weh/.ssh/id_rsa type 1
debug1: identity file /home/weh/.ssh/id_rsa-cert type -1
debug1: identity file /home/weh/.ssh/id_dsa type -1
debug1: identity file /home/weh/.ssh/id_dsa-cert type -1
debug1: identity file /home/weh/.ssh/id_ecdsa type -1
debug1: identity file /home/weh/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/weh/.ssh/id_ed25519 type -1
debug1: identity file /home/weh/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA a7:ff:43:28:6a:f7:1b:3e:25:14:93:57:d3:c9:57:4c
debug1: Host 'my.spout.com' is known and matches the ECDSA host key.
debug1: Found key in /home/weh/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/weh/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/weh/.ssh/id_dsa
debug1: Trying private key: /home/weh/.ssh/id_ecdsa
debug1: Trying private key: /home/weh/.ssh/id_ed25519
debug1: Next authentication method: password
[email protected]'s password:
debug1: Authentication succeeded (password).
Authenticated to my.spout.com ([8.8.8.8]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Thu Jul 27 12:18:22 2017 from 8.8.4.4
先感谢您!!
答案1
Jakuje 提醒了我关于 selinux 的事情。我从未遇到过与 ssh 密钥相关的 selinux 问题,但总有第一次!我的 ~/.ssh/* selinux 上下文是 unconfined_u:object_r:unlabeled_t:s0,而它们应该是 unconfined_u:object_r:user_home_t:s0。更改上下文类型后,我能够使用 ssh-copy-id 并直接 ssh 进入!
谢谢你!!