为什么在服务器上设置 SSH 密钥时仍会提示输入密码？

我们有两台 CentOS 6.9 服务器。一台我们称之为“INHOUSE”，另一台我们称之为“BACKUP”。

我们正在尝试设置一个使用 RSA 连接的脚本，通过该脚本我们可以从“INHOUSE”服务器通过 SSH 连接到“BACKUP”服务器。

这是我们以前做过的事情，但这一次给我们带来了问题。将 RSA 密钥从“INHOUSE”复制到“BACKUP”（并重新启动 SSHD 服务）后，我们可以通过 SSH 连接到“BACKUP”，但仍然会提示我们输入密码。

我知道此处解释了修复方法但这对我们来说不起作用。

我们尝试清除authorized_keys“BACKUP”文件的内容并重新添加密钥，但仍然不起作用。

我知道有时权限可能会成为问题。以下是我当前的权限设置：

关于“备份” /root/：

 drwxr-xr-x   2 root root  4096 Sep 18 11:14 .ssh

在/root/.ssh：

 -rwx------  1 root root  394 Sep 18 10:54 authorized_keys

关于“备份” /root/：

 drwxr-xr-x   2 root root  4096 Sep 18 10:35 .ssh

关于/root/.ssh“备份”：

 -rw-r--r-- 1 root root  391 Sep 18 10:35 authorized_keys

这也是我们/etc/ssh/sshd_config在每台服务器上的设置方式。

在“备份”上：（所有默认）

 #RSAAuthentication yes
 #PubkeyAuthentication yes
 #AuthorizedKeysFile     .ssh/authorized_keys
 #AuthorizedKeysCommand none
 #AuthorizedKeysCommandRunAs nobody

在“INHOUSE”上：（RSAAuth 是唯一的非默认设置）

 RSAAuthentication yes
 #PubkeyAuthentication yes
 #AuthorizedKeysFile     .ssh/authorized_keys
 #AuthorizedKeysCommand none
 #AuthorizedKeysCommandRunAs nobody

我们也尝试过以相反的方向进行设置。我们能SSH 从“BACKUP”到“INHOUSE”。

输出ssh -vvv显示以下内容；我还能尝试什么来使 SSH 从“INHOUSE”到“BACKUP”工作而无需提示输入密码？

 [root] INHOUSE:/root/.ssh> ssh -vvv root@BACKUP
 OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
 debug1: Reading configuration data /etc/ssh/ssh_config
 debug1: Applying options for *
 debug2: ssh_connect: needpriv 0
 debug1: Connecting to BACKUP [XXX.XXX.XXX.XXX] port 22.
 debug1: Connection established.
 debug1: permanently_set_uid: 0/0
 debug3: Not a RSA1 key file /root/.ssh/id_dsa.
 debug2: key_type_from_name: unknown key type '-----BEGIN'
 debug3: key_read: missing keytype
 debug3: key_read: missing whitespace
 debug3: key_read: missing whitespace
 debug3: key_read: missing whitespace
 debug3: key_read: missing whitespace
 debug3: key_read: missing whitespace
 debug3: key_read: missing whitespace
 debug3: key_read: missing whitespace
 debug3: key_read: missing whitespace
 debug3: key_read: missing whitespace
 debug3: key_read: missing whitespace
 debug2: key_type_from_name: unknown key type '-----END'
 debug3: key_read: missing keytype
 debug1: identity file /root/.ssh/id_dsa type 2
 debug1: identity file /root/.ssh/id_dsa-cert type -1
 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
 debug1: match: OpenSSH_5.3 pat OpenSSH*
 debug1: Enabling compatibility mode for protocol 2.0
 debug1: Local version string SSH-2.0-OpenSSH_5.3
 debug2: fd 3 setting O_NONBLOCK
 debug1: SSH2_MSG_KEXINIT sent
 debug3: Wrote 864 bytes for a total of 885
 debug1: SSH2_MSG_KEXINIT received
 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
 debug2: kex_parse_kexinit: [email protected],ssh-dss-cert-     [email protected],[email protected],[email protected],ssh-rsa,ssh-dss
 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,[email protected]
 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,[email protected]
 debug2: kex_parse_kexinit: hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96
 debug2: kex_parse_kexinit: hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96
 debug2: kex_parse_kexinit: none,[email protected],zlib
 debug2: kex_parse_kexinit: none,[email protected],zlib
 debug2: kex_parse_kexinit:
 debug2: kex_parse_kexinit:
 debug2: kex_parse_kexinit: first_kex_follows 0
 debug2: kex_parse_kexinit: reserved 0
 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
 debug2: kex_parse_kexinit: none,[email protected]
 debug2: kex_parse_kexinit: none,[email protected]
 debug2: kex_parse_kexinit:
 debug2: kex_parse_kexinit:
 debug2: kex_parse_kexinit: first_kex_follows 0
 debug2: kex_parse_kexinit: reserved 0
 debug2: mac_setup: found hmac-sha1
 debug1: kex: server->client aes128-ctr hmac-sha1 none
 debug2: mac_setup: found hmac-sha1
 debug1: kex: client->server aes128-ctr hmac-sha1 none
 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
 debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
 debug3: Wrote 24 bytes for a total of 909
 debug2: dh_gen_key: priv key bits set: 167/320
 debug2: bits set: 1035/2048
 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
 debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
 debug3: Wrote 272 bytes for a total of 1181
 debug3: check_host_in_hostfile: host BACKUP filename /root/.ssh/known_hosts
 debug3: check_host_in_hostfile: host BACKUP filename /root/.ssh/known_hosts
 debug3: check_host_in_hostfile: match line 14
 debug3: check_host_in_hostfile: host XXX.XXX.XXX.XXX filename /root/.ssh/known_hosts
 debug3: check_host_in_hostfile: host XXX.XXX.XXX.XXX filename /root/.ssh/known_hosts
 debug3: check_host_in_hostfile: match line 14
 debug1: Host 'BACKUP' is known and matches the RSA host key.
 debug1: Found key in /root/.ssh/known_hosts:14
 debug2: bits set: 1020/2048
 debug1: ssh_rsa_verify: signature correct
 debug2: kex_derive_keys
 debug2: set_newkeys: mode 1
 debug1: SSH2_MSG_NEWKEYS sent
 debug1: expecting SSH2_MSG_NEWKEYS
 debug3: Wrote 16 bytes for a total of 1197
 debug2: set_newkeys: mode 0
 debug1: SSH2_MSG_NEWKEYS received
 debug1: SSH2_MSG_SERVICE_REQUEST sent
 debug3: Wrote 52 bytes for a total of 1249
 debug2: service_accept: ssh-userauth
 debug1: SSH2_MSG_SERVICE_ACCEPT received
 debug2: key: /root/.ssh/id_dsa (0x7f3f19970a50)
 debug3: Wrote 68 bytes for a total of 1317
 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
 debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
 debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
 debug3: authmethod_lookup gssapi-keyex
 debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-     interactive,password
 debug3: authmethod_is_enabled gssapi-keyex
 debug1: Next authentication method: gssapi-keyex
 debug1: No valid Key exchange context
 debug2: we did not send a packet, disable method
 debug3: authmethod_lookup gssapi-with-mic
 debug3: remaining preferred: publickey,keyboard-interactive,password
 debug3: authmethod_is_enabled gssapi-with-mic
 debug1: Next authentication method: gssapi-with-mic
 debug3: Trying to reverse map address XXX.XXX.XXX.XXX.
 debug1: Unspecified GSS failure.  Minor code may provide more information
 Credentials cache file '/tmp/krb5cc_0' not found

 debug1: Unspecified GSS failure.  Minor code may provide more information
 Credentials cache file '/tmp/krb5cc_0' not found

 debug2: we did not send a packet, disable method
 debug3: authmethod_lookup publickey
 debug3: remaining preferred: keyboard-interactive,password
 debug3: authmethod_is_enabled publickey
 debug1: Next authentication method: publickey
 debug1: Offering public key: /root/.ssh/id_dsa
 debug3: send_pubkey_test
 debug2: we sent a publickey packet, wait for reply
 debug3: Wrote 532 bytes for a total of 1849
 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-     mic,password
 debug2: we did not send a packet, disable method
 debug3: authmethod_lookup password
 debug3: remaining preferred: ,password
 debug3: authmethod_is_enabled password
 debug1: Next authentication method: password

 root@BACKUP's password: