我想通过 SSH 不使用密码但使用 RSA 密钥对登录我的 MacBook Prob。但是,即使我将公钥添加到 ~/.ssh/authorized_keys,登录我的 MacOS 仍然需要密码。以下是在我的 MacOS 上运行的可重现的命令序列:
$ ssh-keygen -t rsa
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys
$ ssh localhost -v
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to localhost port 22.
debug1: Connection established.
debug1: identity file /Users/jasonmiu/.ssh/id_rsa type 0
debug1: identity file /Users/jasonmiu/.ssh/id_rsa-cert type -1
debug1: identity file /Users/jasonmiu/.ssh/id_dsa type -1
debug1: identity file /Users/jasonmiu/.ssh/id_dsa-cert type -1
debug1: identity file /Users/jasonmiu/.ssh/id_ecdsa type -1
debug1: identity file /Users/jasonmiu/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/jasonmiu/.ssh/id_ed25519 type -1
debug1: identity file /Users/jasonmiu/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/jasonmiu/.ssh/id_xmss type -1
debug1: identity file /Users/jasonmiu/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9
debug1: match: OpenSSH_7.9 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:22 as 'jasonmiu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:7QVvRsi/mPrgwPil4W7FmlyyimpDC8QiAApfwzXbKqQ
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /Users/jasonmiu/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Will attempt key: /Users/jasonmiu/.ssh/id_rsa RSA SHA256:wFRcKxEUX+Y0FVLDUMv+GMZN60WWUHqAUaaKztEGMbU
debug1: Will attempt key: /Users/jasonmiu/.ssh/id_dsa
debug1: Will attempt key: /Users/jasonmiu/.ssh/id_ecdsa
debug1: Will attempt key: /Users/jasonmiu/.ssh/id_ed25519
debug1: Will attempt key: /Users/jasonmiu/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/jasonmiu/.ssh/id_rsa RSA SHA256:wFRcKxEUX+Y0FVLDUMv+GMZN60WWUHqAUaaKztEGMbU
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /Users/jasonmiu/.ssh/id_dsa
debug1: Trying private key: /Users/jasonmiu/.ssh/id_ecdsa
debug1: Trying private key: /Users/jasonmiu/.ssh/id_ed25519
debug1: Trying private key: /Users/jasonmiu/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
Password:
在我的 /etc/ssh/sshd_config 中,我启用了以下选项:
PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
同样的命令在我的另一台 Linux 机器上也有效。我的 MacOS 版本是 10.14.4 Mojave。
这是我的“$ ls -al”的输出
$ ls -al
total 32
drwx------ 6 jasonmiu staff 192 Apr 12 03:50 .
drwxrwxrwx 73 jasonmiu staff 2336 Apr 12 18:26 ..
-rw------- 1 jasonmiu staff 403 Apr 12 03:50 authorized_keys
-rw------- 1 jasonmiu staff 1831 Apr 12 03:50 id_rsa
-rw-r--r-- 1 jasonmiu staff 403 Apr 12 03:50 id_rsa.pub
-rw-r--r-- 1 jasonmiu staff 171 Apr 12 03:50 known_hosts
答案1
除了@4symm3trica1答案中提供的所有选项外,您还应该在文件中附加一行/etc/ssh/sshd_config,即
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /Users/abhishek/.ssh/authorized_keys
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
StrictModes no
然后使用以下命令在 Mac 中重新启动 sshd 守护程序:
sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist
答案2
尝试在您的 sshd_config 中修改/添加以下值:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
这应该禁用密码验证。
将目录权限设置为
sudo chown -R jasonmiu /Users/jasonmiu/
sudo chmod 700 /Users/jasonmiu/.ssh
sudo chmod 600 /Users/jasonmiu/.ssh/authorized_keys
并检查系统偏好设置/共享中的远程登录是否启用以及您的用户是否已添加到那里。
答案3
我设法弄了一台新的 Mojave Macbook Pro 来测试这个问题,而这个 SSHD 问题并没有发生在这台新的 Majava MBP 上。所以我决定在我的 MBP 上从头开始重新安装 MacOS。重新安装后,问题就消失了。所以我猜测此 SSHD 无法与 RSA 密钥对连接,此问题是由之前的升级引入的。
这不是一个完美的解决方案,但对我来说是有效的。感谢大家的回答。