Ssh- 通过一台机器与用户连接(ssh)仅提示输入 ssh 密码,但通过所有其他机器,它会要求输入用户密码

tag-icon tag-icon linux ssh remote-access ssh-keys
Ssh- 通过一台机器与用户连接(ssh)仅提示输入 ssh 密码,但通过所有其他机器,它会要求输入用户密码

编辑于 2020/01/31:

我尝试在我这边的两台不同的机器上运行“sshd -t”,得到了以下结果:

mavridks@rh04359:~$ sshd -t
/etc/ssh/sshd_config line 16: Deprecated option UsePrivilegeSeparation
/etc/ssh/sshd_config line 20: Deprecated option KeyRegenerationInterval
/etc/ssh/sshd_config line 21: Deprecated option ServerKeyBits
/etc/ssh/sshd_config line 32: Deprecated option RSAAuthentication
/etc/ssh/sshd_config line 39: Deprecated option RhostsRSAAuthentication
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key


mavridks@rh02500:~/.ssh$ sshd -t
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key

编辑:根据有用的评论,我在这里指定了帖子中用于机器和用户的不同名称:

  1. 我=mavridks
  2. 管理员=sft_wade
  3. 有几台机器。machine1=gaia=rh04359
  4. 所有其他名称都只是系统预先配置的名称,因此可能存在 machine2=draco=rh3805 或 machine2=geras=rh4357 。还有其他机器。也许问题就在这里:管理员可能在 ssh 密钥上犯了错误?

我能够使用 ssh 连接到我的帐户的几台不同的远程机器,我们姑且称之为“我”。因此,为了连接,我使用

ssh me@machine1
ssh me@machine2

连接正常。

然后,我还可以连接到另一个具有读写权限的用户,我们称该用户为管理员。

然后,从 machine1 可以执行以下操作:

ssh admin@machine1

。系统提示我输入 ssh 密码,该密码与我最初连接远程机器时使用的密码相同。

我应该能够从所有机器执行相同操作,因此,从 machine2 也一样。但是当我尝试从 machine2 执行相同操作时,ssh 密码不起作用,并提示我输入管理员的登录密码。

尝试调试时,我ssh -Tvv admin@machine<number>在两台机器上都执行了。我可以看到第一台机器检查了 ssh 密码并连接,但第二台机器给出“我们发送了一个包...”,然后要求输入管理员用户的登录密码。

结果如下:

Machine1(连接的机器):

mavridks@rh04359:/etc/ssh$ ssh -Tvv sft_wade@gaia
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "gaia" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to gaia [127.0.1.1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/mavridks/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mavridks/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mavridks/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mavridks/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mavridks/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mavridks/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mavridks/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mavridks/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to gaia:22 as 'sft_wade'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:dOytZQACouz4KgkzRP2tz76s8+R/r+pWpI+agSnOILc
debug1: Host 'gaia' is known and matches the ECDSA host key.
debug1: Found key in /home/mavridks/.ssh/known_hosts:3
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/mavridks/.ssh/id_rsa ((nil))
debug2: key: /home/mavridks/.ssh/id_dsa ((nil))
debug2: key: /home/mavridks/.ssh/id_ecdsa ((nil))
debug2: key: /home/mavridks/.ssh/id_ed25519 ((nil))
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/mavridks/.ssh/id_rsa
Enter passphrase for key '/home/mavridks/.ssh/id_rsa': 
debug2: we sent a publickey packet, wait for reply
debug1: Authentication succeeded (publickey).
Authenticated to gaia ([127.0.1.1]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug1: Sending environment.
debug1: Sending env LC_MEASUREMENT = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_PAPER = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_MONETARY = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_NAME = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_ADDRESS = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_NUMERIC = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_TELEPHONE = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_IDENTIFICATION = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_TIME = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 1
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-74-generic x86_64)

机器2:


mavridks@rh03805:/etc/ssh$ ssh -Tvv sft_wade@draco
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "draco" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to draco [172.16.36.53] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/mavridks/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mavridks/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mavridks/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mavridks/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mavridks/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mavridks/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mavridks/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mavridks/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to draco:22 as 'sft_wade'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Zj/8sj/e4MYcgXwpj3ETm9OqnwNtFb+w7HN8OMnAQ88
debug1: Host 'draco' is known and matches the ECDSA host key.
debug1: Found key in /home/mavridks/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/mavridks/.ssh/id_rsa ((nil))
debug2: key: /home/mavridks/.ssh/id_dsa ((nil))
debug2: key: /home/mavridks/.ssh/id_ecdsa ((nil))
debug2: key: /home/mavridks/.ssh/id_ed25519 ((nil))
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/mavridks/.ssh/id_rsa
Enter passphrase for key '/home/mavridks/.ssh/id_rsa': 
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/mavridks/.ssh/id_dsa
debug1: Trying private key: /home/mavridks/.ssh/id_ecdsa
debug1: Trying private key: /home/mavridks/.ssh/id_ed25519
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
sft_wade@draco's password:

现在,如果我检查两台机器上的 .ssh/id_rsa 文件,它们是相同的。此外,authorized_keys 也相同。

最后,在文件夹 /etc/ssh/ 中,我发现其中的文件存在一些差异(不知道这是否相关):

Machine1 的 /etc/ssh/ 内容

moduli                ssh_host_dsa_key.pub      ssh_host_rsa_key
ssh_config            ssh_host_ecdsa_key        ssh_host_rsa_key.pub
sshd_config           ssh_host_ecdsa_key.pub    ssh_import_id
sshd_config.ucf-dist  ssh_host_ed25519_key
ssh_host_dsa_key      ssh_host_ed25519_key.pub

Machine2 的 /etc/ssh/ 内容

moduli                ssh_host_ecdsa_key        ssh_host_rsa_key.pub
ssh_config            ssh_host_ecdsa_key.pub    ssh_import_id
ssh_config.orig       ssh_host_ed25519_key      sshd_config
ssh_host_dsa_key      ssh_host_ed25519_key.pub  sshd_config.orig
ssh_host_dsa_key.pub  ssh_host_rsa_key

因此,我可以在终端上看到,由于某种原因,第二台机器没有使用 ssh 密钥完成该过程,并且它要求我输入管理员的登录密码。任何见解都非常感谢。

编辑:我正在添加来自评论的信息:

从我这边,在 machine1 上(通过 ssh 连接到管理员的机器):

mavridks@rh04359:~/.ssh$ ls -tlr
total 16
-rw------- 1 mavridks mcm 1766 Nov 29 10:01 id_rsa
-rw-r--r-- 1 mavridks mcm  413 Nov 29 10:01 authorized_keys
-rw------- 1 mavridks mcm 1693 Jan 22 10:37 known_hosts.old
-rw------- 1 mavridks mcm 2137 Jan 23 13:49 known_hosts

mavridks@rh04359:~/.ssh$ stat authorized_keys 
  File: authorized_keys
  Size: 413         Blocks: 8          IO Block: 1048576 regular file
Device: 3ah/58d Inode: 116277297   Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 2091/mavridks)   Gid: ( 2000/     mcm)
Access: 2020-01-28 12:44:28.420103897 +0100
Modify: 2019-11-29 10:01:08.522918662 +0100
Change: 2019-11-29 10:04:25.994665186 +0100
 Birth: -

从我这边,在 machine1 上(通过 ssh 连接到管理员的机器):

mavridks@rh04357:~/.ssh$ ls -tlr
total 16
-rw------- 1 mavridks mcm 1766 Nov 29 10:01 id_rsa
-rw-r--r-- 1 mavridks mcm  413 Nov 29 10:01 authorized_keys
-rw------- 1 mavridks mcm 1693 Jan 22 10:37 known_hosts.old
-rw------- 1 mavridks mcm 2137 Jan 23 13:49 known_hosts


mavridks@rh04357:~/.ssh$ stat authorized_keys 
  File: authorized_keys
  Size: 413         Blocks: 8          IO Block: 1048576 regular file
Device: 33h/51d Inode: 116277297   Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 2091/mavridks)   Gid: ( 2000/     mcm)
Access: 2020-01-28 12:44:28.420103897 +0100
Modify: 2019-11-29 10:01:08.522918662 +0100
Change: 2019-11-29 10:04:25.994665186 +0100
 Birth: -

最后,从管理员角度执行相同的命令,在机器上就可以正常工作(machine1)

sft_wade@rh04359:~/.ssh$ ls -tlr
total 40
-rw------- 1 sft_wade mcm   668 Dec 19 08:16 id_dsa
-rw------- 1 sft_wade mcm   610 Dec 19 08:16 id_dsa.pub
-rw------- 1 sft_wade mcm  1679 Dec 19 08:16 id_rsa
-rw-r--r-- 1 sft_wade mcm   402 Dec 19 08:16 id_rsa.pub
-rw-r--r-- 1 sft_wade mcm  1641 Dec 19 08:16 authorized_keys
-rw-r--r-- 1 sft_wade mcm 16582 Jan 23 13:16 known_hosts
sft_wade@rh04359:~/.ssh$ stat authorized_keys 
  File: authorized_keys
  Size: 1641        Blocks: 8          IO Block: 1048576 regular file
Device: 3ah/58d Inode: 101449741   Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 2002/sft_wade)   Gid: ( 2000/     mcm)
Access: 2020-01-22 14:32:30.072151203 +0100
Modify: 2019-12-19 08:16:30.823957194 +0100
Change: 2019-12-19 08:16:30.823957194 +0100
 Birth: -

请告诉我还有哪些相关信息。我想了解这是如何运作的。

相关内容