我在互联网上搜索并尝试了许多解决方案,了解为什么我仍然无法进行无密码远程服务器访问,但我似乎无法使其工作。
我已按照此步骤创建 ssh 密钥并将其复制到远程服务器:
- 首先,我清理了我的
authorized_key
&known_hosts
文件,以便我的本地服务器和远程服务器中不再有注册密钥。 然后我开始创建 ssh 密钥并在下面输入:
ssh-keygen -t rsa -f ~/.ssh/local_key
这是我按回车后的结果:
Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/local_key. Your public key has been saved in /home/user/.ssh/local_key.pub. The key fingerprint is: SHA256:yZ3CgQ2CtyMJHyvkGFyZNQ5U7XX1RzD8SOm9bxCbODg user@myserver The key's randomart image is: +---[RSA 2048]----+ |. o=*+o .ooo.| |oooo+..= . . =o | |++ = oo + . o =.| |o.= o + + . + +| | . . . S o. . +.| | .E o +. | | . . ..| | o| | . | +----[SHA256]-----+
然后我将公钥复制到远程服务器:
ssh-copy-id -i ~/.ssh/local_key.pub user@myremoteserver
然后我收到提示并输入了我的密码:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user/.ssh/local_key.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@myremoteserver's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'user@myremoteserver'"
and check to make sure that only the key(s) you wanted were added.
我尝试执行ssh 'user@myremoteserver'
或scp
复制文件,但仍然需要密码。
编辑:这是运行命令后的输出ssh -v user@myremoteserver
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to myremoteserver [10.1.250.174] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: kex: [email protected] need=20 dh_need=20
debug1: kex: [email protected] need=20 dh_need=20
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 7c:ef:fc:81:8a:02:35:8f:c2:a6:5a:fb:af:ef:9e:95
debug1: Host 'myremoteserver' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:6
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:54339)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:54339)
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Trying private key: /home/user/.ssh/id_ed25519
debug1: Next authentication method: password
user@myremoteserver's password:
更新:
我已按照您的建议添加权限 700.ssh
和 600 authorized_keys
。我运行这个脚本ssh-copy-id -i ~/.ssh/local_key.pub user@myremoteserver
然后我得到了这个:
The authenticity of host 'myremoteserver (10.1.250.174)' can't be established.
ECDSA key fingerprint is 7c:ef:fc:81:8a:02:35:8f:c2:a6:5a:fb:af:ef:9e:95.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@myremoteserver's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'user@myremoteserver'"
and check to make sure that only the key(s) you wanted were added.
毕竟,我仍然要求输入密码。 :(
答案1
答案2
您可以检查目标服务器上是否启用了SELinux。