密钥认证在 Ubuntu SSH 服务器中不起作用

密钥认证在 Ubuntu SSH 服务器中不起作用

我正在尝试设置我的 ssh 服务器以进行无密码登录(密钥登录),但它不起作用。我尝试了不同的权限,尝试了不同的用户名。结果相同。它继续要求我输入密码。所以我在登录时打开了详细设置,并在此处发布输出,但首先让我告诉你我是如何配置的

mkdir .ssh 
ssh-keygen -t rsa -b 4096
#this created the id_rsa (private) and id_rsa.pub (public)
#then I copied the pub key over to server but first created .ssh on server
mkdir .ssh
#copy key
scp ~/.ssh/id_rsa.pub [email protected]:/home/user/.ssh

cat .ssh/id_rsa.pub >> .ssh/authorized_keys

then I changed permissions to remote .ssh dir
chmod 0700 .ssh
chmod 0600 .ssh/*

尝试连接并仍然要求输入密码...我在这里遗漏了什么

 ssh [email protected] -v
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.137.5 [192.168.137.5] port 22.
debug1: Connection established.
debug1: identity file /home/jsmith/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/jsmith/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jsmith/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jsmith/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jsmith/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jsmith/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jsmith/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jsmith/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.137.5:22 as 'jsmith'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:fki8+w3jFMEPfWs1Onmyg/F49v5gmkJw+IQPIO04dFE
debug1: Host '192.168.137.5' is known and matches the ECDSA host key.
debug1: Found key in /home/jsmith/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected]>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:Z25KcC58I5C8/mvtJmlRDL5AOZ5cIYXY8nbgfIABFVU /home/jsmith/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 535
Enter passphrase for key '/home/jsmith/.ssh/id_rsa':
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.137.5 ([192.168.137.5]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Remote: /home/jsmith/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: /home/jsmith/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Sending environment.
debug1: Sending env LANG = C.UTF-8
Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-42-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Fri 07 Aug 2020 11:54:16 PM UTC

  System load:  0.03              Processes:               137
  Usage of /:   72.2% of 3.87GB   Users logged in:         1
  Memory usage: 14%               IPv4 address for enp0s3: 192.168.137.5
  Swap usage:   0%

 * Are you ready for Kubernetes 1.19? It's nearly here! Try RC3 with
   sudo snap install microk8s --channel=1.19/candidate --classic

   https://microk8s.io/ has docs and details.

0 updates can be installed immediately.
0 of these updates are security updates.


Last login: Fri Aug  7 23:50:02 2020 from 192.168.137.1

答案1

输出显示你从未被要求输入远程系统的密码。但是你被要求输入密钥的密码,然后密钥就可以使用了:ssh [email protected] -v

Enter passphrase for key '/home/jsmith/.ssh/id_rsa':
debug1: Authentication succeeded (publickey).

显然,您在创建密钥时指定了一个非空密码。我猜这个密码与您在远程服务器上的密码相同。您可能认为密钥可以通过存储您在没有密钥的情况下使用的密码来工作;并且您出于这种想法将密码输入为密码。连接时,系统会要求您输入密码,由于密码与密码相同,您认为系统会要求您输入密码,并且您认为您已使用密码进行了身份验证,因此它起作用了。

实际情况是这样的:您的私钥以加密形式存储。当您尝试连接时,您需要提供密码来解密本地计算机上的密钥,以便可以使用该密钥对您进行身份验证。密码不会泄露给远程服务器,也不会直接用于对您进行身份验证。它仅用于解密您的私钥,然后使用解密后的密钥。

密码和口令是不同的概念。在创建密钥时,您可以使用与密码无关的密码。为了能够在不输入任何内容的情况下进行身份验证,请使用空密码创建密钥。

您的密钥本身似乎工作正常。无需创建另一个密钥(这次使用空密码),因为您可以从当前密钥中删除密码

# on the machine where the private key is, not on the server
ssh-keygen -p

程序会提示您输入密钥文件位置(/home/jsmith/.ssh/id_rsa可能是默认位置,因此按 即可Enter)、旧密码和新密码(两次)。Enter出现提示时,只需点击 即可将新密码清空。然后,您无需输入任何密码或密码即可连接到服务器。

答案2

如果用户有 RSA 密钥,您应该在登录时提供私钥(身份文件),使用以下语法: ssh -i /local/path/to/private/key user@destinationIP

相关内容