我有一个客户端和一个服务器,它们都基于 Slackware(版本 10.2.0 / 内核 2.6.15.4)。我想使用基于主机的 ssh 身份验证从客户端连接到服务器。这就是我到目前为止所做的。当然,我在 /etc/hosts 中为每台机器都有一个条目(客户端和服务器上的 IP;服务器和客户端上的 IP)。
Client:
vim /etc/ssh/ssh_config -> EnableSSHKeySign yes, HostbasedAuthentication yes
ssh-keyscan server >> /etc/ssh/ssh_known_hosts
/etc/rc.d/rc.sshd stop
/etc/rc.d/rc.sshd start
Server:
vim /etc/ssh/sshd_config -> HostbasedAuthentication yes, IgnoreRhosts no
touch /etc/ssh/shosts.equiv
vim /etc/ssh/shosts.equiv -> client root
ssh-keyscan client >> /etc/ssh/ssh_known_hosts
touch ~/.shosts -> client root
/etc/rc.d/rc.sshd stop
/etc/rc.d/rc.sshd start
当我尝试从服务器上的客户端使用 ssh 时
ssh server
我收到以下错误:
get_socket_address:getnameinfo 8 失败:名称或服务未知 userauth_hostbased:无法获取本地 ipaddr/name
详细 ssh 的完整日志是:
OpenSSH_4.2p1, OpenSSL 0.9.7g 11 Apr 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to server [192.168.1.102] port 22.
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2
debug1: match: OpenSSH_4.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug1: Next authentication method: hostbased
get_socket_address: getnameinfo 8 failed: Name or service not known
userauth_hostbased: cannot get local ipaddr/name
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug1: Next authentication method: password
root@server's password:
我的客户端上的 /etc/hosts 如下所示:
127.0.0.1 localhost
127.0.0.1 client.local client
192.168.1.101 client
192.168.1.102 server
服务器上的 /etc/hosts 如下所示:
127.0.0.1 localhost
127.0.0.1 server.local server
192.168.1.101 client
192.168.1.102 server
答案1
您的 /etc/hosts 条目似乎有误。查看您的 /etc/hosts 文件后:
我建议删除整行:
127.0.0.1 server.local server
和
127.0.0.1 client.local client
让客户端和客户端.local都指向 192.168.1.101 就可以了,而不是让其中一个指向 127.0.0.1,例如:
192.168.1.101 client client.local
要点是“服务器”和“客户端”在文件中只能出现一次,否则会造成混淆。我猜想它会使用文件中第一次出现的名称。
可以检查的一种方法是查看是否可以从客户端 ping 服务器。如果 ping 也失败,则也表明 /etc/hosts 错误。如果成功,则其他方面有问题。
在客户端上:
ping server
此外:
也可能是它没有在 /etc/hosts 中查找。查看 /etc/nsswitch.conf。您要查找如下行:
hosts: files dns
如果该行中没有“files”,则需要添加它。这样它就会在 /etc/hosts 中查找并尝试将名称解析为 IP 地址。
答案2
从客户端计算机上的 /etc/hosts 文件内的“127.0.0.1 client.local client”中删除客户端,如下所示:
127.0.0.1 localhost
127.0.0.1 client.local
192.168.1.101 client
192.168.1.102 server
从服务器上的 /etc/hosts 文件内的“127.0.0.1 server.local server”中删除“服务器”,如下所示:
127.0.0.1 localhost
127.0.0.1 server.local
192.168.1.101 client
192.168.1.102 server