生成 SSH 密钥,仍要求输入密码

生成 SSH 密钥,仍要求输入密码

我尝试在 Windows R2012 服务器上使用 OpenSSH 来连接 Linux 服务器而无需密码,到目前为止我所做的:运行ssh-keygen -t rsa;复制id_rsa.pub到linux服务器。然后我运行ssh username@hostname但它仍然询问我密码。这是调试消息:

ssh  tsdev@hostname -v
OpenSSH_for_Windows_8.0p1, LibreSSL 2.6.5
debug1: Connecting to hostname  [hostname ] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\UserName/.ssh/id_rsa type 0
debug1: identity file C:\\Users\\UserName/.ssh/id_rsa-cert type -1
debug1: identity file C:\\Users\\UserName/.ssh/id_dsa type -1
debug1: identity file C:\\Users\\UserName/.ssh/id_dsa-cert type -1
debug1: identity file C:\\Users\\UserName/.ssh/id_ecdsa type -1
debug1: identity file C:\\Users\\UserName/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\\Users\\UserName/.ssh/id_ed25519 type -1
debug1: identity file C:\\Users\\UserName/.ssh/id_ed25519-cert type -1
debug1: identity file C:\\Users\\UserName/.ssh/id_xmss type -1
debug1: identity file C:\\Users\\UserName/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000002
debug1: Authenticating to hostname :22 as 'tsdev'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compress
ion: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compress
ion: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<3072<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:iPIV2C3o7iAWctj17etTxHdcbPLJjLvWR5pbhQyJ
VsU
debug1: Host 'hostname ' is known and matches the RSA host key.
debug1: Found key in C:\\Users\\UserName/.ssh/known_hosts:2
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: C:\\Users\\UserName\\.ssh\\id_rsa RSA SHA256:+6FE/fz08
CxtJQkbSzk4pm2xcJc/bsa2txF7ng2u3RQ agent
debug1: Will attempt key: C:\\Users\\UserName/.ssh/id_rsa RSA SHA256:cxtm55sHmeJ
H2dPeTBY3VSnV9BuL58xMT94nTpn5PtE
debug1: Will attempt key: C:\\Users\\UserName/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\UserName/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\UserName/.ssh/id_ed25519
debug1: Will attempt key: C:\\Users\\UserName/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mi
c,password
debug1: Next authentication method: publickey
debug1: Offering public key: C:\\Users\\UserName\\.ssh\\id_rsa RSA SHA256:+6FE/f
z08CxtJQkbSzk4pm2xcJc/bsa2txF7ng2u3RQ agent
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mi
c,password
debug1: Offering public key: C:\\Users\\UserName/.ssh/id_rsa RSA SHA256:cxtm55sH
meJH2dPeTBY3VSnV9BuL58xMT94nTpn5PtE
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mi
c,password
debug1: Trying private key: C:\\Users\\UserName/.ssh/id_dsa
debug1: Trying private key: C:\\Users\\UserName/.ssh/id_ecdsa
debug1: Trying private key: C:\\Users\\UserName/.ssh/id_ed25519
debug1: Trying private key: C:\\Users\\UserName/.ssh/id_xmss
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such file or directory

有人可以提出任何建议吗?谢谢!

答案1

看起来您的客户端(在 Windows Box 上)确实正在尝试按应有的方式使用私钥,而服务器根本不接受它。所以问题很可能出在(Linux)服务器端。

从你的问题中不清楚你到底做了什么“将 id_rsa.pub 复制到服务器上”。但既然你没有明确说明,我相信你可能没有做正确的事情

假设服务器使用默认配置的 OpenSSH,您需要将公钥放在名为~/.ssh/authorized_keyswhere ~is your home directory 的文件中。如果您只想要一个公钥,那么您可以重命名该文件,否则您可以将内容复制id_rsa.pub到您的authorized_keys文件中:

cat id_rsa.pub >> ~/.ssh/authorized_keys

您可能还需要检查该文件的安全性。它不能具有“组”和其他的读取权限。您可以通过以下方式设置权限:

# Either set numbered permissions: read write for user, nothing for group other
chmod 600 ~/.ssh/authorized_keys

# or remove Read Write eXecute permissions from Group and Other
chmod go-rwx ~/.ssh/authorized_keys

相关内容