我在 CentOS 7 机器上遇到了一个奇怪的问题。
如果我从控制台登录,以两个不同的用户名,我就可以登录。
但是,当我尝试相同的用户名/密码组合时,我得到了Permission denied。
以下是相关内容/etc/ssh/sshd_config:
$ sudo grep -E 'PasswordAuthentication|ChallengeResponseAuthentication|GSSAPIAuthentication|GSSAPICleanupCredentials|UsePAM' /etc/ssh/sshd_config | grep -v '^#'
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes
$ ls -ld ~
drwx------. 17 qa qa 4096 Apr 12 09:37 /home/qa
$ ls -ld ~/.ssh/
drwx------ 2 qa qa 4096 Apr 12 09:37 /home/qa/.ssh/
这是一个完整的 ssh 登录尝试:
$ ssh -v [email protected]
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to install-tests.local [192.168.1.55] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/qa/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/qa/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/qa/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/qa/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/qa/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/qa/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/qa/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/qa/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version dropbear_2013.58
debug1: no match: dropbear_2013.58
debug1: Authenticating to install-tests.local:22 as 'qa'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group14-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: diffie-hellman-group14-sha1 need=20 dh_need=20
debug1: kex: diffie-hellman-group14-sha1 need=20 dh_need=20
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: ssh-rsa SHA256:UkWhDf0R5TVg7Ud3HRmp+azue0T0jc5GzTQwLoCTQQQ
debug1: Host 'install-tests.local' is known and matches the RSA host key.
debug1: Found key in /home/qa/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/qa/.ssh/id_rsa
debug1: Trying private key: /home/qa/.ssh/id_dsa
debug1: Trying private key: /home/qa/.ssh/id_ecdsa
debug1: Trying private key: /home/qa/.ssh/id_ed25519
debug1: Next authentication method: password
[email protected]'s password:
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
[email protected]'s password:
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
[email protected]'s password:
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
Permission denied (publickey,password).
有任何想法吗?
答案1
事实证明,问题与 ssh 无关,而是由于 DNS 混淆,导致机器的 FQDN 指向错误的 IP 地址。
显然,一旦修复了这个问题,ssh 就不会再有问题了。