在禁用 Selinux 的 Centos 7 下,我无法通过基于主机的身份验证的 ssh 进行连接。
- 服务器端 :
在 /etc/ssh/sshd_config 文件中,输入:
HostbasedAuthentication yes
IgnoreUserKnownHosts yes
IgnoreRhosts yes
在 /etc/ssh/ssh_known_hosts 中:
myclient,myclient.fqdn ssh-rsa ******************
- 客户端
-rw-r----- 1 root ssh_keys 1675 Jul 3 2020 /etc/ssh/ssh_host_rsa_key
-rw-r--r-- 1 root root 381 Jul 3 2020 /etc/ssh/ssh_host_rsa_key.pub
/etc/ssh/ssh_host_rsa_key.pub:
ssh-rsa ******************
在 /etc/ssh/ssh_config 中:
UseRoaming no
Host *
ForwardAgent no
ForwardX11 no
CheckHostIP no
StrictHostKeyChecking no
NoHostAuthenticationForLocalhost yes
PreferredAuthentications hostbased,publickey,keyboard-interactive,password
HostbasedAuthentication yes
EnableSSHKeysign yes
SendEnv DISPLAY
SendEnv USERLOGIN
- ssh 连接
来自客户:
[[email protected] ~]$ ssh -vvv server
它要求输入密码。我在客户端日志中看到:
debug2: userauth_hostbased: chost server.fqdn.
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 345666
debug3: ssh_keysign: [child] pid=331296, exec /usr/libexec/openssh/ssh-keysign
debug3: send packet: type 50
debug2: we sent a hostbased packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug3: userauth_hostbased: trying key type ssh-rsa
debug3: userauth_hostbased: trying key type ssh-dss
debug1: No more client hostkeys for hostbased authentication.
debug2: we did not send a packet, disable method
似乎我收到了SSH_MSG_USERAUTH_FAILURE来自[RFC 4250][1]。
欢迎任何想法。
答案1
已通过将包含客户端名称的 /etc/hosts.equiv 添加到服务器来解决该问题。