ssh 基于主机的访问被拒绝

ssh 基于主机的访问被拒绝

在禁用 Selinux 的 Centos 7 下,我无法通过基于主机的身份验证的 ssh 进行连接。

  1. 服务器端 :

在 /etc/ssh/sshd_config 文件中,输入:

HostbasedAuthentication yes
IgnoreUserKnownHosts yes
IgnoreRhosts yes

在 /etc/ssh/ssh_known_hosts 中:

myclient,myclient.fqdn ssh-rsa ******************
  1. 客户端
-rw-r----- 1 root ssh_keys 1675 Jul  3  2020 /etc/ssh/ssh_host_rsa_key
-rw-r--r-- 1 root root      381 Jul  3  2020 /etc/ssh/ssh_host_rsa_key.pub

/etc/ssh/ssh_host_rsa_key.pub:

ssh-rsa ******************

在 /etc/ssh/ssh_config 中:

UseRoaming no 
Host *
  ForwardAgent no
  ForwardX11 no
  CheckHostIP no
  StrictHostKeyChecking no
  NoHostAuthenticationForLocalhost yes
  PreferredAuthentications hostbased,publickey,keyboard-interactive,password
  HostbasedAuthentication yes
  EnableSSHKeysign yes
  SendEnv DISPLAY
  SendEnv USERLOGIN
  1. ssh 连接

来自客户:

[[email protected] ~]$ ssh -vvv server

它要求输入密码。我在客户端日志中看到:

debug2: userauth_hostbased: chost server.fqdn.
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 345666
debug3: ssh_keysign: [child] pid=331296, exec /usr/libexec/openssh/ssh-keysign
debug3: send packet: type 50
debug2: we sent a hostbased packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug3: userauth_hostbased: trying key type ssh-rsa
debug3: userauth_hostbased: trying key type ssh-dss
debug1: No more client hostkeys for hostbased authentication.
debug2: we did not send a packet, disable method

似乎我收到了SSH_MSG_USERAUTH_FAILURE来自[RFC 4250][1]。

欢迎任何想法。

答案1

已通过将包含客户端名称的 /etc/hosts.equiv 添加到服务器来解决该问题。

相关内容