我正在尝试 ssh 到远程实例,但一直出现Permission denied (publickey,password)错误。奇怪的是,我能够 ssh 到实例 01。我已粘贴详细日志,如果有人能告诉我可能发生了什么以及如何修复错误,那就太好了。提前致谢。
[user@ip-20-0-185-76 ~]$ ssh -v instance-02
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /home/user/.ssh/managed_hosts.config
debug1: /home/user/.ssh/managed_hosts.config line 7: Applying options for instance-02
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Executing proxy command: exec sh -c "aws ssm start-session --target mi-044f942125677608ef --document-name AWS-StartSSHSession --parameters 'portNumber=22'"
debug1: permanently_drop_suid: 1000
debug1: identity file /home/user/.ssh/fooci.id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/fooci.id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: ssh_exchange_identification:
debug1: ssh_exchange_identification: Starting session with SessionId: ConduitAccountService+Prod+Default+NA+Fleet+P-foo-0eb45c9b78f1eac7c
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 XXXXXX-10+deb10u2
debug1: match: OpenSSH_7.9p1 XXXXXXX-10+deb10u2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to instance-02:22 as 'foo'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: xxx-xxx-xxxx SHA256:sbIKHNlNOAxxxxxxx9MCS7PneubylAzBO3yOCfd5/o
debug1: Host 'instance-02' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:11
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/fooci.id_rsa
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
Permission denied (publickey,password).
身份文件许可(如相关)
[user@ip-20-0-185-76 ~]$ ls -la /home/user/.ssh/fooci.id_rsa
-rw------- 1 user user 1675 Aug 2 22:29 /home/user/.ssh/fooci.id_rsa
sshd_config 文件的内容
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Protocol 2
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
#
# Uncomment this if you want to use .local domain
# Host *.local
# CheckHostIP no
Host *
GSSAPIAuthentication yes
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
ForwardX11Trusted yes
# Send locale-related environment variables
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
SendEnv XMODIFIERS
authorized_keys 的位置和权限
[user@ip-20-0-185-76 ~]$ ls -la
drwxr-xr-x 5 user user 4096 Oct 14 09:56 .
drwxr-xr-x 4 root root 4096 Oct 13 17:41 ..
-rw-rw-r-- 1 user user 4428 Aug 2 22:28 authorized_keys