我有两台运行 Debian GNU/Linux 9 的 debian 机器虚拟机。我已尝试使用以下过程,但仍然得到要求的密码?它失败了,并显示 - Postponed publickey for test from 10.21.12.74 port 45962 ssh2 [preauth]
他们有 OpenSSH_7.4p1 Debian-10+deb9u7、OpenSSL 1.0.2u 20 Dec 2019
我在一台客户端计算机上生成了默认的 SSH 密钥对 - 公共密钥对和私有密钥对。
$ssh-keygen
接下来,我做了——
ssh-copy-id [email protected]
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
sshd 服务器说 -
debug1: trying public key file /home/test/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /home/test/.ssh/authorized_keys, line 1 RSA SHA256:VvQDLGFJdfO9FUOqa1ODV6iLT4Te0Nm5Bz1OUA57LjY
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x564e7bdd0c70 is allowed
debug3: mm_request_send entering: type 23
debug3: send packet: type 60 [preauth]
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth]
Postponed publickey for test from 10.21.12.74 port 45962 ssh2 [preauth]
ssh 客户端说 -
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/test/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp SHA256:VvQDLGFJdfO9FUOqa1ODV6iLT4Te0Nm5Bz1OUA57LjY
debug3: sign_and_send_pubkey: RSA SHA256:VvQDLGFJdfO9FUOqa1ODV6iLT4Te0Nm5Bz1OUA57LjY
sign_and_send_pubkey: signing failed: agent refused operation
debug1: Trying private key: /home/test/.ssh/id_dsa
debug3: no such identity: /home/test/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/test/.ssh/id_ecdsa
debug3: no such identity: /home/test/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/test/.ssh/id_ed25519
debug3: no such identity: /home/test/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
[email protected]'s password:
它的工作原理是使用以下命令杀死客户端中的 ssh-agent
ssh-代理-k
接下来我需要重新启动机器。有什么好的办法吗?
答案1
确保在 /etc/ssh/sshd_config 中有此参数:
PubkeyAuthentication yes
如果您激活了 SELinux,也最好检查一下系统日志。
答案2
如果您/etc/X11/Xsession.options包含该行use-ssh-agent,则 GUI 会话将自动包含一个ssh-agent进程,即使您没有专门设置它。
默认情况下,SSH 客户端会更喜欢使用代理(如果可用),因此存在代理但没有为其配置密钥(使用ssh-add)和/或没有功能正常的ssh-askpassGUI 对话框工具可能会导致出现问题。如果是这种情况,并且您希望使用代理,请ssh-add在使用之前将密钥添加到代理中;如果您根本不想使用它,请use-ssh-agent从 Xsession.options 文件中删除该行并再次登录。
如果您只是想避免在单个脚本或终端会话中使用代理,您可以取消设置SSH_AUTH_SOCK环境变量。