I'm trying to ssh from my backup server (CentOS 7) to my production server (CentOS 8), to pull a database backup.
I can't work out what I'm doing wrong. I'm using root on both servers. I've taken the contents of ~/.ssh/id_rsa.pub
on BACKUP and put it in ~/.ssh/authorized_keys
(owner: root
, perms: 644
) of PROD.
When I issue this command...
rsync -av -e 'ssh -p 222' root@PROD_IP:/var/www/sites/DB_backup_* /home/DB/
...I get this error:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
sshd_config on PROD:
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv XMODIFIERS
AllowUsers mynamehere
AuthorizedKeysFile .ssh/authorized_keys
ChallengeResponseAuthentication no
ClientAliveCountMax 5
ClientAliveInterval 60
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
PasswordAuthentication no
PermitRootLogin without-password
Port 222
PrintMotd no
Subsystem sftp /usr/libexec/openssh/sftp-server
SyslogFacility AUTHPRIV
UseDNS no
UsePAM yes
X11Forwarding yes
(excuse the unusual order - used a quick :sort
in vim to get rid of all the comments for the purpose of this post)
What am I doing wrong?
答案1
AllowUsers
not including root
. was the problem.
Changing
AllowUsers myname
to
AllowUsers myname root
fixed it.
I didn't realise that root
needed to be listed in there when the PermitRootLogin
declaration strongly implies that root
is already allowed!
答案2
Check permissions:
-rw------- 1 user user 822 feb 28 2019 authorized_keys
-rw------- 1 user user 81 dic 14 2018 config
-rw------- 1 user user 1675 dic 14 2018 id_rsa
-rw-r--r-- 1 user user 406 dic 14 2018 id_rsa.pub
-rw-r--r-- 1 user user 222 apr 24 2019 known_hosts
they must be like that