我发出ssh username@db2workgoup -n "echo `cat ~/.ssh/id_dsa.pub` >> ~/.ssh/authorized_keys"并检查密钥是否存储在authorized_keys文件中。但 ssh 仍然要求输入密码。我在我们公司的其他服务器上使用了同样的方法,没有任何问题。
有人可以帮助我在没有密码提示的情况下进行 ssh 吗?
- 来自 OSX 的 ssh
- ssh 到 openSUSE 11.2 (x86_64)
- 权限适用于 home 目录、.ssh 目录和authorized_keys 文件 700 或更少
/var/log/messages有ec 9 11:09:53 db2workgroup automount[3506]: update_negative_cache: key ".user.ini" not found in map.我尝试登录时的条目。
输出来自ssh -vvv
radek:~ radek$ ssh -vvv root@db2workgroup
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to db2workgroup [10.0.0.22] port 22.
debug1: Connection established.
debug1: identity file /Users/radek/.ssh/identity type -1
debug1: identity file /Users/radek/.ssh/id_rsa type -1
debug3: Not a RSA1 key file /Users/radek/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /Users/radek/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 133/256
debug2: bits set: 518/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /Users/radek/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 12
debug3: check_host_in_hostfile: filename /Users/radek/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 12
debug1: Host 'db2workgroup' is known and matches the RSA host key.
debug1: Found key in /Users/radek/.ssh/known_hosts:12
debug2: bits set: 509/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/radek/.ssh/identity (0x0)
debug2: key: /Users/radek/.ssh/id_rsa (0x0)
debug2: key: /Users/radek/.ssh/id_dsa (0x100123c50)
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/radek/.ssh/identity
debug3: no such identity: /Users/radek/.ssh/identity
debug1: Trying private key: /Users/radek/.ssh/id_rsa
debug3: no such identity: /Users/radek/.ssh/id_rsa
debug1: Offering public key: /Users/radek/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
答案1
过去,我遇到过一些描述如何实现 ssh 无密码设置的教程,但有些教程是错误的。
让我们重新开始并检查每一步:
- 来自客户- 生成密钥:
ssh-keygen -t rsa
- 公钥和私钥(
id_rsa.pub和id_rsa)将自动存储在该~/.ssh/目录中。 - 如果您使用空密码,设置会更容易。如果您不愿意这样做,那么仍然遵循本指南,但还要检查下面的要点。
- 来自客户- 将公钥复制到服务器:
ssh-copy-id user@server
- 客户端公钥将被复制到服务器位置
~/.ssh/authorized_keys。
- 来自客户- 连接到服务器:
ssh user@server
现在,如果在执行上述 3 个步骤后仍然无法正常工作,请尝试以下操作:
- 检查
~/.ssh文件夹权限客户和服务器机器。 - 签
/etc/ssh/sshd_config入服务器确保RSAAuthentication、PubkeyAuthentication和UsePAM选项不会被禁用,因为默认情况下它们是通过yes. - 如果您在生成客户端密钥时输入了密码,那么您可以尝试
ssh-agent在ssh-add会话中实现无密码连接。 /var/log/auth.log检查上的内容服务器找出根本跳过密钥身份验证的问题。
答案2
我找到了基于的解决方案杰森乌赖恩的评论在我的问题下。
#AuthorizedKeysFile /usr/NX/home/nx/.ssh/authorized_keys2sshd 配置文件中有/etc/ssh/sshd_config。更改标准条目AuthorizedKeysFile .ssh/authorized_keys解决了这个问题。
答案3
我花了很长时间/etc/ssh/sshd_config。最后,是关于以下文件权限的问题:
- 不仅
~/.ssh/authorized_keys而且。 ~/.ssh目录 (700)~目录 (700)
ls -la ~/.ssh
total 20
drwx------. 2 user user 76 Aug 10 11:23 .
drwx------. 8 user user 4096 Nov 22 2020 ..
-rw-------. 1 user user 1648 Aug 9 09:57 authorized_keys
-rw-------. 1 user user 1675 Aug 10 11:22 id_rsa
-rw-r--r--. 1 user user 419 Aug 10 11:22 id_rsa.pub
-rw-r--r--. 1 user user 1909 Aug 10 11:23 known_hosts
答案4
如果您已经完成了生成密钥、在服务器上放置副本等所有步骤,则可以尝试ssh-add在本地运行。
您还可以检查密钥文件的权限。然而这个问题会引发另一种错误。