我有两个 Debian(11 和 12)系统。我正在尝试按照此视频验证从服务器 A 到服务器 B 的 ssh 访问通过密钥https://www.youtube.com/watch?v=vINn1MIrf7o。我尝试使用密钥,但是它仍然要求输入密码
服务器A:密钥生成和权限验证
$ ssh-keygen -a ed25519 -f ~/.ssh/id_ed25519 -C "email@address"
$ ssh-copy-id USERNAME-B@SERVER-B
$ cat /home/USERNAME-A/.ssh/id_ed25519.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnsoixDlpGFTrBRfoV+flboh7rIFvAphI6xRe4G+3HO email@address
$ ls -l /home/USERNAME-A/.ssh
total 16
-rw------- 1 USERNAME-A USERNAME-A 111 Sep 25 16:51 authorized_keys
-rwx------ 1 USERNAME-A USERNAME-A 411 Sep 25 00:48 id_ed25519
-rwx------ 1 USERNAME-A USERNAME-A 97 Sep 25 00:48 id_ed25519.pub
-rwx------ 1 USERNAME-A USERNAME-A 444 Sep 25 16:05 known_hosts
服务器B:密钥和权限验证
$ cat /home/USERNAME-B/.ssh/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnsoixDlpGFTrBRfoV+flboh7rIFvAphI6xRe4G+3HO email@address
$ ls -l /home/USERNAME-B/.ssh/
total 12
-rw------- 1 USERNAME-B USERNAME-B 214 Sep 25 16:52 authorized_keys
-rwx------ 1 USERNAME-B USERNAME-B 97 Sep 25 15:16 id_ed25519.pub
-rwx------ 1 USERNAME-B USERNAME-B 142 Sep 25 00:38 known_hosts.old
服务器 A:通过 SSH 连接到服务器 B
$ ssh -v USERNAME-B@SERVER-B
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.0.98 [192.168.0.98] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2
debug1: match: OpenSSH_9.2p1 Debian-2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.0.98:22 as 'internalrouter01'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:jsyFKXsTm5jC6GpM49Z9NdZTqaynwadcD80118n8/ck
debug1: Host '192.168.0.98' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:5
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:3fj8TFQ7RMRBsWyjPvTUYQWGvhMcmEGxM/9Bh5hCIdE
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-dss,ssh-rsa,rsa-sha2-256,rsa-sha2-512>
debug1: kex_input_ext_info: [email protected] (unrecognised)
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:3fj8TFQ7RMRBsWyjPvTUYQWGvhMcmEGxM/9Bh5hCIdE
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
我不知道我需要做什么才能使这个配置工作。如果您有任何提示,请告诉我。我尝试研究,推测权限问题,但我认为情况并非如此,并且没有什么特别对我来说,但话又说回来,我对调试 ssh 总体来说还是个新手
编辑1:(不再将服务器重命名为 USERNAME-B 等)
回复 罗艾玛
$ ls -ld / /home /home/USERNAME-B/ /home/USERNAME-B/.ssh
drwxr-xr-x 18 root root 4096 Sep 22 15:42 /
drwxr-xr-x 4 root root 4096 Sep 22 23:03 /home
drwx------ 4 USERNAME-B USERNAME-B 4096 Sep 24 21:54 /home/USERNAME-B/
drwx------ 2 USERNAME-B USERNAME-B 4096 Sep 25 16:32 /home/USERNAME-B/.ssh
回复 Gilles Quénot
按要求更新了权限,没有效果
root@home-ok-ir01p:/home/internalrouter01# chmod 700 /home/internalrouter01/.ssh/
root@home-ok-ir01p:/home/internalrouter01# chmod 600 /home/internalrouter01/.ssh/*
root@home-ok-ir01p:/home/internalrouter01# ls -ld / /home /home/internalrouter01/ /home/internalrouter01/.ssh
drwxr-xr-x 18 root root 4096 Sep 22 15:42 /
drwxr-xr-x 4 root root 4096 Sep 22 23:03 /home
drwx------ 4 internalrouter01 internalrouter01 4096 Sep 24 21:54 /home/internalrouter01/
drwx------ 2 internalrouter01 internalrouter01 4096 Sep 25 16:32 /home/internalrouter01/.ssh
我的 ssh 配置
root@HomeNAS:/home/homenas# cat /etc/ssh/sshd_config
Include /etc/ssh/sshd_config.d/*.conf
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
sshd以下是来自 的最新条目/var/log/auth.log:
root@home-ok-ir01p:/home/internalrouter01# tail -40 /var/log/auth.log | grep ssh
2023-09-25T17:31:38.020752-05:00 home-ok-ir01p sshd[8418]: pam_unix(sshd:session): session closed for user root
2023-09-25T18:05:45.894039-05:00 home-ok-ir01p sshd[11468]: fatal: Timeout before authentication for 192.168.0.109 port 49624
2023-09-25T19:13:37.747404-05:00 home-ok-ir01p sshd[12124]: Connection closed by authenticating user internalrouter01 192.168.0.109 port 36860 [preauth]
2023-09-25T19:26:50.115306-05:00 home-ok-ir01p sshd[12253]: Connection closed by authenticating user internalrouter01 192.168.0.109 port 33018 [preauth]
这是我的服务器/etc/ssh/sshd_config:
Include /etc/ssh/sshd_config.d/*.conf
ListenAddress 0.0.0.0
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
chmod权限
客户退货
root@home-ok-ir01p:/home/internalrouter01# env | grep '^SSH'
SSH_CONNECTION=10.7.0.2 35516 192.168.0.98 22
SSH_CLIENT=10.7.0.2 35516 22
SSH_TTY=/dev/pts/1
目前没有任何更改,除了更改为不再允许密码 ( )ssh -v [email protected]PasswordAuthentication no