当我尝试从主服务器 ssh 到从服务器时,我创建了 2 个 Ubuntu Linux EC2 实例(主服务器和从服务器),但收到错误“权限被拒绝(公钥)”。
服务器详细信息
ubuntu@ip-172-31-41-115:~$ cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.3 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
我的日志
ubuntu@ip-172-31-41-115:~$ ssh -v [email protected]
OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 172.31.39.155 [172.31.39.155] port 22.
debug1: Connection established.
debug1: identity file /home/ubuntu/.ssh/id_rsa type -1
debug1: identity file /home/ubuntu/.ssh/id_rsa-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_ecdsa type -1
debug1: identity file /home/ubuntu/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/ubuntu/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_ed25519 type -1
debug1: identity file /home/ubuntu/.ssh/id_ed25519-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_ed25519_sk type -1
debug1: identity file /home/ubuntu/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_xmss type -1
debug1: identity file /home/ubuntu/.ssh/id_xmss-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_dsa type -1
debug1: identity file /home/ubuntu/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.6 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 172.31.39.155:22 as 'ubuntu'
debug1: load_hostkeys: fopen /home/ubuntu/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:VXmUTrEoG6aXhqqnRZpg8RX4i7b8L5r0iAbyKtCmJwU
debug1: load_hostkeys: fopen /home/ubuntu/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '172.31.39.155' is known and matches the ED25519 host key.
debug1: Found key in /home/ubuntu/.ssh/known_hosts:1
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/ubuntu/.ssh/id_rsa
debug1: Will attempt key: /home/ubuntu/.ssh/id_ecdsa
debug1: Will attempt key: /home/ubuntu/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/ubuntu/.ssh/id_ed25519
debug1: Will attempt key: /home/ubuntu/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/ubuntu/.ssh/id_xmss
debug1: Will attempt key: /home/ubuntu/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]>
debug1: kex_input_ext_info: [email protected]=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ubuntu/.ssh/id_rsa
debug1: Trying private key: /home/ubuntu/.ssh/id_ecdsa
debug1: Trying private key: /home/ubuntu/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/ubuntu/.ssh/id_ed25519
debug1: Trying private key: /home/ubuntu/.ssh/id_ed25519_sk
debug1: Trying private key: /home/ubuntu/.ssh/id_xmss
debug1: Trying private key: /home/ubuntu/.ssh/id_dsa
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
我使用以下设置对 /etc/ssh/sshd_config (在 master 和 Slave 上)文件进行了更改。
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
GSSAPIAuthentication no
GSSAPICleanupCredentials no
如果这可能是问题所在,我还允许打开安全组上的所有端口。但我仍然遇到同样的问题
答案1
在简单的设置和简单的公共 IP 中,我强烈建议不要打开所有端口、使用密码身份验证并允许 root 登录。只是为了两个VMS进行交互。
我不太了解您如何创建这些虚拟机,但我建议如果可能的话再尝试一次。从一开始,配置的变化量就最少。
我对AWS不太了解,但是你应该已经从slave设置或下载了私钥,如果你丢失了它,你可以参考这个:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html#replacing-lost-key-pair
将其发送到您的主服务器并首先减少对其的访问:
chmod 400 .ssh/your_private_key.pem
确保您可以事先对服务器执行 ping 操作,以确保万无一失。
或者返回您的 AWS 配置进行确认。
如果一切看起来都很好并且服务器正在运行。尝试简单的命令:
ssh -i .ssh/your_private_key.pem your_user@your_ip
显然,用实际名称更改您的用户。检查两次您的用户名只是为了确定。
如果这不起作用,并且您仍然可以通过 AWS 访问服务器,您可以尝试检查以下内容:
- 用户的真实姓名
- 使用以下命令检查 SSH 配置
sshd -t
- 检查配置更新后是否重新加载了 ssh 守护进程
sudo systemctl sshd reload
以及它是否已启动 - 检查您的实例中是否开启了防火墙
这就是基本的概要。我仍然认为你应该返回并重做一遍,作为安全考虑,也是未来 ssh'ing 的学习步骤。对我来说,仅仅启动一个虚拟机就会让我的 /var/log/auth.log 变得一团糟,所以我无法想象它会对你产生什么影响。
如果您想使用此功能,我们必须获得有关您的整个设置的更多信息。请避免任何具体细节,例如所使用的 IP 或主机。
答案2
感谢大家的支持,最终通过以下步骤解决了问题:
生成 SSH 密钥对(如果尚未完成)- 在主服务器上
$ ssh-keygen -t rsa -b 4096
将私钥添加到 SSH 代理(如果尚未完成): - 在主服务器上
$ eval "$(ssh-agent -s)" $ ssh-add ~/.ssh/id_rsa
打印公钥内容 - 在主服务器上
$ cat ~/.ssh/id_rsa.pub
复制 cat 命令的输出,它代表您的公钥。
登录Slave服务器
使用文本编辑器打开authorized_keys文件并粘贴从主服务器复制的公钥
$ nano ~/.ssh/authorized_keys
在从服务器上的〜/.ssh目录和authorized_keys文件上设置适当的权限
$ chmod 700 ~/.ssh $ chmod 600 ~/.ssh/authorized_keys