我有两个名为 Interface(10.1.1.87) 和 Client-Interface(10.1.1.91) 的系统。我想在启动时自动从客户端界面挂载 sshfs 共享。
我正在使用命令:
sshfs [email protected]:/opt/lampp/ /media/CIDrive/ -o allow_other
但它要求我输入密码。我尝试了以下方法来使其无密码:
以 root 身份登录界面:
# ssh-keygen -t rsa # chmod 700 ~/.ssh # cat ~/.ssh/id_rsa.pub | ssh [email protected] 'cat > .ssh/authorized_keys'在客户端界面上,我添加到
sshd_config文件中:RSAAuthentication yes PubkeyAuthentication yes StrictModes no
并重新启动 SSH 守护进程。尽管如此,它仍然要求输入密码:
root@JMGDDS-Interface:~# ssh -v [email protected]
OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.1.1.91 [10.1.1.91] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-3ubuntu1
debug1: match: OpenSSH_5.1p1 Debian-3ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-3ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.1.1.91' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
[email protected]'s password:
该文件夹的权限.ssh为700;.pub是authorized_keys600。可能的原因是什么?我该如何修复它?
答案1
我最近没有检查过,但如果 .ssh 路径中的任何目录是全局可写的,SSH 将拒绝使用其中的授权密钥。这些权限可能允许其他用户伪造您的 .ssh 目录。
如果主目录可供其他任何人写入,则除非关闭 StrictModes,否则不会使用该主目录。
答案2
检查本地计算机中是否有模式为 600 的文件~/.ssh/id_dsa,并且本地的内容~/.ssh/id_dsa.pub也在远程~/.ssh/authorized_keys文件中。
我这么说是id_dsa因为根据您的日志,这是您的私钥之一(您也有一个identity私钥)。也许您可以指定要在您的~/.ssh/configunder中使用哪个 PrivateKey Host your.server.here。~/.ssh/id_rsa或者,您也可以检查~/.ssh/id_rsa是否有 rsa 密钥对。
使用ssh_copy_id -i ~/.ssh/id_dsa.pub user@host(如果可用)是设置密钥对的另一种方法,它还可以处理权限等。
答案3
.ssh/检查主机 10.1.1.91 上的目录和文件的权限.ssh/authorized_keys 也许该主机上的 sshd 不喜欢该端的权限。
答案4
在调试模式下运行服务器。
在服务器上,以 root 身份:
# /etc/init.d/ssh stop
# /usr/sbin/sshd -ddd
现在连接客户端,并读取服务器的调试输出。这应该会告诉你为什么你无法进入。纠正任何问题那是。
如果你碰巧运行的是 RedHat(或者可能是 Fedora),我遇到了pam_fprintd 未安装的问题。