我正在尝试连接两台服务器。我从服务器 A 的用户 john 那里获取了 id_dsa.pub 密钥,并将其粘贴到服务器 B 的用户 mike 的authorized_keys 中。
然后我尝试使用 mike 登录从服务器 A 连接到服务器 B,但它仍然要求输入密码。
在迈克的 .ssh/ 目录中,我只有authorized_keys文件,如下所示:
bash-3.00$ ls -l
total 16
-rw------- 1 mike users 2422 Oct 8 14:47 authorized_keys
bash-3.00$
服务器 B 的管理员保证只要有这个文件就足以让我们在 B 服务器上进行连接。
我错过了什么吗?
多谢你们!
编辑:这是日志:
johndbb3:/home/john/.ssh> ssh -vvv [email protected]
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to fpnld1.uk.db.com [10.240.1.215] port 22.
debug1: Connection established.
debug1: identity file /home/john/.ssh/identity type -1
debug3: Not a RSA1 key file /home/john/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: identity file /home/john/.ssh/id_rsa type 1
debug3: Not a RSA1 key file /home/john/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: identity file /home/john/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.3
debug1: no match: Sun_SSH_1.1.3
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: i-default
debug2: kex_parse_kexinit: i-default
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: i-default
debug2: kex_parse_kexinit: i-default
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: ar-EG,ar-SA,bg-BG,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-MT,en-NZ,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,he-IL,hr-HR,hu-HU,is-IS,it,it-IT,kk-KZ,lt-LT,lv-LV,mk-MK,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,tr-TR,ar,ca,cz,da,el,et,fi,he,hu,lt,lv,nl,no,no-NO,no-NY,nr,pt,sr-SP,sr-YU,tr,i-default,uk-UA
debug2: kex_parse_kexinit: ar-EG,ar-SA,bg-BG,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-MT,en-NZ,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,he-IL,hr-HR,hu-HU,is-IS,it,it-IT,kk-KZ,lt-LT,lv-LV,mk-MK,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,tr-TR,ar,ca,cz,da,el,et,fi,he,hu,lt,lv,nl,no,no-NO,no-NY,nr,pt,sr-SP,sr-YU,tr,i-default,uk-UA
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos: ar-EG,ar-SA,bg-BG,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-MT,en-NZ,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,he-IL,hr-HR,hu-HU,is-IS,it,it-IT,kk-KZ,lt-LT,lv-LV,mk-MK,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,tr-TR,ar,ca,cz,da,el,et,fi,he,hu,lt,lv,nl,no,no-NO,no-NY,nr,pt,sr-SP,sr-YU,tr,i-default,uk-UA
debug1: Peer sent proposed langtags, stoc: ar-EG,ar-SA,bg-BG,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-MT,en-NZ,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,he-IL,hr-HR,hu-HU,is-IS,it,it-IT,kk-KZ,lt-LT,lv-LV,mk-MK,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,tr-TR,ar,ca,cz,da,el,et,fi,he,hu,lt,lv,nl,no,no-NO,no-NY,nr,pt,sr-SP,sr-YU,tr,i-default,uk-UA
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: Negotiated lang: i-default
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: C
debug1: Remote: Negotiated messages locale: C
debug1: dh_gen_key: priv key bits set: 129/256
debug1: bits set: 1594/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/john/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 120
debug3: check_host_in_hostfile: filename /home/john/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 119
debug1: Host 'fpnld1.uk.db.com' is known and matches the RSA host key.
debug1: Found key in /home/john/.ssh/known_hosts:120
debug1: bits set: 1573/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug2: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/john/.ssh/identity
debug3: no such identity: /home/john/.ssh/identity
debug1: Trying public key: /home/john/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying public key: /home/john/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
johndbb3:/home/john/.ssh>
答案1
您可能刚刚错误地复制了密钥。尝试这个:
- 在服务器 B 上(如 Mike):
rm ~/.ssh/authorized_keys - 在服务器 A(如 john)上:
ssh-copy-id -i /path/to/id_dsa.pub mike@serverb
这ssh 复制 ID命令基本上连接到远程主机(使用密码身份验证),然后适当地编辑authorized_keys。我相信它是随 OpenSSH 一起分发的,如果您使用其他东西,它可能不可用。
答案2
您有权访问 ServerB 上的 SSH 日志吗?如果没有,管理员可以将相关行发送给您吗?
在 ServerB 上,确保您拥有 SSH 联机帮助页中所述的正确权限:
~/.ssh/
This directory is the default location for all user-specific con‐
figuration and authentication information. There is no general
requirement to keep the entire contents of this directory secret,
but the recommended permissions are read/write/execute for the
user, and not accessible by others.
~/.ssh/authorized_keys
Lists the public keys (RSA/DSA) that can be used for logging in
as this user. The format of this file is described in the
sshd(8) manual page. This file is not highly sensitive, but the
recommended permissions are read/write for the user, and not
accessible by others.
答案3
SSH 公钥至少有两种不同的格式,我称之为 OpenSSH 格式和 PuTTY 格式。由于我在您的日志中看到有关“-----BEGIN”的投诉,因此我怀疑您的服务器需要 OpenSSH 样式,但您已经给了它 PuTTY 样式的密钥。
OpenSSH 格式将整个密钥加上注释放在单个文本行上,看起来像(对于 DSA 密钥):
ssh-dss <ASCII-ENCODED-KEY-MATERIAL> my-comment-for-human-convenience
(将 RSA 密钥的“ssh-dss”替换为“ssh-rsa”。)
PuTTY 样式更详细,但包含相同的信息。看起来像:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "my-comment-for-human-convenience"
<ASCII-ENCODED-KEY-MATERIAL, split into...>
<...multiple lines of 64 characters each>
---- END SSH2 PUBLIC KEY ----
你可以使用 PuTTYgen 在两种格式之间进行转换(堆栈溢出问题)。或者,如果您很小心并且知道 PuTTY 样式密钥是 RSA 还是 DSA,则可以通过删除密钥材料中的换行符并添加“ssh-dss”或“ssh-rsa”来手动将一种密钥转换为另一种密钥。 “ 标签。
答案4
在客户端上,输入:
ssh-keygen -t rsa -b 4096
当提示输入密码时输入 ENTER。
转到 ~/.ssh 并将 id_rsa.pub 复制到服务器。 cat id_rsa.pub >> /home/用户名/.ssh/authorized_keys
另外,在服务器上编辑 /etc/ssh/sshd_config 文件以允许基于密钥的身份验证
并运行 /etc/init.d/sshd restart
然后在客户端计算机上输入: ssh usernameOfTheUserOnTheServerWhereYouCopiedTheKeyToAuthorizedKeys@192.168.1.x