这对我来说相当神秘。我通常使用无密码 RSA 身份验证通过 ssh 和 sftp 登录我的远程 *nix 服务器。到目前为止从未遇到过任何问题。
我无法连接到 Ubuntu 9.10 机器:
user@myclient$ ssh -i .ssh/Ganymede_key [email protected]
[...]
debug1: Host 'ganymede.server.com' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:14
debug2: bits set: 494/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: .ssh/Ganymede_key (0xb96a0ef8)
debug2: key: .ssh/Ganymede_key ((nil))
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: .ssh/Ganymede_key
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: .ssh/Ganymede_key
debug1: read PEM private key done: type RSA
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
然后它又回到密码验证。如果我在远程机器上禁用密码验证,我的连接尝试就会失败,并显示“权限被拒绝(公钥)”状态。
对于命令行中的 sftp 来说也是一样。
“有趣”的是,完全相同的 RSA 密钥在 Filezilla sftp 会话中却能完美运行:
12:08:00 Trace: Offered public key from "/home/user/.filezilla/keys/Ganymede_key"
12:08:00 Trace: Offer of public key accepted, trying to authenticate using it.
12:08:01 Trace: Access granted
12:08:01 Trace: Opened channel for session
12:08:01 Trace: Started a shell/command
12:08:01 Status: Connected to ganymede.server.com
12:08:02 Trace: CSftpControlSocket::ConnectParseResponse()
12:08:02 Trace: CSftpControlSocket::ResetOperation(0)
12:08:02 Trace: CControlSocket::ResetOperation(0)
12:08:02 Status: Retrieving directory listing...
12:08:02 Trace: CSftpControlSocket::SendNextCommand()
12:08:02 Trace: CSftpControlSocket::ChangeDirSend()
12:08:02 Command: pwd
12:08:02 Response: Current directory is: "/root"
12:08:02 Trace: CSftpControlSocket::ResetOperation(0)
12:08:02 Trace: CControlSocket::ResetOperation(0)
12:08:02 Trace: CSftpControlSocket::ParseSubcommandResult(0)
12:08:02 Trace: CSftpControlSocket::ListSubcommandResult()
12:08:02 Trace: CSftpControlSocket::ResetOperation(0)
12:08:02 Trace: CControlSocket::ResetOperation(0)
12:08:02 Status: Directory listing successful
有什么想法吗?
米
答案1
您的第一个跟踪看起来有些奇怪。正如 jneves 指出的那样,ssh 假定该文件包含您的公钥和私钥。文档说“身份”是私钥。
-i identity_file
Selects a file from which the identity (private key) for RSA or DSA authentication is
read.
如果你确实在一个文件中有两个密钥(不知道这是可能的),那么你可能应该将它们分开。无论如何,你似乎没有遵守文档。
答案2
删除主文件夹中的 .ssh 中的已知主机文件,它可能会起作用。