我正在尝试从我的 Mac 设置无密码登录到运行 CentOS 的远程服务器,并使用“user1”的公钥认证。
我曾经$ ssh-keygen -t rsa
在我的 Mac 上设置一个公钥,然后将 mykey.pub 文件复制到 CentOS user1 的 .ssh 目录中,然后执行
cat mykey.pub >> authorized_keys
在 .ssh 目录中。
我还将.ssh 目录的权限设置为 700,将authorized_keys 设置为 600。
当我这样做时:
ssh [email protected]
它仍然提示我输入密码。发生了什么事?
这是远程计算机上我的 sshd_config 文件的副本:
Protocol 2
SyslogFacility AUTHPRIV
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
X11Forwarding yes
Subsystem sftp /usr/libexec/openssh/sftp-server
更多信息:
这是我的 ssh -v 输出。我认为系统默认使用 id_rsa.pub 而不是我命名的 mykey.pub 和 mykey(私钥文件)。
OpenSSH_5.2p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to myremoteserver.com [1.1.1.1 (fake IP)] port 22.
debug1: Connection established.
debug1: identity file /Users/LocalUser/.ssh/identity type -1
debug1: identity file /Users/LocalUser/.ssh/id_rsa type -1
debug1: identity file /Users/LocalUser/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'myremoteserver.com' is known and matches the RSA host key.
debug1: Found key in /Users/LocalUser/.ssh/known_hosts:11
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/LocalUser/.ssh/identity
debug1: Trying private key: /Users/LocalUser/.ssh/id_rsa
debug1: Trying private key: /Users/LocalUser/.ssh/id_dsa
debug1: Next authentication method: password
如何告诉系统使用 mykey 而不是 id_rsa?
答案1
看起来你的真正问题就在最后:
如何告诉系统使用 mykey 而不是 id_rsa?
带着-i
旗帜。
傅立叶变换红外光谱 (FTFM):
-i identity_file
Selects a file from which the identity (private key) for RSA or
DSA authentication is read. The default is ~/.ssh/identity for
protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for pro-
tocol version 2. Identity files may also be specified on a per-
host basis in the configuration file. It is possible to have
multiple -i options (and multiple identities specified in config-
uration files).
那么:
ssh -i mykey [email protected]
答案2
当你创建公钥时,你也会创建一个私钥,称为 id_rsa
id_rsa 文件应位于连接用户的 .ssh 文件夹中,并且权限设置如您对服务器的描述。
如果存在,则尝试
ssh -vvv <server>
这将为您提供更详细的日志记录,并提供更多关于其为何不起作用的线索。