ssh 密钥文件和 rsync 不起作用

tag-icon tag-icon ssh rsync
ssh 密钥文件和 rsync 不起作用

如果为我的用户创建一个密钥文件,以便通过 cronjob 和 rsync 同步两个 Linux 服务器,但现在我遇到了一个问题。

我正在使用密钥文件,但连接时没有出现错误,但它仍然提示我输入密码。

我的命令是:rsync -aun -e "ssh -i /kunden/343193_51373/.ssh/authorized_keys/id_rsa.pub" user@host:/kunden/343194_51373/webseiten /kunden/343193_51373/webseiten

我希望您了解问题所在并且找到了解决方案,而不需要 root 权限:)

问候,弗雷德里克

编辑:SHH -v 日志:

ssh -v -i /kunden/343193_51373/.ssh/identity -l  user host

OpenSSH_5.8p1-hpn13v10, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to xxxxxxxx [xxxxxxxx] port 22.
debug1: Connection established.
debug1: identity file /kunden/343193_51373/.ssh/identity type 0
debug1: identity file /kunden/343193_51373/.ssh/identity-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1-hpn13v10
debug1: match: OpenSSH_5.8p1-hpn13v10 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1-hpn13v10
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 22:72:XXXXXXXXXXXXX:84:5f:d4:5b:11:0d
debug1: Host 'xxxxxxxxxx' is known and matches the RSA host key.
debug1: Found key in /kunden/343193_51373/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Next authentication method: keyboard-interactive

答案1

ssh -i /path/to/private/key是正确的语法。您正在使用自己的公钥……这不起作用!

除此之外。你确定你的设置正确吗...我不知道 authorized_keys 可以是文件夹!请参阅http://sshkeychain.sourceforge.net/mirrors/SSH-with-Keys-HOWTO/SSH-with-Keys-HOWTO-4.html完整教程。或者如果你更喜欢德语教程http://www.huschi.net/14_141_de-howto-secure-shell-ssh-public-key-authentication.html

还要检查您的密钥权限。私钥应该具有600。这同样适用于authorized_keys文件。

要调试,您应该从普通的 ssh 开始...您可能需要向 ssh 命令添加一个用户。

编辑:

您是如何创建 ssh 密钥的?使用文本编辑器打开它们并验证它们是否正确。私钥应以以下内容开头:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,C9C5C0756A407FEA7D4747283FDFA526

公钥如下所示:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1EELjEjoKrVSQo30z+QvFffKpCKEZ6LbiwE3kHJs15QH1dG3Axs5IxbBKa/eOf9QTMEhLg6cAp/bBXd+/PBMk9JLWyCkhiDowcQBVL29HA4DEgmzpAShIkoEzUk+cFAL2Iqn7U9YfZMfQaaPaqPzaDml8xeH/xNFEovkinof39Ulpr5g5ihdyoTXPBs48Y9oH2/G+GAc3pc5jaEgP52CjMVfoSUNviBd13Ol8tqauCHFSD0z4m7Gmwh20JtiOzMlD/Jv9+7OILQrIA5oBEmh0Vk++hhdhebTvAI/NMG/N2o0DPrGdsUkg3igMYlO7/noAw56Nd+BBWzpOiaeosNhd jonathan@hostname

验证服务器上的 authorized_keys 是否包含公钥线。

答案2

如何更改我的私钥密码?

并且不要指定新密码。SSH 将会在不提示您的情况下进行连接。

实际上,超级用户权限与需要解密 SSH 私钥无关。即使您以 root 身份运行脚本,如果您已对私钥进行密码保护,您仍需要解密私钥。

相关内容