普通用户的公钥 ssh 错误

我知道在反对这个问题之前这里已经讨论过 ssh 问题了，请阅读。:-)

我有两个新安装的几乎CentOS 6 下的同等服务器。它们用于DRBD/HA环境。据我所知，两者的所有设置都相同。大多数设置都是用同步。

我可以以 root 身份登录，并且我的密钥可以被两台服务器接受；但我只能以普通用户身份登录其中一台服务器（master1）。

更多信息。

用户：用户的权限主目录和他的.ssh有 700 个文件，其中：authorized_keys、id_dsa、id_rsa 有 600 个。/家在两台机器上完全相同（rsynced）。

配置：GSSAPI、Kerberos 和 PAM 已停用。两台计算机上的 sshd_config 和 ssh_config 文件完全相同（已 rsynced）。/etc/hosts，密码文件 /etc/passwd，/etc/组，/etc/shadow、网络设置（IP 和 MAC 除外）、正在运行的服务（除了以心跳没有运行master2)...

尝试以用户 xxxx 身份登录master1到master2好像：

ssh -v master2
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to master2 [XXX.XXX.XX.2] port 22.
debug1: Connection established.
debug1: identity file /home/xxxx/.ssh/identity type -1
debug1: identity file /home/xxxx/.ssh/id_rsa type 1
debug1: identity file /home/xxxx/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'master2' is known and matches the RSA host key.
debug1: Found key in /home/xxxx/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xxxx/.ssh/identity
debug1: Offering public key: /home/xxxx/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/xxxx/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
xxxx@master2's password:

现在有趣的是：

我已经以调试/非分叉模式启动了 sshd（在 temp_sshd 中我已将端口更改为 12345）：

cp /etc/ssh/sshd_config ~/temp_sshd_config
vi  ~/temp_sshd_config
/usr/sbin/sshd -f ~/temp_sshd_config -dd

然后以普通用户身份使用公钥登录：

ssh -v -p 12345 master2
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to master2 [XXX.XXX.XX.2] port 12345.
debug1: Connection established.
debug1: identity file /home/xxxx/.ssh/identity type -1
debug1: identity file /home/xxxx/.ssh/id_rsa type 1
debug1: identity file /home/xxxx/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: checking without port identifier
debug1: Host 'master2' is known and matches the RSA host key.
debug1: Found key in /home/xxxx/.ssh/known_hosts:2
debug1: found matching key w/out port
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xxxx/.ssh/identity
debug1: Offering public key: /home/xxxx/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Wed Feb 29 15:06:25 2012 from master1

因为我想设置密码验证否在sshd，我需要运行公钥登录。

欢迎任何帮助。