普通用户的公钥 ssh 错误

普通用户的公钥 ssh 错误

我知道在反对这个问题之前这里已经讨论过 ssh 问题了,请阅读。:-)

我有两个新安装的几乎CentOS 6 下的同等服务器。它们用于DRBD/HA环境。据我所知,两者的所有设置都相同。大多数设置都是用同步

我可以以 root 身份登录,并且我的密钥可以被两台服务器接受;但我只能以普通用户身份登录其中一台服务器(master1)。

更多信息。

用户:用户的权限主目录和他的.ssh有 700 个文件,其中:authorized_keys、id_dsa、id_rsa 有 600 个。/家在两台机器上完全相同(rsynced)。

配置:GSSAPI、Kerberos 和 PAM 已停用。两台计算机上的 sshd_config 和 ssh_config 文件完全相同(已 rsynced)。/etc/hosts密码文件 /etc/passwd/etc/组/etc/shadow、网络设置(IP 和 MAC 除外)、正在运行的服务(除了以心跳没有运行master2)...

尝试以用户 xxxx 身份登录master1master2好像:

ssh -v master2
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to master2 [XXX.XXX.XX.2] port 22.
debug1: Connection established.
debug1: identity file /home/xxxx/.ssh/identity type -1
debug1: identity file /home/xxxx/.ssh/id_rsa type 1
debug1: identity file /home/xxxx/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'master2' is known and matches the RSA host key.
debug1: Found key in /home/xxxx/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xxxx/.ssh/identity
debug1: Offering public key: /home/xxxx/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/xxxx/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
xxxx@master2's password:

现在有趣的是:

我已经以调试/非分叉模式启动了 sshd(在 temp_sshd 中我已将端口更改为 12345):

cp /etc/ssh/sshd_config ~/temp_sshd_config
vi  ~/temp_sshd_config
/usr/sbin/sshd -f ~/temp_sshd_config -dd

然后以普通用户身份使用公钥登录:

ssh -v -p 12345 master2
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to master2 [XXX.XXX.XX.2] port 12345.
debug1: Connection established.
debug1: identity file /home/xxxx/.ssh/identity type -1
debug1: identity file /home/xxxx/.ssh/id_rsa type 1
debug1: identity file /home/xxxx/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: checking without port identifier
debug1: Host 'master2' is known and matches the RSA host key.
debug1: Found key in /home/xxxx/.ssh/known_hosts:2
debug1: found matching key w/out port
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xxxx/.ssh/identity
debug1: Offering public key: /home/xxxx/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Wed Feb 29 15:06:25 2012 from master1

因为我想设置密码验证否sshd,我需要运行公钥登录。

欢迎任何帮助。

答案1

请显示/检查 ssh服务器的对数(/var/log/secure)位于master2也是。因为服务器决定是否接受公钥,所以答案应该在那里。

我个人怀疑它与 SELinux 上下文有关(不是由没有 的 rsync 复制的-X)。

相关内容