基于密钥的 SSH 权限被拒绝(公钥)Ubuntu 12-04

tag-icon tag-icon ssh file-permissions ssh-keys user-permissions public-key
基于密钥的 SSH 权限被拒绝(公钥)Ubuntu 12-04

我已将 sshd 配置为接受基于密钥的 ssh 登录,LogLevel 为 DEBUG,并将我的公钥上传到 ~/.ssh.authorized_keys,其中权限设置为:

700 ~/.ssh 600 ~/.ssh/authorized_keys

从 root 开始,我可以 su - USERNAME。从客户端,我得到 Permission denied (publicly)。从服务器,它告诉我“无法打开授权密钥‘/home/USERNAME/.ssh/authorized_keys’:Permission denied”。

    Client protocol version 2.0; client software version OpenSSH_5.2
    match: OpenSSH_5.2 pat OpenSSH*
    Enabling compatibility mode for protocol 2.0
    Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
    permanently_set_uid: 105/65534 [preauth]
    list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
    SSH2_MSG_KEXINIT sent [preauth]
    SSH2_MSG_KEXINIT received [preauth]
    kex: client->server aes128-ctr hmac-md5 none [preauth]
    kex: server->client aes128-ctr hmac-md5 none [preauth]
    SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
    SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
    expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
    SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth]
    SSH2_MSG_NEWKEYS sent [preauth]
    expecting SSH2_MSG_NEWKEYS [preauth]
    SSH2_MSG_NEWKEYS received [preauth]
    KEX done [preauth]
    userauth-request for user USERNAME service ssh-connection method none [preauth]
    attempt 0 failures 0 [preauth]
    PAM: initializing for "USERNAME"
    PAM: setting PAM_RHOST to "USERHOSTNAME"
    PAM: setting PAM_TTY to "ssh"
    userauth_send_banner: sent [preauth]
    userauth-request for user USERNAME service ssh-connection method publickey [preauth]
    attempt 1 failures 0 [preauth]
    test whether pkalg/pkblob are acceptable [preauth]
    Checking blacklist file /usr/share/ssh/blacklist.RSA-4096
    Checking blacklist file /etc/ssh/blacklist.RSA-4096
    temporarily_use_uid: 1001/1002 (e=0/0)
    trying public key file /home/USERNAME/.ssh/authorized_keys
    Could not open authorized keys '/home/USERNAME/.ssh/authorized_keys': Permission denied
    restore_uid: 0/0
    temporarily_use_uid: 1001/1002 (e=0/0)
    trying public key file /home/USERNAME/.ssh/authorized_keys2
    Could not open authorized keys '/home/USERNAME/.ssh/authorized_keys2': Permission denied
    restore_uid: 0/0
    Failed publickey for USERNAME from IPADDRESS port 57523 ssh2
    Connection closed by IPADDRESS [preauth]
    do_cleanup [preauth]
    monitor_read_log: child log fd closed
    do_cleanup
    PAM: cleanup

答案1

chown 1001:1002 /home/USERNAME/.ssh/authorized_keys

答案2

对我来说,即使重新安装后,/usr/NX/home/nx/.ssh/authorized_keys 仍被错误地命名为 /usr/NX/home/nx/.ssh/authorized_keys2。以下是我修复它的方法:

/usr/NX/home/nx/.ssh # cp authorized_keys2 authorized_keys
/usr/NX/home/nx/.ssh # chown nx authorized_keys

我曾在博客上讨论过此事http://www.linuxintro.org/wiki/Nx#The_NX_service_is_not_available

答案3

访问这些文件的用户不是您自己的,因此 600 和 700 不起作用。另外,没有必要像那样保护它;authorized_keys 中没有任何安全措施。

答案4

你的权限错误:

chmod 755 /home/USERNAME/.ssh
chmod 644 /home/USERNAME/.ssh/authorized_keys

相关内容