我知道这个问题已经被问过了,但我确信我已经按照其他答案所建议的做了。
机器 A:
- 用过的密钥生成器-t rsa创造id_rsa.pub在〜/.ssh /
- 复制机器 A 的id_rsa.pub到机器 B 用户的主目录
- 使文件权限id_rsa.pub 600
机器 B
- 将机器 A 的公钥添加到authorised_keys 和authorised_keys2中:cat ~/id_rsa.pub >> ~/.ssh/authorised_keys2
- 使文件权限id_rsa.pub 600
我还确保.ssh目录具有权限700在机器 A 和 B 上。
如果我尝试从机器 A 登录到机器 B,系统会要求我输入密码,而不是 ssh 密码。
我让两台机器上的 root 用户使用无密码 ssh 互相通信,但我无法让普通用户这样做。
两边的用户名必须相同吗?还是我遗漏了其他设置。
机器 A 是 Windows 7 PC 上的 VirtualBox 中运行的 Ubuntu 10.04 虚拟机,机器 B 是专用的 Ubuntu 9.10 服务器
更新:我已经使用选项运行了 ssh-vvv,它提供了很多行输出,但这是最后几个命令:
debug3: check_host_in_hostfile: filename /home/pete/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host '192.168.1.19' is known and matches the RSA host key.
debug1: Found key in /home/pete/.ssh/known_hosts:1
debug2: bits set: 504/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1015
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1063
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/pete/.ssh/identity ((nil))
debug2: key: /home/pete/.ssh/id_rsa (0x7ffe1baab9d0)
debug2: key: /home/pete/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1127
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/pete/.ssh/identity
debug3: no such identity: /home/pete/.ssh/identity
debug1: Offering public key: /home/pete/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1495
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/pete/.ssh/id_dsa
debug3: no such identity: /home/pete/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
答案1
用于ssh-copy-id
复制您的密钥;它将创建任何必要的文件/目录并修复任何损坏的权限。
答案2
文件名必须是:authorized_keys2
并且应该是chmod 600
。
~/.ssh (700)
~/.ssh/authorized_keys2 (600)
~/.ssh/id_rsa (600)
~/.ssh/id_rsa.pub (644)
* 更新 *:提供以下输出(来自远程服务器):
ls -ld ~/.ssh ~/.ssh/authorized_key*
SELinux 启用了吗?(使用getenforce
:),你得到了Permissive
还是Enfrocing
?