我有一台 CentOS 6.3 服务器,用户名是 ako。
我运行 Kubuntu 12.10 作为客户端,并且使用命令将我的公钥复制到服务器ssh-copy-id。
我已/etc/ssh/sshd_config使用以下值更新了文件:
RSAAuthentication yes
PubkeyAuthentication yes
StrictModes yes
PasswordAuthentication no
但是,当我尝试登录服务器时,出现此错误:
Permission denied (publickey).
我之前已经多次设置了 SSH,都没有问题,但我不知道为什么这个不起作用!!
编辑ssh这是详细模式下运行 的输出:
ssh [email protected] -v
OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 123.456.789.000 [123.456.789.000] port 22.
debug1: Connection established.
debug1: identity file /home/ako/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/ako/.ssh/id_rsa-cert type -1
debug1: identity file /home/ako/.ssh/id_dsa type -1
debug1: identity file /home/ako/.ssh/id_dsa-cert type -1
debug1: identity file /home/ako/.ssh/id_ecdsa type -1
debug1: identity file /home/ako/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
debug1: Host '123.456.789.000' is known and matches the RSA host key.
debug1: Found key in /home/ako/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/ako/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/ako/.ssh/id_dsa
debug1: Trying private key: /home/ako/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).
答案1
您可以在详细模式下运行 ssh 来查看具体信息...看来您正在以不同的用户身份连接......“ako”
检查目标系统上“ako”用户主目录的权限。ssh-copy-id不过应该已经为您完成此操作。
chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
答案2
您已将 id 文件从 的系统复制AppArmor到 的系统SELinux。
在 Centos 6.3 机器上运行以下任一操作:
restorecon ~/.ssh/authorized_keyschcon unconfined_u:object_r:ssh_home_t:s0 ~/.ssh/authorized_keys
最终上下文应该是这样的。
ls -Z .ssh/authorized_keys
-rw-------. 用户用户unconfined_u:object_r:ssh_home_t:s0 .ssh/authorized_keys