====================================================================
更新:事实证明,sshd 的配置host2
不允许密码登录。感谢回答此问题的人。
====================================================================
场景:与一家公司合作完成我的大学项目。我需要host1
先使用 PuTTy 进行 SSH 连接,然后再通过 SSH 连接host2
(见下文)。我在 host2 上获得了用户名和密码。
我根本无权访问 host2,因此我对它的一无所知sshd_config
。
当我尝试通过 SSH 进入host2
时,发生了以下情况host1
:
ff@host1:~$ ssh -v host2
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /home/ff/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to host2 [192.*.*.*] port 22.
debug1: Connection established.
debug1: identity file /home/ff/.ssh/identity type -1
debug1: identity file /home/ff/.ssh/id_rsa type -1
debug1: identity file /home/ff/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'sd01' is known and matches the RSA host key.
debug1: Found key in /home/ff/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ff/.ssh/identity
debug1: Trying private key: /home/ff/.ssh/id_rsa
debug1: Trying private key: /home/ff/.ssh/id_dsa
debug1: Next authentication method: password
ff@sd01's password:
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
Permission denied, please try again.
ff@sd01's password:
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
Permission denied, please try again.
ff@sd01's password:
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-with-mic,password).
和我的 /home/ff/.ssh/config :
Host *
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
# RhostsRSAAuthentication no
# RSAAuthentication yes
# HostbasedAuthentication no
BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# AuthorizedKeysFile .ssh/authorized_keys
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
我想知道在去公司之前我能做些什么吗?
答案1
主机不接受您尝试的用户名和密码。这意味着您连接到了错误的服务器,或者用户名或密码不正确。您应该要求管理员检查 上的日志host2
,它会告诉您是上述哪一种情况。
答案2
第一的
chmod 700 .ssh
进而 :
chmod 600 .ssh/authorized_keys
并测试一下:
restorecon -r -vv .ssh/authorized_keys
答案3
我也遇到了同样的问题,但对我来说,问题是操作系统(CentOS 7)的默认配置是加密用户目录,因此authorized_keys
放入的文件~/.ssh/
无法工作。解决方案来自这里但基本上:
- 将
/etc/ssh/sshd_config
AuthorizedKeysFile 属性设置为用户目录之外的内容(/etc/ssh/authorized_keys
) - 重新启动 sshd 服务
答案4
客户端似乎已启用 GSSAPI 身份验证,但身份验证失败并返回到密码身份验证。如果您无法使用提供的登录名和密码登录,那么唯一明智的做法是联系负责管理服务器的人员(“公司”)。