从 OS X 到 Ubuntu 的权限被拒绝(公钥)

从 OS X 到 Ubuntu 的权限被拒绝(公钥)

我知道这个问题已被问过多次,但我无法在我的计算机上解决它,而且我觉得我已经尝试了一切。

我想使用我机器上的公钥通过 ssh 登录到我的 ubuntu 机器 - 这样我就不必输入密码了。

我总是总是总是得到permission denied (publickey)

我已经创建了具有各种选项的新密钥,但似乎没有什么可以改变这一点。

密码验证工作正常 - 所以我不会被锁定或出现其他问题,但如果可以在我经常使用的计算机上登录,我希望能够使用 SSH 密钥登录。

这是我的日志:

`01 OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
 02 debug1: Reading configuration data /etc/ssh_config
 03 debug1: /etc/ssh_config line 20: Applying options for *
 04 debug1: Connecting to bcs.net.nz [203.167.215.130] port 22.
 05 debug1: Connection established.
 06 debug1: identity file /Users/jeff/.ssh/id_rsa type 1
 07 debug1: identity file /Users/jeff/.ssh/id_rsa-cert type -1
 08 debug1: identity file /Users/jeff/.ssh/id_dsa type -1
 09 debug1: identity file /Users/jeff/.ssh/id_dsa-cert type -1
 10 debug1: Enabling compatibility mode for protocol 2.0
 11 debug1: Local version string SSH-2.0-OpenSSH_6.2
 12 debug1: Remote protocol version 2.0, remote software version   OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
 13 debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH*
 14 debug1: SSH2_MSG_KEXINIT sent
 15 debug1: SSH2_MSG_KEXINIT received
 16 debug1: kex: server->client aes128-ctr [email protected] none
 17 debug1: kex: client->server aes128-ctr [email protected] none
 18 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
 19 debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
 20 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
 21 debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
 22 debug1: Server host key: RSA 3b:2d:96:07:cf:f9:63:82:b1:3f:ae:5d:a0:83:24:84
 23 debug1: Host 'bcs.net.nz' is known and matches the RSA host key.
 24 debug1: Found key in /Users/jeff/.ssh/known_hosts:1
 25 debug1: ssh_rsa_verify: signature correct
 26 debug1: SSH2_MSG_NEWKEYS sent
 27 debug1: expecting SSH2_MSG_NEWKEYS
 28 debug1: SSH2_MSG_NEWKEYS received
 29 debug1: Roaming not allowed by server
 30 debug1: SSH2_MSG_SERVICE_REQUEST sent
 31 debug1: SSH2_MSG_SERVICE_ACCEPT received
 32 debug1: Authentications that can continue: publickey
 33 debug1: Next authentication method: publickey
 34 debug1: Offering RSA public key: /Users/jeff/.ssh/id_rsa
 35 debug1: Authentications that can continue: publickey
 36 debug1: Trying private key: /Users/jeff/.ssh/id_dsa
 37 debug1: Next authentication method: keyboard-interactive
 38 debug1: Authentications that can continue: publickey
 39 debug1: No more authentication methods to try.
 40 Permission denied (publickey,keyboard-interactive).`

~/.ssh/我的客户端机器是 Macbook Air,目录中具有以下权限

-rw------- 1 jeff staff 1675 2 Apr 22:32 id_rsa -rw------- 1 jeff staff 405 2 Apr 22:32 id_rsa.pub -rw------- 1 jeff staff 405 2 Apr 23:39 known_hosts

我的服务器机器上有这些~/.ssh

-rw------- 1 git git 1 Apr 2 23:36 authorized_keys

id_rsa.pub复制到authorized_keys

我已经束手无策了,因为我尝试了很多种组合:-) 还有什么可以帮助的吗?

======== 添加服务器日志 =======

Apr  3 11:19:16 bcs sshd[19198]: debug1: Forked child 19300.
Apr  3 11:19:16 bcs sshd[19300]: Set /proc/self/oom_score_adj to 0
Apr  3 11:19:16 bcs sshd[19300]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Apr  3 11:19:16 bcs sshd[19300]: debug1: inetd sockets after dupping: 3, 3
Apr  3 11:19:16 bcs sshd[19300]: Connection from 103.26.16.233 port 58988 on 172.16.1.102 port 22
Apr  3 11:19:16 bcs sshd[19300]: debug1: Client protocol version 2.0; client software version OpenSSH_6.2
Apr  3 11:19:16 bcs sshd[19300]: debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000
Apr  3 11:19:16 bcs sshd[19300]: debug1: Enabling compatibility mode for protocol 2.0
Apr  3 11:19:16 bcs sshd[19300]: debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
Apr  3 11:19:16 bcs sshd[19300]: debug1: permanently_set_uid: 116/65534 [preauth]
Apr  3 11:19:16 bcs sshd[19300]: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Apr  3 11:19:16 bcs sshd[19300]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Apr  3 11:19:16 bcs sshd[19300]: debug1: SSH2_MSG_KEXINIT received [preauth]
Apr  3 11:19:16 bcs sshd[19300]: debug1: kex: client->server aes128-ctr [email protected] none [preauth]
Apr  3 11:19:16 bcs sshd[19300]: debug1: kex: server->client aes128-ctr [email protected] none [preauth]
Apr  3 11:19:16 bcs sshd[19300]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
Apr  3 11:19:16 bcs sshd[19300]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
Apr  3 11:19:16 bcs sshd[19300]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
Apr  3 11:19:16 bcs sshd[19300]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth]
Apr  3 11:19:16 bcs sshd[19300]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Apr  3 11:19:16 bcs sshd[19300]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Apr  3 11:19:16 bcs sshd[19300]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Apr  3 11:19:16 bcs sshd[19300]: debug1: KEX done [preauth]
Apr  3 11:19:16 bcs sshd[19300]: debug1: userauth-request for user git service ssh-connection method none [preauth]
Apr  3 11:19:16 bcs sshd[19300]: debug1: attempt 0 failures 0 [preauth]
Apr  3 11:19:17 bcs sshd[19300]: reverse mapping checking getaddrinfo for 103-26-16-233.ufb.ff.net.nz [103.26.16.233] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr  3 11:19:17 bcs sshd[19300]: debug1: userauth-request for user git service ssh-connection method publickey [preauth]
Apr  3 11:19:17 bcs sshd[19300]: debug1: attempt 1 failures 0 [preauth]
Apr  3 11:19:17 bcs sshd[19300]: debug1: test whether pkalg/pkblob are acceptable [preauth]
Apr  3 11:19:17 bcs sshd[19300]: debug1: temporarily_use_uid: 1008/1007 (e=0/0)
Apr  3 11:19:17 bcs sshd[19300]: debug1: trying public key file /root/.ssh/authorized_keys
Apr  3 11:19:17 bcs sshd[19300]: debug1: Could not open authorized keys '/root/.ssh/authorized_keys': Permission denied
Apr  3 11:19:17 bcs sshd[19300]: debug1: restore_uid: 0/0
Apr  3 11:19:17 bcs sshd[19300]: Failed publickey for git from 103.26.16.233 port 58988 ssh2: RSA a3:40:f0:b3:8d:c7:fa:d2:6e:c4:53:93:1b:30:82:92
Apr  3 11:19:17 bcs sshd[19300]: Connection closed by 103.26.16.233 [preauth]
Apr  3 11:19:17 bcs sshd[19300]: debug1: do_cleanup [preauth]
Apr  3 11:19:17 bcs sshd[19300]: debug1: monitor_read_log: child log fd closed
Apr  3 11:19:17 bcs sshd[19300]: debug1: do_cleanup
Apr  3 11:19:17 bcs sshd[19300]: debug1: Killing privsep child 19301

答案1

在服务器的 sshd_config 中检查以下内容

PubkeyAuthentication yes
AuthorizedKeysFile     %h/.ssh/authorized_keys

由于某种原因,虽然您尝试使用用户“git”登录,但 sshd 仍尝试打开 /root/.ssh/authorized_keys 文件(来自 sshd 日志),因此它实际上应该读取 /home/git/.ssh/authorized_keys。我怀疑 AuthorizedKeysFile 条目配置错误。通常,AuthorizedKeysFile 条目不需要设置,因为它默认为上述值。

答案2

在服务器上添加此项:

ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key

相关内容