我想从我的家用电脑(用户:)使用 rsa-keyantonio@antonio-home
进行ssh 连接。serveruser@serverhost
我生成了 rsa-key 并ssh-keygen -t rsa
上传到服务器,但它仍然要求我输入密码。
如果我创建用户antonio
并将serverhost
我的 id_rsa.pub 复制到用户的主目录中,antonio
我可以成功完成ssh antonio@serverhost
。但ssh serveruser@serverhost
不起作用(id_rsa.pub 也在主目录中serveruser
)
我做错了什么?也许我应该在生成 rsa 密钥时指定用户名?类似这样ssh-keygen -t rsa --user serveruser
?
我曾经ssh-copy-id
将密钥发送到服务器,也尝试过这样做cat ~/.ssh/id_rsa_serveruser.pub |ssh -lserveruser <hostname or IP of server> "cat >> .ssh/authorized_keys"
服务器上的文件权限:drwx------ .ssh
并且-rw------- authorized_keys
。serveruser
是此文件和目录的所有者。
authorized_keys
服务器上的文件:
ssh-rsa AAAAB3NzaC1yc2EA....AAADAQA antonio@Antonio-Home
我发现这个文件末尾仍然有错误的用户名:antonio@Antonio-Home
。也许这就是问题所在?
我尝试设置和不设置密钥的密码 - 没有区别
Antonio-Home:.ssh antonio$ cat config
Host serveruser
Hostname <ip>
User serveruser
Identityfile2 ~/.ssh/id_rsa
ssh -vvvv serveruser
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/antonio/.ssh/config
debug1: /Users/antonio/.ssh/config line 1: Applying options for serveruser
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 102: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to <ip> [<ip>] port 22.
debug1: Connection established.
debug1: identity file /Users/antonio/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/antonio/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to <ip>:22 as 'serveruser'
debug3: hostkeys_foreach: reading file "/Users/antonio/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /Users/antonio/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from <ip>
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:ceUAVoQrX7gnlD3N4j82eaYSO15RKgNDfdL66+cdTCA
debug3: hostkeys_foreach: reading file "/Users/antonio/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /Users/antonio/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from <ip>
debug1: Host '<ip>' is known and matches the RSA host key.
debug1: Found key in /Users/antonio/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/antonio/.ssh/id_rsa (0x7f97e1713cb0), explicit
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/antonio/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
serveruser@<ip>'s password:
答案1
最后,我找到了解决方案!在服务器上,当我将组更改为(serveruser 所在的组)时,我的 .ssh 文件夹由用户serveruser
和组拥有。一切都开始正常工作。感谢大家的帮助!root
hosting
答案2
您可以将 ssh 客户端配置为默认使用其他用户名连接到服务器。在您的 ~/.ssh/config 中:
Host serverhost
User serveruser
这样,您可以直接连接,而无需更改服务器用户。
然后确保服务器用户主目录中 ssh 文件的权限:
chmod 0700 .ssh; chmod 0600 .ssh/authorized_keys
答案3
跑步:
ssh-keygen -trsa -b2048 -f ~/.ssh/id_rsa_serveruser
然后
cat ~/.ssh/id_rsa_serveruser.pub |ssh -lserveruser <hostname or IP of server> "cat >> .ssh/authorized_keys"
出现提示时输入您的密码。
然后在你的~/.ssh/config
文件中:
Host <nickname for connection>
Hostname <hostname or IP address of serverhost>
User serveruser
Identityfile2 ~/.ssh/id_rsa_serveruser
你应该能够使用
ssh <nickname for connection>
并且不会提示您输入密码。如果这不起作用,请确保该~/.ssh/authorized_keys
文件确实存在于服务器上并具有适当的权限
编辑
我发现这个文件末尾的用户名仍然错误:antonio@Antonio-Home。也许这就是问题所在?
来自ssh-keygen
手册页:
For RSA1 keys, there is also a comment field in the key file that is only for convenience to the user
to help identify the key. The comment can tell what the key is for, or whatever is useful. The com-
ment is initialized to ``user@host'' when the key is created, but can be changed using the -c option.
我认为您在该 .pub 文件末尾看到的“用户名”就是那条注释,所以这很可能不是问题所在。