OpenSSH 无密码 ssh 带有多个身份密钥文件

OpenSSH 无密码 ssh 带有多个身份密钥文件

正在参考现有服务器设置新服务器。从服务器到其他机器的无密码 ssh 需要多个密钥文件(超过 6 个)的支持。通过参考现有服务器,/etc/ssh/sshd_config 中的 MaxAuthTries 已被重新标记,并且密钥文件已指定为 /etc/ssh/ssh_config 中的 IdentityFile 列表。但是,新服务器显示“身份验证失败次数过多”错误,而现有服务器则未显示。从详细模式中可以看出,现有服务器能够扫描超过 6 个密钥而不会出现“身份验证失败次数过多”错误!我不知道新服务器中缺少什么设置。如何让它像现有服务器一样工作?

对于这两台服务器,Ssh 配置仅包含 IdentityFile 列表,没有主机。所有其他默认行都已注释。Sshd 配置中的所有行都已注释。我尝试 ps,但看不到 ssh-agent,只能看到 sshd。

服务器上的 Ssh 客户端日志无法正常工作:

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/appusr/.ssh/KEY1
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering RSA public key: /home/appusr/.ssh/KEY2
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering RSA public key: /home/appusr/.ssh/KEY3
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering RSA public key: /home/appusr/.ssh/KEY4
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering RSA public key: /home/appusr/.ssh/KEY5
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering RSA public key: /home/appusr/.ssh/KEY6
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
Received disconnect from 10.99.72.123: 2: Too many authentication failures
debug1: Authentication succeeded (publickey).
Authenticated to targethost ([10.99.72.123]:22).
...
Connection to targethost closed by remote host.
Connection closed

答案1

在 ssh 配置中,使用Host模式来限制IdentityFile该主机将接受的密钥。(请记住,它将尝试ssh-agent配置中的每个匹配密钥。)

Host unixbox*.example.org
  IdentifyFile ~/.ssh/id_ecdsa

IdentitiesOnly yes此外,如果您在模式中Host使用,则似乎会出现怪癖ssh-agent。过滤效果意味着可以将许多键加载到中ssh-agent何时向远程服务器提供哪些 SSH 身份

相关内容