我正在设置与 Debian 远程服务器的无密码 ssh 连接。我在本地机器上生成了一个密钥,并将该密钥放在两个都/root/.ssh/authorized_keys 和 /home/user/.ssh/authorized_keys。.ssh 的权限设置为 700,authorized_keys 的权限设置为 600。用户是“root 用户”,并具有 sudo 权限。
所以我能直接 ssh 即可根: ssh root@server。 好的。
但是当我尝试直接 ssh 时用户我懂了:
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to server.xxx [24.11.45.113] port 22.
debug1: Connection established.
...
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.7p1 Debian-1
debug1: match: OpenSSH_8.7p1 Debian-1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to server.xxx:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:GALVeyDsqFCWLB/7hh6JWnqt5swCSl3VeYnt0dJ0HzE
debug1: Host 'server.xxx' is known and matches the ECDSA host key.
debug1: Found key in /home/localuser/.ssh/known_hosts:5
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: ED25519 SHA256:YcJ7U0/gHFMRFlLWWpHdMF/6mAt3gmxCML6dAQPAGDw /home/localuser/.ssh/id_ed25519
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/localuser/.ssh/id_rsa
debug1: Trying private key: /home/localuser/.ssh/id_dsa
debug1: Trying private key: /home/localuser/.ssh/id_ecdsa
debug1: Next authentication method: password
[email protected]'s password:
因此它直接跳到密码而不是接受私钥。
tail /var/log/auth.log 中没有任何错误,只有注释
Nov 9 12:24:04 server sudo: pam_unix(sudo:session): session opened for user root(uid=0) by user(uid=1003)
为什么用户(具有 sudo 权限)不能直接 ssh 登陆,而 root 可以使用相同的密钥登陆?
答案1
.ssh 目录和authorized_keys文件的权限很好,但是所有权不好。
所有者必须是尝试登录的用户,否则 sshd 无法读取这些文件。运行chown -R user:user ~user/.ssh它应该可以工作。