ssh 公钥没有被复制

tag-icon tag-icon linux ssh macintosh ssh-keygen
ssh 公钥没有被复制

ssh-keygen -t rsa我使用~/.ssh 文件夹中创建了一个公钥/私钥对。

然后我使用命令复制了密钥并收到了此通知。ssh-copy-id [email protected]

Number of key(s) added:        2

我尝试登录,但仍然提示输入密码。我运行find / -name id_rsa.pub命令并搜索远程服务器的 .ssh 文件夹,但在任何地方都找不到主密钥。我尝试使用 pub key 的 go-rwx 和 777 权限进行 chmod 但无济于事。为什么文件没有被复制,但我没有收到错误消息?

编辑:我将 -v 标签添加到 ssh 命令并得到此输出

OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to [servername] [ipaddress] port 22.
debug1: Connection established.
debug1: identity file /Users/william.roberts/.ssh/id_rsa type 1
debug1: identity file /Users/william.roberts/.ssh/id_rsa-cert type -1
debug1: identity file /Users/william.roberts/.ssh/id_dsa type -1
debug1: identity file /Users/william.roberts/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 7c:3a:61:86:ec:53:40:c3:b0:5e:c2:9f:f4:bf:35:64
debug1: Host '[servername]' is known and matches the RSA host key.
debug1: Found key in /Users/william.roberts/.ssh/known_hosts:7
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/william.roberts/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering RSA public key: /Users/william.roberts/.ssh/other_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering RSA public key: /Users/william.roberts/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /Users/william.roberts/.ssh/id_dsa
debug1: Next authentication method: password

编辑2:

ls -la .ssh 的输出

drwxrwxrwx  2 root root 4096 Dec 10 19:15 .
dr-xr-x---. 5 root root 4096 Nov 19 22:44 ..
-rw-------  1 root root 3019 Dec 10 19:51 authorized_keys
-rw-r--r--  1 root root  427 Nov 24 19:40 known_hosts

答案1

ssh-copy-id将在本地查找一些公钥,登录到远程服务器并将该密钥放入~/.ssh/authorized_keys.

我很确定它已将密钥添加到该文件中。

可能有多种原因导致不考虑该密钥。例如,~/.ssh/目录可能没有正确的权限,或者服务器未配置为使用密钥。

用于ssh -v $server获取有关问题的一些提示。

感谢您对问题的更新。

从详细输出中,您可以看到服务器提供公钥身份验证,但不接受您的任何密钥。

从您的输出中ls -la ~/.ssh可以看到,任何人都可以替换您的authorized_keys文件,然后以您的身份登录。 - 服务器确实注意到了这一点,因此忽略了该文件中的密钥。

设置chmod go-wx ~/.ssh应该可以解决这个问题。

我建议采用以下程序:

  • 用于ssh-add $keyfile将给定文件中的私钥添加到您的代理
  • 用于ssh-add -L验证代理是否知道密钥并显示公钥
  • 用于ssh-copy-id将密钥从代理传输到远程服务器(远程文件~/.ssh/authorized_keys现在应准确包含上面列出的公钥)
  • 用于ssh使用来自代理的密钥向服务器进行身份验证。

答案2

您的.ssh目录无法被全世界访问:

chmod 700 ~/.ssh

应该修复它

相关内容