ssh-keygen -t rsa
我使用~/.ssh 文件夹中创建了一个公钥/私钥对。
然后我使用命令复制了密钥并收到了此通知。ssh-copy-id [email protected]
Number of key(s) added: 2
我尝试登录,但仍然提示输入密码。我运行find / -name id_rsa.pub
命令并搜索远程服务器的 .ssh 文件夹,但在任何地方都找不到主密钥。我尝试使用 pub key 的 go-rwx 和 777 权限进行 chmod 但无济于事。为什么文件没有被复制,但我没有收到错误消息?
编辑:我将 -v 标签添加到 ssh 命令并得到此输出
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to [servername] [ipaddress] port 22.
debug1: Connection established.
debug1: identity file /Users/william.roberts/.ssh/id_rsa type 1
debug1: identity file /Users/william.roberts/.ssh/id_rsa-cert type -1
debug1: identity file /Users/william.roberts/.ssh/id_dsa type -1
debug1: identity file /Users/william.roberts/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 7c:3a:61:86:ec:53:40:c3:b0:5e:c2:9f:f4:bf:35:64
debug1: Host '[servername]' is known and matches the RSA host key.
debug1: Found key in /Users/william.roberts/.ssh/known_hosts:7
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/william.roberts/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering RSA public key: /Users/william.roberts/.ssh/other_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering RSA public key: /Users/william.roberts/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /Users/william.roberts/.ssh/id_dsa
debug1: Next authentication method: password
编辑2:
ls -la .ssh 的输出
drwxrwxrwx 2 root root 4096 Dec 10 19:15 .
dr-xr-x---. 5 root root 4096 Nov 19 22:44 ..
-rw------- 1 root root 3019 Dec 10 19:51 authorized_keys
-rw-r--r-- 1 root root 427 Nov 24 19:40 known_hosts
答案1
ssh-copy-id
将在本地查找一些公钥,登录到远程服务器并将该密钥放入~/.ssh/authorized_keys
.
我很确定它已将密钥添加到该文件中。
可能有多种原因导致不考虑该密钥。例如,~/.ssh/
目录可能没有正确的权限,或者服务器未配置为使用密钥。
用于ssh -v $server
获取有关问题的一些提示。
感谢您对问题的更新。
从详细输出中,您可以看到服务器提供公钥身份验证,但不接受您的任何密钥。
从您的输出中ls -la ~/.ssh
可以看到,任何人都可以替换您的authorized_keys
文件,然后以您的身份登录。 - 服务器确实注意到了这一点,因此忽略了该文件中的密钥。
设置chmod go-wx ~/.ssh
应该可以解决这个问题。
我建议采用以下程序:
- 用于
ssh-add $keyfile
将给定文件中的私钥添加到您的代理 - 用于
ssh-add -L
验证代理是否知道密钥并显示公钥 - 用于
ssh-copy-id
将密钥从代理传输到远程服务器(远程文件~/.ssh/authorized_keys
现在应准确包含上面列出的公钥) - 用于
ssh
使用来自代理的密钥向服务器进行身份验证。
答案2
您的.ssh
目录无法被全世界访问:
chmod 700 ~/.ssh
应该修复它