我有一个问题FreeBSD 14.0- 该~/.ssh/
目录归我所有,但我无法以自己的身份访问它:
$ ls -al .ssh
ls: .: Permission denied
ls: ..: Permission denied
ls: authorized_keys: Permission denied
ls: known_hosts: Permission denied
total 0
仅作为 root 用户:
# ls -al .ssh
total 18
drw------- 2 alex alex 4 Mar 29 20:24 .
drwxr-xr-x 4 alex alex 14 Mar 29 21:09 ..
-rw------- 1 alex alex 490 Mar 29 20:46 authorized_keys
-rw------- 1 alex alex 825 Mar 29 20:24 known_hosts
这显然也导致ssh
无法访问它进行密钥认证(客户端公钥已经在服务器上的文件中.ssh/authorized_keys
;我可以使用密码登录,但使用密钥我得到了这个:
ssh [email protected] -vvv
...
debug1: Host '10.211.55.6' is known and matches the ED25519 host key.
debug1: Found key in /Users/alex/.ssh/known_hosts:21
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: /Users/alex/.ssh/id_ed25519 ED25519 SHA256:gQo01WDh/PW9AyO/Cdq4xnc/S+pTb4H13sFdtsDFxto explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-dss,ssh-rsa,rsa-sha2-256,rsa-sha2-512>
debug1: kex_input_ext_info: [email protected]=<0>
debug1: kex_input_ext_info: [email protected] (unrecognised)
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/alex/.ssh/id_ed25519 ED25519 SHA256:gQo01WDh/PW9AyO/Cdq4xnc/S+pTb4H13sFdtsDFxto explicit
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey,password,keyboard-interactive).
PubkeyAuthentication
设置为yes
,sshd
服务已重新启动,我不明白我在这里做错了什么?
答案1
您需要在目录上执行位才能访问其中的文件;因此,需要chmod u+x .ssh
(或chmod u+rwx .ssh
,或)。chmod 700 .ssh
x 位的双重用途是 Unix 的传统。可以将其视为“跨越 / 的权限”。