我的 ssh 密钥不起作用,权限看起来不错

我的 ssh 密钥不起作用,权限看起来不错

我的权限如下所示:

-rw-------.  1 smpadmin staff     400 May 21  2014 id_rsa.pub
-rw-r--r--.  1 smpadmin staff     505 Dec 14 19:19 known_hosts
drwxr-xr-x. 45 smpadmin staff    4096 Jan 20 09:53 ..
-rw-r--r--.  1 smpadmin staff     386 Jan 20 10:32 config
-rwx------.  1 smpadmin staff     400 Jan 20 10:34 authorized_keys
-rwx------.  1 smpadmin staff      400 Jan 20 10:37 authorized_keys2
drwx------.  2 smpadmin staff    4096 Jan 20 10:37 .

日志:

debug3: record_hostkey: found key type RSA in file /home/alejanpi/.ssh/known_hosts:85
debug3: load_hostkeys: loaded 1 keys from x.x.150.86
debug1: Host 'x.x.150.86' is known and matches the RSA host key.
debug1: Found key in /home/alejanpi/.ssh/known_hosts:85
debug2: bits set: 1525/3072
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/alejanpi/.ssh/id_rsa (0x60005ff50),
debug2: key: /home/alejanpi/.ssh/id_dsa (0x0),
debug2: key: /home/alejanpi/.ssh/id_ecdsa (0x0),
debug2: key: /home/alejanpi/.ssh/id_ed25519 (0x0),
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/alejanpi/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/alejanpi/.ssh/id_dsa
debug3: no such identity: /home/alejanpi/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/alejanpi/.ssh/id_ecdsa
debug3: no such identity: /home/alejanpi/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/alejanpi/.ssh/id_ed25519
debug3: no such identity: /home/alejanpi/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
[email protected]'s password:

我将公钥添加到两个授权密钥文件中。

通过与我有相同密钥工作的另一台服务器进行比较,该服务器上的日志在某个时刻显示:

Server accepts key: pkalg ssh-rsa blen 277

我还注意到这部分日志中有不同的十六进制代码:

debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/alejanpi/.ssh/id_rsa (0x60006c5f0),

现在,对于我的密钥不起作用的服务器,/home 曾经位于 / 上,但我将其安装到不同的磁盘上。在我搬到 /home 之前,我的钥匙曾经可以使用。不确定这是否对我有影响,但我认为值得一提。这就是我安装回家的方式:

UUID=143f3a8a-55f3-41e4-8797-d1cdb0435c13 /home                   ext4    defaults        0 2

SELinux 权限。

drwx------. smpadmin staff unconfined_u:object_r:ssh_home_t:s0 .
drwxr-xr-x. smpadmin staff unconfined_u:object_r:user_home_dir_t:s0 ..
-rwx------. smpadmin staff unconfined_u:object_r:ssh_home_t:s0 authorized_keys
-rwx------. smpadmin staff unconfined_u:object_r:ssh_home_t:s0 authorized_keys2
-rw-r--r--. smpadmin staff unconfined_u:object_r:ssh_home_t:s0 config
-rw-------. smpadmin staff unconfined_u:object_r:ssh_home_t:s0 environment
-rw-------. smpadmin staff unconfined_u:object_r:ssh_home_t:s0 id_rsa.pub
-rw-r--r--. smpadmin staff unconfined_u:object_r:ssh_home_t:s0 known_hosts

主目录有:drwxr-xr-x。 root root system_u:object_r:file_t:s0 home

答案1

也许您没有在寻找正确的权限集。

如果可以的话,您是否尝试过暂时禁用 SELinux?

在服务器中您尝试访问控制台:

# setenforce 0

并尝试再次访问。

如果有效,则属于 SELinux 相关问题。

然后,如果您想解决问题,请获得正确的权限。

首先查看该文件的 ACL:

# ls -alZ authorized_keys
-rw-r--r--. root root unconfined_u:object_r:ssh_home_t:s0 authorized_keys

如果它没有显示 unconfined_u:object_r:ssh_home_t:s0 则使用 chcon 更改权限

# chcon unconfined_u:object_r:ssh_home_t:s0 authorized_keys

答案2

您正在尝试对用户进行身份验证,并向我们展示(至少根据所有者/组)smpadmin的权限。~user/.ssh

该目录~/.ssh应由主目录的所有者拥有,就像其中的所有其他文件一样。您从不同的用户复制了它,但没有更改所有者,或者您正在连接到错误的用户。

相关内容