我正在尝试在两台 Mac(mini 和 bigmac)上设置无密码登录。它只作用于一个,而不作用于另一个。在每台机器上:
我使用“ssh-keygen -t rsa”生成 id_rsa 和 id_rsa.pub (在要求输入密码时按 Enter 键)。我将生成的文件 mv 到 ~/.ssh,然后 scp id_rsa.pub 到 ~/.ssh/authorized_keys 到另一台 Mac。
对于从“mini”到“bigmac”的 ssh,无密码登录有效。当我尝试从“bigmac”ssh 到“mini”时,系统会要求我输入密码:
bigmac:~ jedevnull$ cd .ssh
bigmac:.ssh jedevnull$ ls
authorized_keys id_rsa id_rsa.pub known_hosts
bigmac:.ssh jedevnull$ ssh -v mini
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to mini [192.168.1.20] port 22.
debug1: Connection established.
debug1: identity file /Users/jedevnull/.ssh/id_rsa type 1
debug1: identity file /Users/jedevnull/.ssh/id_rsa-cert type -1
debug1: identity file /Users/jedevnull/.ssh/id_dsa type -1
debug1: identity file /Users/jedevnull/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.9
debug1: match: OpenSSH_6.9 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 0d:2e:de:45:00:ff:9b:ff:96:c5:f6:bd:c6:6a:b0:ec
debug1: Host 'mini' is known and matches the RSA host key.
debug1: Found key in /Users/jedevnull/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/jedevnull/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /Users/jedevnull/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
bigmac的id_rsa.pub和mini的authorized_keys是相同的。
答案1
要查找问题的原因,查看连接的服务器端和客户端上的调试消息会很有帮助。服务器上的选项-d允许在终端中针对单个连接(或拒绝)显示详细的调试消息。例如,在服务器端运行
/usr/sbin/sshd -d -p2222
(在非标准端口上运行,因此不会干扰常规端口sshd),以及在客户端
ssh -v -p2222 ${SERVER_IP}
欲了解更多详细信息,
/usr/sbin/sshd -dd -p2222
ssh -vv -p2222 ${SERVER_IP}
答案2
任何具有 SSH 服务(不是 ssh 命令,而是 sshd)的 n*x 系统都依赖于现有的、可访问的帐户和包含该帐户(= 用户)的有效公钥的文件。
文件夹 ~/.ssh 和密钥本身都只能由该特定用户访问。密钥应该是chmod600,文件夹应该是 700,因此除用户之外的任何人都无法访问它(注意不要将其设置为 600,因为您自己无法读取该文件夹)。与authorized_keys文件相同:我建议600。
如果包含密钥的文件与请求的限制不匹配(只有您有权访问),ssh 登录很可能会失败。
顺便说一句(有点题外话):在这种情况下,也许 @jocala 可以生成一对并在两台机器上使用它。如果您使用不同客户的多台机器,则非常建议拥有多个密钥。为了帮助您使用哪个密钥,您始终可以创建(并填充) ~/.shh/config 文件,而不是始终使用 指定密钥。ssh -i [path_to_key] [email protected]