我在服务器上运行公钥身份验证时遇到了一些问题。我目前正在运行 Ubuntu 18.04 LTS。
我已将我的公钥添加到 root 的 authorized_keys 文件中,但它仍要求输入密码。
所以我决定转到服务器上的一个用户,然后尝试通过 ssh 返回同一个帐户以确认一切正常。同样的问题。
文件权限看起来都正确:
dashboard@server:~$ ls -al | grep .ssh
drwx------ 2 dashboard dashboard 4096 Feb 24 12:15 .ssh
dashboard@server:~$ ls -al .ssh
total 24
drwx------ 2 dashboard dashboard 4096 Feb 24 12:49 .
drwxr-x--- 19 dashboard dashboard 4096 Feb 24 11:33 ..
-rw-rw-r-- 1 dashboard dashboard 409 Feb 24 12:49 authorized_keys
-rw------- 1 dashboard dashboard 1675 Feb 24 12:12 id_rsa
-rw-r--r-- 1 dashboard dashboard 409 Feb 24 12:12 id_rsa.pub
-rw-r--r-- 1 dashboard dashboard 208 Feb 24 12:15 known_hosts
经过一番研究,论坛上有人建议在启用 -vvv 的情况下运行 ssh,我照做了,并在这里添加了。好吧,反正只有一个 -v,因为论坛说 -vvv 选项是在发送垃圾邮件 :(
dashboard@server:~/.ssh$ ssh -p 8616 [email protected] -v
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to server.i4z4zi.com [95.216.229.124] port 8616.
debug1: Connection established.
debug1: identity file /home/dashboard/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/dashboard/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dashboard/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dashboard/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dashboard/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dashboard/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dashboard/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dashboard/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to server.i4z4zi.com:8616 as 'dashboard'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:XfbQEzJnkyHizj6iWI1ckRIKQhfjahFjH5S7EGilTfo
debug1: Host '[server.i4z4zi.com]:8616' is known and matches the ECDSA host key.
debug1: Found key in /home/dashboard/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:gvwsQMfZdUBiH9ByQZJjwV12zBtc80nS1ahNW7hS6mc /home/dashboard/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/dashboard/.ssh/id_dsa
debug1: Trying private key: /home/dashboard/.ssh/id_ecdsa
debug1: Trying private key: /home/dashboard/.ssh/id_ed25519
debug1: Next authentication method: password
如果有人能告诉我为什么它不起作用,我将非常感激。
sshd_config 文件只是 Ubuntu 自带的标准文件,但我更改了端口号并将 UseDNS 添加到 no
干杯,克雷格
答案1
连接的内容.ssh/id_rsa.pub必须在接收器中.ssh/authorized_keys,否则它永远不会工作。确认这两者后它就会工作。
MacUser2525:~$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA
MacUser2525:~$ ssh [email protected]
Linux buster-raspi 5.9.0-0.bpo.5-arm64 #1 SMP Debian 5.9.15-1~bpo10+1 (2020-12-31) aarch64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Fri Feb 5 18:36:56 2021
root@buster-raspi:~# cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQE
root@buster-raspi:~# cat /etc/ssh/sshd_config | grep Root
#PermitRootLogin prohibit-password
# the setting of "PermitRootLogin without-password".
root@buster-raspi:~# cat /etc/ssh/sshd_config | grep root
#ChrootDirectory none
现在我再次看到了使用该端口的隐蔽安全性。如果这台机器在本地网络之外,尝试这种端口移动技术来确保安全性是无用的。扫描互联网以寻找开放端口的机器并不关心您是否更改了端口。它们会检查每个 IP 上存在的每个端口,只有上帝知道它们一天要检查多少次。它们会毫不费力地找到您的服务及其更改的监听端口。或者您认为它们不知道这些服务可以在其他端口上运行?它们就是这么愚蠢,对吧。我粘贴的简介就是针对这种情况。