SSH 访问 Ubuntu 权限被拒绝（公钥）

我正在尝试创建一个new user in ubuntu with keybased authentication并配置 Github 操作（通过 ssh）来部署在我的分支上所做的任何新更改，但是我坚持使用 SSH 连接到服务器，不断抛出错误Permission denied. (publickey)截图如下。

我有服务器的管理员权限，但问题只出现在新创建的用户上，新用户会不断抛出错误Permission denied. (publickey)

以下是我如何尝试从本地机器（mac）连接到服务器

ssh SpiderServer
user@hostname: Permission denied (publickey).

//my ~/.ssh/config file contains the following
Host SpiderServer
HostName ip-address-of-the-server
Port 22
User username
IdentityFile /Users/hs/.ssh/cert.pem

启用详细跟踪后，结果如下：

❯ ssh UW1003 -v
OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/hs/.ssh/config
debug1: /Users/hs/.ssh/config line 9: Applying options for UW1003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to XXX.XXX.XX.XXX [XXX.XXX.XX.XXX] port 22.
debug1: Connection established.
debug1: identity file /Users/hs/.ssh/UW1003.pem type -1
debug1: identity file /Users/hs/.ssh/UW1003.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to XXX.XXX.XX.XXX:22 as 'githubdeployment'
debug1: load_hostkeys: fopen /Users/hs/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:R3a/mQVBiXfnkJ6Vive8+TCeffMSkTxQgHsm3EKeQG8
debug1: load_hostkeys: fopen /Users/hs/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'XXX.XXX.XX.XXX' is known and matches the ED25519 host key.
debug1: Found key in /Users/hs/.ssh/known_hosts:8
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: /Users/hs/.ssh/UW1003.pem  explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]>
debug1: kex_input_ext_info: [email protected]=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/hs/.ssh/UW1003.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).

尝试 1：通过 ssh-keygen 命令

我遵循的步骤（失败）

1. 生成用于ssh-keygen -t rsa -b 4096远程服务器的密钥对
2. cat <path/to/public/key> >> ~/.ssh/authorized_keys
3. 将 id_rsa 作为 .pem 文件下载到我的本地系统（mac）并尝试连接到服务器，但出现Permission denied. (publickey)错误。

尝试 2：通过 AWS 密钥对

1. 前往 AWS 密钥对
2. 生成的 RSA（.pem 格式）
3. 将私钥作为 .pem 文件下载到我的本地系统（mac）并尝试连接到服务器，但出现Permission denied. (publickey)错误。

以下是我的 ubuntu 服务器与 ssh 相关的配置

PasswordAuthentication no
KbdInteractiveAuthentication no
AuthenticationMethods publickey
UsePAM no
StrictModes yes
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
AllowUsers spiderman

我迄今为止尝试过的事情

1. 复制现有用户的 id_rsa 和 id_rsa.pub，通过它们我可以访问新创建的远程服务器（路径 /home/spiderman./ssh）
2. 将 id_rsa 和 id_rsa.pub 的访问级别更改为 0400 和 0600

我是否遗漏了什么？