服务器上的权限设置正确 (chibi)。如果我没有打开到服务器的现有 ssh 会话,则所有新会话都需要密码。但是,如果已经打开了一个,则其他 ssh 会话将正确地使用公钥进行身份验证。
我的 $home 在 SD 卡上。我将 authorized_keys 移至 / 并链接它,但这并没有解决问题。
没有开放的会议:
ting@core[0][09:11:32]:~$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXRYefDRi18Qtlkfmt/qK5dbzMk5ajMgIv4+jUyWTtL1detZAs/hoIKocqBib5ul+/snrGiFbYV1JQiiLaidXNwe1nsNCk6UMagrRaCkPxyEqiygh9Ha5pf7anVdx2sLwdSXU42qKOgmVAHolpQfZQ4r/XItmR8fbDzNgkYeT+yEpm9b69wSl2d3xWPMd+EnqiqXuUoXISvMxDXIsC8I4qff6ms4JMX1S6HxBnVUKg/4DgJ7x07m4cM6RbXvGXNy2KBMhHoy45V/lPlf8pey+Af0Zxyw+na3mlG2WmAyOCnwXKJ/9TqLpYiCUHhTR4wgmgZpLWpSyyHYZhGP951ozP /home/ting/.ssh/id_rsa
ting@core[0][09:12:35]:~$ ssh -v chibi
OpenSSH_5.5p1 Debian-4ubuntu5, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to chibi [192.168.1.2] port 22.
debug1: Connection established.
debug1: identity file /home/ting/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/ting/.ssh/id_rsa-cert type -1
debug1: identity file /home/ting/.ssh/id_dsa type -1
debug1: identity file /home/ting/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-4ubuntu5
debug1: match: OpenSSH_5.5p1 Debian-4ubuntu5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'chibi' is known and matches the RSA host key.
debug1: Found key in /home/ting/.ssh/known_hosts:37
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/ting/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/ting/.ssh/id_dsa
debug1: Next authentication method: password
ting@chibi's password:
一个会话已连接,正在打开第二个会话:
ting@core[0][09:14:14]:~$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXRYefDRi18Qtlkfmt/qK5dbzMk5ajMgIv4+jUyWTtL1detZAs/hoIKocqBib5ul+/snrGiFbYV1JQiiLaidXNwe1nsNCk6UMagrRaCkPxyEqiygh9Ha5pf7anVdx2sLwdSXU42qKOgmVAHolpQfZQ4r/XItmR8fbDzNgkYeT+yEpm9b69wSl2d3xWPMd+EnqiqXuUoXISvMxDXIsC8I4qff6ms4JMX1S6HxBnVUKg/4DgJ7x07m4cM6RbXvGXNy2KBMhHoy45V/lPlf8pey+Af0Zxyw+na3mlG2WmAyOCnwXKJ/9TqLpYiCUHhTR4wgmgZpLWpSyyHYZhGP951ozP /home/ting/.ssh/id_rsa
ting@core[0][09:14:17]:~$ ssh -v chibi
OpenSSH_5.5p1 Debian-4ubuntu5, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to chibi [192.168.1.2] port 22.
debug1: Connection established.
debug1: identity file /home/ting/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/ting/.ssh/id_rsa-cert type -1
debug1: identity file /home/ting/.ssh/id_dsa type -1
debug1: identity file /home/ting/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-4ubuntu5
debug1: match: OpenSSH_5.5p1 Debian-4ubuntu5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'chibi' is known and matches the RSA host key.
debug1: Found key in /home/ting/.ssh/known_hosts:37
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/ting/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.utf8
.bashrc executed.
.bash_aliases executed.
ting@chibi[0][14:14:41]:~$
两次会议之间的差异:
ting@core[0][09:20:47]:~$ diff ssh1.txt ssh2.txt
36,39c36,37
< debug1: Authentications that can continue: publickey,password
< debug1: Trying private key: /home/ting/.ssh/id_dsa
< debug1: Next authentication method: password
< debug1: Authentication succeeded (password).
---
> debug1: Server accepts key: pkalg ssh-rsa blen 279
> debug1: Authentication succeeded (publickey).
53,54c51,52
< Transferred: sent 2216, received 8360 bytes, in 11.2 seconds
< Bytes per second: sent 198.2, received 747.7
---
> Transferred: sent 2712, received 7464 bytes, in 9.1 seconds
> Bytes per second: sent 298.4, received 821.3
文件权限:
drwx------ 2 ting ting 4.0K 2011-03-30 14:00 .ssh/
-rw------- 1 ting ting 404 2011-03-30 14:00 authorized_keys
-rw------- 1 ting ting 132 2011-03-23 02:47 environment
-rw-r--r-- 1 ting ting 4.4K 2011-03-25 11:59 known_hosts
ting@chibi[0][23:57:13]:~/.ssh$
答案1
看来您的主目录或密钥所在位置已加密。首次登录会挂载并解密目录,让 ssh 守护程序使用密钥文件。
解决方案是将“authorized_keys”文件移动到默认未加密的设备。
之后,您必须将 ssh 守护程序指向该位置。以下配置选项用于此目的。
授权密钥文件 指定包含可用于用户身份验证的公钥的文件。AuthorizedKeysFile 可能包含在连接设置期间替换的 %T 形式的令牌。定义了以下令牌:%% 由文字“%”替换,%h 由正在验证的用户的主目录替换,%u 由该用户的用户名替换。扩展后,AuthorizedKeysFile 被视为绝对路径或相对于用户主目录的路径。默认值为“.ssh/authorized_keys”。
也许像这样
AuthorizedKeysFile /etc/ssh/%u/authorized_keys