Authentication 无密码基于密钥的身份验证不起作用

这就是我需要意识到的：

用户根目录的基于关键字的无密码身份验证 对根用户以外的任何其他用户进行基于密码的身份验证 我需要访问的服务器正在运行Debian 9 stretch。 在我的客户机上，我创建了一个这样的密钥对：ssh-keygen

这创建了以下文件~/.ssh/id\u rsa和~/.ssh/id\u rsa.pub

现在，我将~/.ssh/id_rsa.pub的内容复制到服务器上的/root/.ssh/authorized_密钥中，并使用600权限修改了密钥文件。 然后，我通过设置以下值修改了服务器上的/etc/ssh/sshd_配置：

不带密码的permitrotlogin PubkeyAuthentication是

现在，我在服务器上重新启动了ssh服务，并尝试通过ssh进行连接root@sub.domain.tld. 它仍然以用户root的密码提示结束

ssh-vvv的结果root@sub.domain.tld你可以找到Ubuntu Pastebin

我没有修改什么

问候 //neph

您应该遵循教程，有很多过时的教程。它在Ubuntu 19.04上对我起了作用

All you have to do is:

apt-get install libpam-google-authenticator.

Users who want to continue using ssh must each run the command google-authenticator. This tool interatively helps you to create the file ~/.google_authenticator, which contains a shared secret and emergency passcodes. It's a terminal application, but it does still display a QR code for quick loading of the shared secret into your two factor device (in my case, this is the Google Authenticator app on my Android smartphone).

Edit /etc/ssh/sshd_config. Set:

ChallengeResponseAuthentication yes
PasswordAuthentication no
AuthenticationMethods publickey,keyboard-interactive

In case you have changed them in the past, you should also check the following two settings (these are both defaults on Ubuntu):

UsePAM yes
PubkeyAuthentication yes

Run sudo service ssh reload to pick up your changes to /etc/ssh/sshd_config.

Edit /etc/pam.d/sshd and replace the line:

@include common-auth

with:

auth required pam_google_authenticator.so

That's it! Now ssh logins will require a key, and after your key is verified will additionally require proof that you hold your second factor device.

---

欢迎来到stackoverflow。请不要发布链接作为您的答案，因为链接会随着时间的推移而消失。从文章中获取相关信息，并将其贴在这里并进行解释。我已将相关信息填入答案中！链接中有更多与具体问题无关的深入信息。