Fatal编程技术网
  • linux/
  • Linux ssh无密码登录不';不行?

Linux ssh无密码登录不';不行?

linux ssh

Linux ssh无密码登录不';不行?,linux,ssh,Linux,Ssh,接下来,我从.ssh/id_rsa.pub复制内容并将其存储在远程计算机中 bharathi-1397@bharathi-1397:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/local/bharathi-1397/.ssh/id_rsa): /home/local/bharathi-1397/.ssh/id_rsa already exist

接下来,我从.ssh/id_rsa.pub复制内容并将其存储在远程计算机中

bharathi-1397@bharathi-1397:~$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/local/bharathi-1397/.ssh/id_rsa): 
/home/local/bharathi-1397/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/local/bharathi-1397/.ssh/id_rsa.
Your public key has been saved in /home/local/bharathi-1397/.ssh/id_rsa.pub.
The key fingerprint is:
de:e3:e5:f6:a3:8e:83:76:f0:7d:d6:e1:b3:d6:cc:93 bharathi-1397@bharathi-1397
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|                 |
|        S        |
|       ...     . |
|        .+o.. .++|
|        o.+=o +E=|
|       . .o++=oo+|
+-----------------+
将复制的内容粘贴到授权密钥中,但下次我尝试登录时,它会询问密码为什么? ssh bharathikannan。r@172.20.2.7 巴拉提坎南。r@172.20.2.7的密码:

为什么要问密码。我正确地遵循了步骤。我不知道为什么要问密码

 bharathikannan.r@172.20.2.7:~$ mkdir .ssh
 bharathikannan.r@172.20.2.7:~$ vi authorized_keys

ssh-v bharathikannan。r@172.20.2.7
OpenSSH_5.8p1 Debian-7ubuntu1,OpenSSL 1.0.0e 2011年9月6日
debug1:读取配置数据/etc/ssh/ssh\u config
debug1:将选项应用于*
debug1:连接到integ-build3[192.168.5.173]端口22。
debug1:已建立连接。
debug1:identity file/home/local/bharathi-1397/.ssh/id\u rsa type 1
debug1:检查黑名单文件/usr/share/ssh/blacklist.RSA-2048
debug1:正在检查黑名单文件/etc/ssh/blacklist.RSA-2048
debug1:identity file/home/local/bharathi-1397/.ssh/id_rsa-cert type-1
debug1:identity file/home/local/bharathi-1397/.ssh/id_dsa type-1
debug1:identity file/home/local/bharathi-1397/.ssh/id_dsa-cert type-1
debug1:identity file/home/local/bharathi-1397/.ssh/id_ecdsa type-1
debug1:identity file/home/local/bharathi-1397/.ssh/id_ecdsa-cert type-1
debug1:远程协议版本2.0,远程软件版本OpenSSH_4.3
debug1:匹配:OpenSSH_4.3 pat OpenSSH_4*
debug1:启用协议2.0的兼容模式
debug1:本地版本字符串SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
debug1:SSH2\u MSG\u KEXINIT已发送
debug1:SSH2\u MSG\u KEXINIT已收到
debug1:kex:server->client aes128 ctr hmac-md5无
debug1:kex:客户端->服务器aes128 ctr hmac-md5无

debug1:SSH2_MSG_KEX_DH_GEX_请求(1024它请求密码,因为您没有告诉客户端计算机要使用什么密钥

您可以通过以下两种方式之一执行此操作:

1) 将终端插入远程计算机时,请使用以下命令:


ssh -v bharathikannan.r@172.20.2.7
OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to integ-build3 [192.168.5.173] port 22.
debug1: Connection established.
debug1: identity file /home/local/bharathi-1397/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/local/bharathi-1397/.ssh/id_rsa-cert type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_dsa type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_dsa-cert type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_ecdsa type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 66:3e:67:25:65:22:f0:70:3d:e3:ce:3b:14:49:7e:76
debug1: Host '172.20.2.7' is known and matches the RSA host key.
debug1: Found key in /home/local/bharathi-1397/.ssh/known_hosts:5
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/local/bharathi-1397/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/local/bharathi-1397/.ssh/id_dsa
debug1: Trying private key: /home/local/bharathi-1397/.ssh/id_ecdsa
debug1: Next authentication method: password
bharathikannan.r@172.20.2.7's password: 



ssh-i/path/to/your/privatekeyuser@host

2) 在客户端计算机上创建文件
~/.ssh/config
,并插入以下内容:


ssh -v bharathikannan.r@172.20.2.7
OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to integ-build3 [192.168.5.173] port 22.
debug1: Connection established.
debug1: identity file /home/local/bharathi-1397/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/local/bharathi-1397/.ssh/id_rsa-cert type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_dsa type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_dsa-cert type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_ecdsa type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 66:3e:67:25:65:22:f0:70:3d:e3:ce:3b:14:49:7e:76
debug1: Host '172.20.2.7' is known and matches the RSA host key.
debug1: Found key in /home/local/bharathi-1397/.ssh/known_hosts:5
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/local/bharathi-1397/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/local/bharathi-1397/.ssh/id_dsa
debug1: Trying private key: /home/local/bharathi-1397/.ssh/id_ecdsa
debug1: Next authentication method: password
bharathikannan.r@172.20.2.7's password: 



如果您想要使用多个不同的键,那么方法1非常好。每次连接到给定主机时,方法2都会自动执行。
它要求输入密码,因为您没有告诉客户端计算机要使用什么密钥

您可以通过以下两种方式之一执行此操作:

1) 将终端插入远程计算机时,请使用以下命令:


ssh -v bharathikannan.r@172.20.2.7
OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to integ-build3 [192.168.5.173] port 22.
debug1: Connection established.
debug1: identity file /home/local/bharathi-1397/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/local/bharathi-1397/.ssh/id_rsa-cert type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_dsa type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_dsa-cert type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_ecdsa type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 66:3e:67:25:65:22:f0:70:3d:e3:ce:3b:14:49:7e:76
debug1: Host '172.20.2.7' is known and matches the RSA host key.
debug1: Found key in /home/local/bharathi-1397/.ssh/known_hosts:5
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/local/bharathi-1397/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/local/bharathi-1397/.ssh/id_dsa
debug1: Trying private key: /home/local/bharathi-1397/.ssh/id_ecdsa
debug1: Next authentication method: password
bharathikannan.r@172.20.2.7's password: 



ssh-i/path/to/your/privatekeyuser@host

2) 在客户端计算机上创建文件
~/.ssh/config
,并插入以下内容:


ssh -v bharathikannan.r@172.20.2.7
OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to integ-build3 [192.168.5.173] port 22.
debug1: Connection established.
debug1: identity file /home/local/bharathi-1397/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/local/bharathi-1397/.ssh/id_rsa-cert type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_dsa type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_dsa-cert type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_ecdsa type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 66:3e:67:25:65:22:f0:70:3d:e3:ce:3b:14:49:7e:76
debug1: Host '172.20.2.7' is known and matches the RSA host key.
debug1: Found key in /home/local/bharathi-1397/.ssh/known_hosts:5
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/local/bharathi-1397/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/local/bharathi-1397/.ssh/id_dsa
debug1: Trying private key: /home/local/bharathi-1397/.ssh/id_ecdsa
debug1: Next authentication method: password
bharathikannan.r@172.20.2.7's password: 



如果您想要使用多个不同的键,那么方法1非常好。方法2在每次连接到给定主机时都会自动执行。
根据您的描述,您在家中创建了.ssh目录,然后在同一目录(家中,而不是~/.ssh/)中创建了.authorized_keys文件。请确保文件在正确的位置

此外,以下命令可以轻松设置您:


Host your.hostname.tld
IdentityFile /path/to/your/privatekey



希望有帮助。
根据您的描述,您在家中创建了.ssh目录,然后在同一目录(您的家,而不是~/.ssh/)中创建了.authorized_keys文件。请确保文件在正确的位置

此外,以下命令可以轻松设置您:


Host your.hostname.tld
IdentityFile /path/to/your/privatekey



希望对您有所帮助。
两个系统上的
.ssh
目录都应该是
700


user@host:~$ ssh-copy-id user@otherhost



两个系统上的
.ssh
目录都应该是
700


user@host:~$ ssh-copy-id user@otherhost



您可能没有~/.ssh目录或没有.ssh/authorized_keys文件。请注意,在手动创建~/.ssh/authorized_keys文件时,您很容易获得一个错误的权限


drwx------ .ssh


真正的陷阱是最后一个,SELINUX(这是我偶然发现的,我总是这样做)。您始终可以尝试将其设置为permissive和/或检查audit.log


chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub  
chmod 644 ~/.ssh/authorized_keys
chmod 644 ~/.ssh/known_hosts
restorecon -R ~/.ssh


无法登录到目标计算机并使用创建完整密钥结构


# ll -Z ~/.ssh/authorized_keys
-rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 /root/.ssh/authorized_keys
# restorecon -R ~/.ssh
# ll -Z ~/.ssh/authorized_keys
-rw-r--r--. root root unconfined_u:object_r:ssh_home_t:s0 /root/.ssh/authorized_keys



您可能没有~/.ssh目录或没有.ssh/authorized_keys文件。请注意,在手动创建~/.ssh/authorized_keys文件时,您很容易获得一个错误的权限


drwx------ .ssh


真正的陷阱是最后一个,SELINUX(这是我偶然发现的,我总是这样做)。您始终可以尝试将其设置为permissive和/或检查audit.log


chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub  
chmod 644 ~/.ssh/authorized_keys
chmod 644 ~/.ssh/known_hosts
restorecon -R ~/.ssh


无法登录到目标计算机并使用创建完整密钥结构


# ll -Z ~/.ssh/authorized_keys
-rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 /root/.ssh/authorized_keys
# restorecon -R ~/.ssh
# ll -Z ~/.ssh/authorized_keys
-rw-r--r--. root root unconfined_u:object_r:ssh_home_t:s0 /root/.ssh/authorized_keys



请尝试在您正在创建的.ssh目录上执行chmod 700和/或在您的授权密钥文件上执行chmod 600,我很确定ssh不希望它是全世界可读的。@joachim我将这两台计算机中的.ssh目录的权限修改为700。我仍然面临这个问题。你能发布使用ssh-v连接的输出吗?这应该能提供更多的信息说明问题所在。@JoachimIsaksson我在帖子中发布了ssh-v输出。您的客户端计算机正在正确连接并提供密钥,远程计算机似乎正在接受公钥身份验证,但由于某种原因,在授权密钥中找不到您的密钥。正在检查我的机器上的权限,.ssh是chmod 700,授权的_密钥是chmod 600,它运行良好。将authorized_key更改为644(默认值)会产生与您相同的效果,但这可能取决于系统的ssh配置有多“偏执”。请尝试在您正在创建的.ssh目录上执行chmod 700和/或在authorized_key文件上执行chmod 600,我很确定ssh不希望它是全世界可读的。@joachim我将这两台机器中.ssh目录的权限修改为700。我仍然面临这个问题。你能发布使用ssh-v连接的输出吗?这应该能提供更多的信息说明问题所在。@JoachimIsaksson我在帖子中发布了ssh-v输出。您的客户端计算机正在正确连接并提供密钥,远程计算机似乎正在接受公钥身份验证,但由于某种原因,在授权密钥中找不到您的密钥。正在检查我的计算机上的权限,.ssh是chmod 700,