ssh 和authorized_keys 有问题 [英] Having trouble with ssh and authorized_keys
问题描述
我从 server1 ssh-ing 到 server2.我生成了 id_rsa &id_rsa.pub 文件.如果我 ssh 到 mike@server2 它工作正常,但是 ssh 到 john@server2 没有密码就不能工作.迈克和john 主目录包含.ssh",即 chmod 700,该文件夹包含authorized_keys",其中仅包含先前生成的 id_rsa.pub 文件的内容(并且是 chmod 600).两者的内容相同.
I am ssh-ing from server1 to server2. I generated the id_rsa & id_rsa.pub files. If I ssh to mike@server2 it works fine, but ssh to john@server2 does not work without password. Both mike & john home directories contain ".ssh" which is chmod 700 and that folder contains "authorized_keys" containing only the contents of the id_rsa.pub file generated previously (and is chmod 600). Contents of both are the same.
服务器 1:Linux x86_64 x86_64 x86_64 GNU/Linux
Server 1: Linux x86_64 x86_64 x86_64 GNU/Linux
服务器 2:AIX 5.3.0.0 64 位
Server 2: AIX 5.3.0.0 64-bit
命令 1,用户 Mike(无需密码即可使用):ssh -v -n -o StrictHostKeychecking=no -o NumberOfPasswordPrompts=0 mike@server2 echo Hello
Command 1, User Mike (works with no password):
ssh -v -n -o StrictHostKeychecking=no -o NumberOfPasswordPrompts=0 mike@server2 echo Hello
~ drwx------ 7 迈克迈克 4096 2011 年 1 月 19 日.
~/.ssh drwx------ 2 Mike Mike 256 Nov 28 16:39 .ssh
~/.ssh/authorized_keys -rw------- 1 mike mike 823 Apr 06 11:56 .ssh/authorized_keys
~/.ssh/authorized_keys -rw------- 1 mike mike 823 Apr 06 11:56 .ssh/authorized_keys
命令 2,用户 John(需要密码)ssh -v -n -o StrictHostKeychecking=no -o NumberOfPasswordPrompts=0 john@server2 echo Hello
Command 2, User John (needs a password)
ssh -v -n -o StrictHostKeychecking=no -o NumberOfPasswordPrompts=0 john@server2 echo Hello
~ drwx------ 12 john jgroup 4096 Apr 06 23:13 .
~/.ssh drwx------ 2 john jgroup 256 Apr 06 23:56 .ssh
~/.ssh/authorized_keys -rw------- 1 john jgroup 414 Apr 06 11:55 .ssh/authorized_keys
~/.ssh/authorized_keys -rw------- 1 john jgroup 414 Apr 06 11:55 .ssh/authorized_keys
ssh -v 以上命令 2 的输出:
ssh -v output from above Command 2:
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server2 [X.X.X.X] port 22.
debug1: Connection established.
debug1: identity file /home/will/.ssh/identity type -1
debug1: identity file /home/will/.ssh/id_rsa type 1
debug1: identity file /home/will/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.0
debug1: match: OpenSSH_5.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server2' is known and matches the RSA host key.
debug1: Found key in /home/will/.ssh/known_hosts:838
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
This network/computer system is for the use of authori...
.........................................................
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/will/.ssh/identity
debug1: Offering public key: /home/will/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/will/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Next authentication method: password
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).
有谁知道为什么它适用于一个用户而不适用于另一个用户(两者都在同一台服务器上)?
Anyone have ideas of why it would work with one user and not another (with both being on the same server)?
推荐答案
使用密钥进行身份验证失败的常见原因:
Common causes of failure to authenticate with keys:
- ~/.ssh 上的权限或所有权设置不正确(我看到您已经检查了这些)
- 公钥已损坏
- 公钥用于与私钥不同的密钥
还要检查服务器的auth.log.
这篇关于ssh 和authorized_keys 有问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
