为什么会忽略authorized_keys? [英] Why is authorized_keys ignored?
问题描述
我全新安装了CentOS 6.5,我将其用作一个小型团队的开发服务器。我们有一个中央裸Git仓库,我们将通过ssh连接到。
I have a fresh install of CentOS 6.5, which I'm using as a dev server for a small team. We are having a central bare Git repository which we'll be connecting to via ssh.
我设置了一个名为 git 和一个名为 test 的用户。 测试的公钥已附加到 git 的 authorized_keys 文件。就我可以告诉的权限是正确的:
I have setup a user called git and a user called test. test's public key has been appended to git's authorized_keys file. As far as I can tell the permissions are all correct:
[test@hackdashit ~]$ ls -aZ ~/.ssh/
drwx------. test developers unconfined_u:object_r:ssh_home_t:s0 .
drwx-----x. test developers unconfined_u:object_r:user_home_dir_t:s0 ..
-rw-------. test developers unconfined_u:object_r:ssh_home_t:s0 authorized_keys
-rw-------. test developers unconfined_u:object_r:ssh_home_t:s0 config
-rw-------. test developers unconfined_u:object_r:ssh_home_t:s0 id_rsa
-rw-------. test developers unconfined_u:object_r:ssh_home_t:s0 id_rsa.pub
和在SSH目录本身:
[test@hackdashit ~]$ ls -aZ ~
drwx------. test developers unconfined_u:object_r:ssh_home_t:s0 .ssh
从远程机器连接时,键,它连接没有密码罚款。但是,当我尝试在本地连接时,我看到了:
When connecting from a remote machine, using the private key, it connects without the password fine. However when I try to connect locally, I see this:
[test@hackdashit ~]$ ssh -v hackdashit
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /home/test/.ssh/config
debug1: Applying options for hackdashit
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /home/test/.ssh/id_rsa type 1
debug1: identity file /home/test/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00.
Are you sure you want to continue connecting (yes/no)?
注意:我更改了上述RSA密钥指纹
Note: I changed the RSA key fingerprint above
这些是我的〜/ .ssh / config 文件的内容:
These are the contents of my ~/.ssh/config file:
Host hackdashit
Hostname localhost
User git
IdentityFile ~/.ssh/id_rsa
当我尝试运行Git时,也会发生同样的情况:
The same thing happens when I try to run Git:
[test@hackdashit ~]$ git clone ssh://hackdashit/repos/test.git
Initialized empty Git repository in /home/test/test/.git/
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is c3:9f:65:f0:04:39:93:82:7e:1d:57:9b:16:2f:76:59.
Are you sure you want to continue connecting (yes/no)?
任何人都可以告诉我我在哪里出错, code> $ 帐户,以便我可以通过ssh在本地或远程使用Git?
Can anyone tell me where I'm going wrong here, to get ssh connecting without passwords from the test account to the git account so I can use Git either locally or remotely via ssh?
请注意:我还阅读了此和这问题,但我不认为他们属于我,因为权限(包括SELinux)显示正确。
Note: I've also read this and this question on the matter, but I don't think they pertain to me as permissions (including SELinux) appear correct.
更新
我停止了 sshd ,然后运行 sudo / usr / sbin / sshd -d 并尝试使用〜/ .ssh / config ssh test @ localhost c $ c>文件删除,并得到以下输出:
I stopped sshd then ran sudo /usr/sbin/sshd -d and tried to connect with ssh test@localhost with the ~/.ssh/config file removed, and got the following output:
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from ::1 port 39980
debug1: Client protocol version 2.0; client software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: permanently_set_uid: 74/74
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
推荐答案
有关详细信息,您可以尝试:
For more information, you can try:
ssh -Tvvv hackdashit
另外:
sudo sshd stop
sudo ssh -Dd
,您将从ssh守护程序(sshd)的角度看到它接收的内容以及完成查询所缺少的内容(如此答案) )。
That way, you will see from the ssh daemon (sshd) point of view what it receives and what it misses to complete the query (as in this answer).
您还可以检查是否进一步:
you can also check if you go further with:
ssh -o StrictHostKeyChecking=no hackdashit
请注意,用于git的url be:
Note that the url to use for git would be:
git clone hackdashit:/repos/test.git
OP LeonardChallis 在评论中确认:
The OP LeonardChallis confirms in the comments:
StrictHostKeyChecking = no将我按正确的路线发送。
I
The
StrictHostKeyChecking=nosent my down the right route.
I ran
ssh-keyscan -t rsa localhost > /etc/ssh/ssh_known_hosts
p>
and it magically works :)
这篇关于为什么会忽略authorized_keys?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
