试图SSH到远程计算机,但仍然要求密码。
我有一些运行SElinux的计算机,只有其中一个使用ssh而没有密码给了我一个很难的时间。
我做了一个ssh-copy-id,我可以在.ssh / authorized_keys中看到我的密钥。
我chmod 700 .ssh和chmod 600 ./ssh/*中的所有文件
如果我做一个ssh -v这是我的输出:
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to wcmisdlin05 [10.52.208.224] port 22. debug1: Connection established. debug1: identity file /home/jsmith/.ssh/identity type -1 debug1: identity file /home/jsmith/.ssh/id_rsa type 1 debug1: identity file /home/jsmith/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'wcmisdlin05' is known and matches the RSA host key. debug1: Found key in /home/jsmith/.ssh/known_hosts:9 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_501' not found debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_501' not found debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information debug1: Next authentication method: publickey debug1: Offering public key: /home/jsmith/.ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Trying private key: /home/jsmith/.ssh/identity debug1: Trying private key: /home/jsmith/.ssh/id_dsa debug1: Next authentication method: password 有人可以告诉我为什么它不在这台远程计算机上工作吗?
在CentOS 6上,我经常遇到类似的问题,涉及ssh-copy-id和SELinux。
当ssh-copy-id创build授权的密钥文件时,它会使用适当的权限创build它,但使用错误的SELinux标签。 解决方法是使用以下命令将标签恢复到其默认策略:
restorecon -R ~/.ssh
如果可能的话,这些东西总是从服务器端更容易debugging。 如果您可以在debugging模式下在另一个端口上启动sshd,它会立即告诉您密钥为什么被拒绝(我的猜测是您的主目录是组可写的)。 例如,您可以使用/usr/sbin/sshd -d -p 2222在端口2222上以debugging模式启动sshd,然后使用ssh -p 2222 user@remotehost 。
引用了SElinux的海报在我的问题上碰到了头,我不想使用selinux,但忘记了禁用它,服务器在启动时启用了selinux。
ssh -vdebugging帮助。 关键是接受:
debug1: Found key in /var/lib/amanda/.ssh/known_hosts:19 debug1: ssh_rsa_verify: signature correct
然后我得到错误
debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_502' not found debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_502' not found debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_502' not found
我的修复是closuresselenux与setenforce 0 ,然后在/ etc / selinux中禁用。 然后SSH密码login为我工作。
我之前在RHEL5上遇到过这个问题(我不知道这是不是你正在使用的发行版),并且发现只有当我使用ssh-copy-id的时候。 尝试scp'ing密钥文件到正确的文件夹,当然重置权限
debug1:提供公钥:/home/jsmith/.ssh/id_rsa
…
debug1:尝试私钥:/home/jsmith/.ssh/id_ dsa
在我看来,私钥/公钥只是不匹配。 密钥名称告诉我们公钥是RSA密钥,私钥是DSA。
尝试生成一个新的对和scp公钥到服务器。
我build议检查./ssh和用户的主目录,密钥文件和authorized_keys文件上的权限,作为其他人,那么应该允许所有者在那里写和读如果你希望SSH密码连接工作。 这涉及到源机器和目标机器。 说实话,即使有更大的权利,有时它也可以工作,但不应该。