与普通用户的公钥ssh错误

我知道ssh问题已经在这里讨论之前还没有投下这个问题，请阅读。 🙂

我在CentOS 6下有两台新安装的几乎相同的服务器。它们用于DRBD / HA环境。 他们两个的所有设置AFAIK都是一样的。 其中大部分是用rsync复制的。

我可以以root用户身份login，两个服务器都可以接受我的密钥。 但是我只能以普通用户的身份login（ master1 ）。

一些更多的信息。

• 为什么不能通过SSHlogin到服务器？
• 如何断开用户与存储在NAS上的文件的连接？
• sshfs automount和启用密码的ssh密钥和ssh-agent在ubuntu中
• linux ubuntu 10.04 LTS x64 openssh sftpconfiguration
• 通过SSH进行系统日志的其他安全措施

用户 ：用户主目录和他的.ssh的权限是700.文件：authorized_keys，id_dsa，id_rsa是600.两个机器（rsynced）上的/ HOME的整体结构完全相同。

configuration ：GSSAPI，Kerberos和PAM被禁用。 两台机器上的sshd_config和ssh_config文件完全相同（rsynced）。 对于/ etc / hosts ， / etc / passwd ， / etc / group ， / etc / shadow ，networking设置（IP和MAC除外），运行服务（除了在master2上没有运行的心跳信号 除外 ）也是如此。 ..

尝试login为从master1到master2的用户xxxx，如下所示：

ssh -v master2 OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to master2 [XXX.XXX.XX.2] port 22. debug1: Connection established. debug1: identity file /home/xxxx/.ssh/identity type -1 debug1: identity file /home/xxxx/.ssh/id_rsa type 1 debug1: identity file /home/xxxx/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'master2' is known and matches the RSA host key. debug1: Found key in /home/xxxx/.ssh/known_hosts:2 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /home/xxxx/.ssh/identity debug1: Offering public key: /home/xxxx/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Offering public key: /home/xxxx/.ssh/id_dsa debug1: Authentications that can continue: publickey,password debug1: Next authentication method: password xxxx@master2's password: 

现在来了乐趣：

我已经在debugging/非分叉模式（在temp_sshd我已经改变端口为12345）开始sshd：

 cp /etc/ssh/sshd_config ~/temp_sshd_config vi ~/temp_sshd_config /usr/sbin/sshd -f ~/temp_sshd_config -dd 

与普通用户使用public-key时相比，loggin：

 ssh -v -p 12345 master2 OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to master2 [XXX.XXX.XX.2] port 12345. debug1: Connection established. debug1: identity file /home/xxxx/.ssh/identity type -1 debug1: identity file /home/xxxx/.ssh/id_rsa type 1 debug1: identity file /home/xxxx/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: checking without port identifier debug1: Host 'master2' is known and matches the RSA host key. debug1: Found key in /home/xxxx/.ssh/known_hosts:2 debug1: found matching key w/out port debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /home/xxxx/.ssh/identity debug1: Offering public key: /home/xxxx/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 Last login: Wed Feb 29 15:06:25 2012 from master1 

因为我想在sshd中设置PasswordAuthentication NO ，所以我需要运行公共密钥login。

任何帮助最受欢迎。