我正在尝试使用密钥设置ssh访问权限 – 我已将公钥添加到服务器上的.ssh目录中。 我也重新启动了服务器上的ssh服务。 当我从本地计算机login到服务器时,出现拒绝的消息(以下复制 – 使用v标志)。 我从问题中取代了用户名和IP地址。 任何想法,我可能做错了什么?
ssh -v [email protected] OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22. debug1: Connection established. debug1: identity file /home/user/.ssh/id_rsa type 1 debug1: identity file /home/user/.ssh/id_rsa-cert type -1 debug1: identity file /home/user/.ssh/id_dsa type -1 debug1: identity file /home/user/.ssh/id_dsa-cert type -1 debug1: identity file /home/user/.ssh/id_ecdsa type -1 debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/user/.ssh/id_ed25519 type -1 debug1: identity file /home/user/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 pat OpenSSH_6.6.1* compat 0x04000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr [email protected] none debug1: kex: client->server aes128-ctr [email protected] none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA dd:e7:a3:31:60:21:c5:90:24:b5:11:65:43:d8:cd:a0 debug1: Host 'xxx.xxx.xxx.xxx' is known and matches the ECDSA host key. debug1: Found key in /home/user/.ssh/known_hosts:1 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/user/.ssh/id_rsa debug1: Authentications that can continue: publickey debug1: Trying private key: /home/user/.ssh/id_dsa debug1: Trying private key: /home/user/.ssh/id_ecdsa debug1: Trying private key: /home/user/.ssh/id_ed25519 debug1: No more authentication methods to try. Permission denied (publickey).
确保.ssh目录和authorized_keys的权限是正确的,如在.ssh中的0700和〜/ .ssh / authorized_keys中的0600。 如果没有,首先解决这个问题。
确保在您的服务器上启用了密钥validation,但是这应该是默认情况下,请检查您的sshd_config进行确认。
检查你的服务器上的日志文件,RedHat / Fedora和大多数Linux发行版,你可以在/ var / log / secure
您不需要重新启动sshd守护程序,让他知道您新添加的密钥。
最好使用ssh-copy-id将密钥复制到服务器。
看到这里,它是特定于Ubuntu的,但是正如我们正在谈论的OpenSSH它无论如何工作:
在我的情况下,我不得不将我创build的id_rsa文件(私钥)复制到ssh进程查找的id_dsa文件(以前未创build)。 使用ssh -v命令帮助我弄清楚了这一点。