我不能设置SSH密钥身份validationlogin,而不input密码,只使用私钥。 这是我的VPS的sshd_config文件。
# What ports, IPs and protocols we listen for Port 8707 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords PasswordAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding no X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes UseDNS no AllowUsers ashfame
我使用本地机器的.ssh文件夹中的ssh-keygen -t rsa生成密钥。 然后我复制公钥文件id_rsa.pub scp id_rsa.pub [email protected]:然后我将文件移动到我的用户的.ssh文件夹,并将其重命名为authorized_keys由mv id_rsa.pub ~ashfame/.ssh/authorized_keys
我改变了权限
chown -R ashfame:ashfame ~ashfame/.ssh chmod 700 ~ashfame/.ssh chmod 600 ~ashfame/.ssh/authorized_keys
现在公钥已经存在,其内容与本地机器上的内容相匹配,但是当我尝试login时却显示“代理承认使用密钥签名失败”。 我错过了什么?
编辑:
输出ssh -vvv
OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to xx.xxx.xx.xx [xx.xxx.xx.xx] port 8707. debug1: Connection established. debug3: Incorrect RSA1 identifier debug3: Could not load "/home/ashfame/.ssh/id_rsa" as a RSA1 public key debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/ashfame/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/ashfame/.ssh/id_rsa-cert type -1 debug1: identity file /home/ashfame/.ssh/id_dsa type -1 debug1: identity file /home/ashfame/.ssh/id_dsa-cert type -1 debug1: identity file /home/ashfame/.ssh/id_ecdsa type -1 debug1: identity file /home/ashfame/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu7 debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu3 debug2: fd 3 setting O_NONBLOCK debug3: put_host_port: [xx.xxx.xx.xx]:8707 debug3: load_hostkeys: loading entries for host "[xx.xxx.xx.xx]:8707" from file "/home/ashfame/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /home/ashfame/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: d ebug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 129/256 debug2: bits set: 517/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA d8:91:1b:8a:90:96:60:27:3b:6e:ae:fc:f2:08:84:f6 debug3: put_host_port: [xx.xxx.xx.xx]:8707 debug3: put_host_port: [xx.xxx.xx.xx]:8707 debug3: load_hostkeys: loading entries for host "[xx.xxx.xx.xx]:8707" from file "/home/ashfame/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /home/ashfame/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys debug3: load_hostkeys: loading entries for host "[xx.xxx.xx.xx]:8707" from file "/home/ashfame/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /home/ashfame/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys debug1: Host '[xx.xxx.xx.xx]:8707' is known and matches the RSA host key. debug1: Found key in /home/ashfame/.ssh/known_hosts:1 debug2: bits set: 514/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/ashfame/.ssh/id_rsa (0x7f5e60674670) debug2: key: /home/ashfame/.ssh/id_dsa ((nil)) debug2: key: /home/ashfame/.ssh/id_ecdsa ((nil)) debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/ashfame/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 279 debug2: input_userauth_pk_ok: fp 40:16:89:d5:e3:38:cc:84:7a:1e:44:d6:84:5a:87:86 debug3: sign_and_send_pubkey: RSA 40:16:89:d5:e3:38:cc:84:7a:1e:44:d6:84:5a:87:86 Agent admitted failure to sign using the key. debug1: Trying private key: /home/ashfame/.ssh/id_dsa debug3: no such identity: /home/ashfame/.ssh/id_dsa debug1: Trying private key: /home/ashfame/.ssh/id_ecdsa debug3: no such identity: /home/ashfame/.ssh/id_ecdsa debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password
Agent admitted failure to sign using the key通常是OpenSSH代表“您正在客户端运行ssh-agent并忘记ssh-add您要使用的密钥。
尝试在客户机上运行ssh-add ,看看你的错误是否消失。 您可能需要咨询ssh-add联机帮助页以传递给ssh-add其他参数,特别是如果您的私钥被命名为非标准的东西…
在ssh -vvv的问题中根据新的信息编辑:
debug3: Could not load "/home/ashfame/.ssh/id_rsa" as a RSA1 public key
看起来你的密钥文件是不正确的。 三重检查,确保有东西没有被损坏(额外/丢失的东西)。
当公共密钥不在服务器端的authorized_keys时,我也得到了相同的消息,这可能只是OpenSSH对于信息性错误消息而言是糟糕的 – 别的事情要仔细检查。
要绕过代理,请尝试以下操作:
SSH_AUTH_SOCK=0 ssh user@host
今天,当我打开我的机器,我可以login而不需要密码。 我想这只是一个暂时的故障。 否则@ voretaq7答案本来会更好的帮助。 我接受了我的回答,并提出了他的回答。