我正在使用公私钥访问我的服务器。 用户“彼得”我可以访问服务器正常,但与用户“GIT”我无法访问服务器。 它总是问我一个密码。 如果我把密码,我可以正常login,但我当然要用钥匙login。
我正在为两个用户使用与此处检查的相同的密钥:
peter@peter-ThinkPad:~$ ssh [email protected] Last login: Tue Jan 28 16:29:03 2014 from 192.168.0.108 [peter@git ~]$ sudo su [sudo] password for peter: [root@git peter]# diff /home/peter/.ssh/authorized_keys2 /home/git/.ssh/authorized_keys2 [root@git peter]# 权利也是正确的:
[root@git peter]# ls -al /home/git/.ssh/ -rwx------. 1 git git 412 28. Jän 15:59 authorized_keys2 [root@git peter]# ls -al /home/git/ drwx------. 2 git git 4096 28. Jän 16:05 .ssh [root@git peter]# ls -al /home/ drwx------. 9 git git 4096 28. Jän 15:32 git
用户git是一个系统用户,(uid = 497(git)gid = 497(git)Gruppen = 497(git)Kontext = unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023)但我认为没有问题有了这个。
/ etc / ssh / sshd_config看起来像这样(只是没有注释的部分):
Protocol 2 SyslogFacility AUTHPRIV PermitRootLogin no PubkeyAuthentication yes PermitEmptyPasswords no PasswordAuthentication yes GSSAPIAuthentication yes GSSAPICleanupCredentials yes UsePAM yes AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS X11Forwarding yes Subsystem sftp /usr/libexec/openssh/sftp-server
我正在使用CentOS 6.5作为我的服务器。 我的客户是Lubuntu 13.10。 服务器应该托pipe一个gitlab。 它已经安装和工作,只是SSH访问不起作用。
当我尝试login时:
peter@peter-ThinkPad:~$ ssh -v [email protected] OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to git.aerodyne [192.168.0.204] port 22. debug1: Connection established. debug1: identity file /home/peter/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/peter/.ssh/id_rsa-cert type -1 debug1: identity file /home/peter/.ssh/id_dsa type -1 debug1: identity file /home/peter/.ssh/id_dsa-cert type -1 debug1: identity file /home/peter/.ssh/id_ecdsa type -1 debug1: identity file /home/peter/.ssh/id_ecdsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH_5* debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA b7:0d:7a:f6:f7:b9:c5:89:4f:17:9f:3f:4d:4b:a2:81 debug1: Host 'git.aerodyne' is known and matches the RSA host key. debug1: Found key in /home/peter/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_1000' not found debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_1000' not found debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_1000' not found debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/peter/.ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive debug1: Trying private key: /home/peter/.ssh/id_dsa debug1: Trying private key: /home/peter/.ssh/id_ecdsa debug1: Next authentication method: keyboard-interactive Password:
编辑1:
getent passwd git
给我:
git:x:497:497:GitLab:/home/git/:/bin/bash
编辑2:
我现在看了/ var / log / messages日志文件,发现这个错误:
Jan 29 17:06:21 git kernel: type=1400 audit(1391011581.732:41): avc: denied { read } for pid=2580 comm="sshd" name="authorized_keys2" dev=sda3 ino=1005 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:default_t:s0 tclass=file
我很确定authorized_keys文件的权限应该是600。
chmod 600 /home/git/.ssh/authorized_keys2