我有一些问题login到一台服务器通过密钥SSH
这是客户端输出:ssh'[email protected]'-p 2201 -v
OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to pdwhost [107.191.34.35] port 2201. debug1: Connection established. debug1: identity file /home/importer/.ssh/id_rsa type -1 debug1: identity file /home/importer/.ssh/id_rsa-cert type -1 debug1: identity file /home/importer/.ssh/id_dsa type 2 debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 debug1: identity file /home/importer/.ssh/id_dsa-cert type -1 debug1: identity file /home/importer/.ssh/id_ecdsa type -1 debug1: identity file /home/importer/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2 debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA cd:23:7f:17:0c:a3:97:37:71:97:ba:d0:0d:d6:7f:43 debug1: Host '[pdwhost]:2201' is known and matches the ECDSA host key. debug1: Found key in /home/importer/.ssh/known_hosts:4 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/importer/.ssh/id_rsa debug1: Offering DSA public key: /home/importer/.ssh/id_dsa debug1: Authentications that can continue: publickey debug1: Trying private key: /home/importer/.ssh/id_ecdsa debug1: No more authentication methods to try. Permission denied (publickey). 这是服务器上的输出(当我用-debug开始)
/ usr / sbin / sshd -d -p 22
debug1: sshd version OpenSSH_6.0p1 Debian-4+deb7u2 debug1: read PEM private key done: type RSA debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: private host key: #0 type 1 RSA debug1: read PEM private key done: type DSA debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 debug1: private host key: #1 type 2 DSA debug1: read PEM private key done: type ECDSA debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256 debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256 debug1: private host key: #2 type 3 ECDSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-d' debug1: rexec_argv[2]='-p' debug1: rexec_argv[3]='22' Set /proc/self/oom_score_adj from 0 to -1000 debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Server will not fork when running in debugging mode. debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 Connection from 144.76.186.42 port 58956 debug1: Client protocol version 2.0; client software version OpenSSH_6.0p1 Debian-4 debug1: match: OpenSSH_6.0p1 Debian-4 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2 debug1: permanently_set_uid: 103/65534 [preauth] debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug1: kex: client->server aes128-ctr hmac-md5 none [preauth] debug1: kex: server->client aes128-ctr hmac-md5 none [preauth] debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug1: KEX done [preauth] debug1: userauth-request for user importer service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] debug1: PAM: initializing for "importer" debug1: PAM: setting PAM_RHOST to "static.42.clients.your-server.de" debug1: PAM: setting PAM_TTY to "ssh" debug1: userauth-request for user importer service ssh-connection method publickey [preauth] debug1: attempt 1 failures 0 [preauth] debug1: test whether pkalg/pkblob are acceptable [preauth] debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /home/importer/.ssh/authorized_keys debug1: fd 4 clearing O_NONBLOCK debug1: restore_uid: 0/0 Failed publickey for importer from 144.XXX port 58956 ssh2 Connection closed by 144.XXX [preauth] debug1: do_cleanup [preauth] debug1: do_cleanup debug1: PAM: cleanup debug1: Killing privsep child 17937
不知道这里发生了什么事情,当客户端尝试login时,SSHD会自杀。 它是一个OpenVZ容器中的Debian 7(主机也是Debian 7)
通过密码SSHlogin工作正常,我只是为了testing密钥login被禁用它,它总是要求input密码,当试图进行密钥login(因为密钥没有工作)。
我将%HOME%设置为700,.ssh也设置为700,文件内部为500
我用ssh-copy-id复制密钥(并且再次执行)。 我使用的密钥有点旧了,所以我没有为这个SSH客户端创build它们。 我无法findauthorized_keys中的任何错误
这个来自sshd_config
RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys
仍然失败的公钥。
顺便说一句。 同时我试图从另一个客户端访问同一台服务器:ssh-keygen -t rsa ssh-id-copy ssh ..
它的工作,所以它必须是在客户端上面的东西
首先检查基本知识:
你的.ssh / authorized_keys的内容是正确的? 公钥没有额外的换行符?
该文件的权限是否正确? sshd对此非常严格:你应该看到很多600甚至400(只读的根目录)。 引用你的日志:
debug1: trying public key file /home/importer/.ssh/authorized_keys debug1: fd 4 clearing O_NONBLOCK debug1: restore_uid: 0/0 Failed publickey for importer from 144.XXX port 58956 ssh2