我通过SSH远程运行CentOS 6.5机器。 我使用RSA密钥并禁用了密码validation。 我遇到的问题是,每当我添加一个新用户,并希望他/她通过SSHlogin,他们被拒绝访问。
起初这似乎是一个简单的问题。 这些是我已经尝试过的:
以下是我在sshd_config设置的内容:
PermitRootLogin no AllowUsers keving moman muser
这就是我的日志告诉我的:
Login attempted when not in AllowUsers list: muser : 3 Time(s) root : 127 Time(s)
为什么SSH不允许login,而AllowUsers列表明显列出muser? 有另一个地方可以设置?
更新:我试图login到我的机器上的帐户后,我的pub文件密钥添加到用户的authorized_keys文件与详细标志-v 。 这些是结果(出于安全原因,使用假的IP和服务器主机密钥):
$ ssh -v [email protected] OpenSSH_6.6.1, OpenSSL 1.0.1i 6 Aug 2014 debug1: Reading configuration data /c/Users/[user]/.ssh/config debug1: Connecting to 111.111.111.111 [111.111.111.111] port 22. debug1: Connection established. debug1: identity file /c/Users/[user]/.ssh/id_rsa type 1 debug1: identity file /c/Users/[user]/.ssh/id_rsa-cert type -1 debug1: identity file /c/Users/[user]/.ssh/id_dsa type -1 debug1: identity file /c/Users/[user]/.ssh/id_dsa-cert type -1 debug1: identity file /c/Users/[user]/.ssh/id_ecdsa type -1 debug1: identity file /c/Users/[user]/.ssh/id_ecdsa-cert type -1 debug1: identity file /c/Users/[user]/.ssh/id_ed25519 type -1 debug1: identity file /c/Users/[user]/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA [censored] debug1: Host '111.111.111.111' is known and matches the RSA host key. debug1: Found key in /c/Users/[user]/.ssh/known_hosts:4 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: Next authentication method: publickey debug1: Offering RSA public key: /c/Users/[user]/.ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: Trying private key: /c/Users/[user]/.ssh/id_dsa debug1: Trying private key: /c/Users/[user]/.ssh/id_ecdsa debug1: Trying private key: /c/Users/[user]/.ssh/id_ed25519 debug1: No more authentication methods to try. Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
正如在我的问题的意见中推断,我检查了/ var / log / security,果然在homedir / .ssh / authorized_keys树上有一个错误的权限条目。
完成这些编辑之后,我可以通过ssh使用RSA密钥login到用户的帐户:
$ chmod gw /home/your_user $ chmod 700 /home/your_user/.ssh $ chmod 600 /home/your_user/.ssh/authorized_keys
参考: http : //www.daveperrett.com/articles/2010/09/14/ssh-authentication-refused/
调整这些权限后,我就可以login了。有趣的是,我注意到我的.ssh目录和authkey文件已经分别设置为700和600。 由于某种原因,homedir没有正确设置。
感谢所有帮助评论的人。
/etc/ssh/sshd_config将您的用户组添加到AllowGroups 。 service sshd restart