服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 基于密钥的SSH权限被拒绝(publickey)Ubuntu 12-04
Intereting Posts
CI和WordPress使用Nginx + PHP 7.1 + MariaDB缓慢查询数据库 IEDiagcmd如何阅读 什么是一些伟大的networking图技术? pipe理第三方AWS资源 通过互联网从Linux VPS传输大文件到Windows机器 CPIO是否生成依赖平台的档案? 在较低的CPU /内存使用情况下,Linux负载较高 木偶经常从“用户”更改目录所有权到“用户” iptables:只允许FTP访问一台主机? SSD写性能和可靠性 更改每个事务基础上的ModSecurity日志logging Nginx或Apache作为Tomcat前面的Web服务器(Java应用程序)? 在Amazon AWS EC2实例上使用红帽软件集合的正确方法是什么? 在WireShark中,如何过滤结果,以便每个源只显示一行代码? 为Apache服务器上的所有域创buildrobots.txt文件,但收到权限错误

基于密钥的SSH权限被拒绝(publickey)Ubuntu 12-04

我configuration了sshd来接受DEBUG上LogLevel的基于密钥的sshlogin,并将我的公钥上传到〜/ .ssh.authorized_keys,其权限设置为:

700〜/ .ssh 600〜/ .ssh / authorized_keys

从根,我可以su – USERNAME。 从客户端我获得许可(公开)。 从服务器这是它是如何告诉我,“无法打开授权密钥'/home/USERNAME/.ssh/authorized_keys':权限被拒绝”。 

Client protocol version 2.0; client software version OpenSSH_5.2 match: OpenSSH_5.2 pat OpenSSH* Enabling compatibility mode for protocol 2.0 Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1 permanently_set_uid: 105/65534 [preauth] list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth] SSH2_MSG_KEXINIT sent [preauth] SSH2_MSG_KEXINIT received [preauth] kex: client->server aes128-ctr hmac-md5 none [preauth] kex: server->client aes128-ctr hmac-md5 none [preauth] SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth] SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth] expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth] SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth] SSH2_MSG_NEWKEYS sent [preauth] expecting SSH2_MSG_NEWKEYS [preauth] SSH2_MSG_NEWKEYS received [preauth] KEX done [preauth] userauth-request for user USERNAME service ssh-connection method none [preauth] attempt 0 failures 0 [preauth] PAM: initializing for "USERNAME" PAM: setting PAM_RHOST to "USERHOSTNAME" PAM: setting PAM_TTY to "ssh" userauth_send_banner: sent [preauth] userauth-request for user USERNAME service ssh-connection method publickey [preauth] attempt 1 failures 0 [preauth] test whether pkalg/pkblob are acceptable [preauth] Checking blacklist file /usr/share/ssh/blacklist.RSA-4096 Checking blacklist file /etc/ssh/blacklist.RSA-4096 temporarily_use_uid: 1001/1002 (e=0/0) trying public key file /home/USERNAME/.ssh/authorized_keys Could not open authorized keys '/home/USERNAME/.ssh/authorized_keys': Permission denied restore_uid: 0/0 temporarily_use_uid: 1001/1002 (e=0/0) trying public key file /home/USERNAME/.ssh/authorized_keys2 Could not open authorized keys '/home/USERNAME/.ssh/authorized_keys2': Permission denied restore_uid: 0/0 Failed publickey for USERNAME from IPADDRESS port 57523 ssh2 Connection closed by IPADDRESS [preauth] do_cleanup [preauth] monitor_read_log: child log fd closed do_cleanup PAM: cleanup 

 chown 1001:1002 /home/USERNAME/.ssh/authorized_keys

对我来说,即使在重新安装之后,/usr/NX/home/nx/.ssh/authorized_keys也被错误地命名为/usr/NX/home/nx/.ssh/authorized_keys2。 这是我如何解决它: 

 /usr/NX/home/nx/.ssh # cp authorized_keys2 authorized_keys /usr/NX/home/nx/.ssh # chown nx authorized_keys

我在http://www.linuxintro.org/wiki/Nx#The_NX_service_is_not_available上发表了博客

这不是你自己的用户访问这些文件,所以600和700是不会工作的。 另外,没有必要像这样保护它。 在authorized_keys中没有什么安全的。

您的权限是错误的: 

 chmod 755 /home/USERNAME/.ssh chmod 644 /home/USERNAME/.ssh/authorized_keys