我想从我的家用电脑(用户: antonio@antonio-home )ssh到serveruser@serverhost密钥serveruser@serverhost 。
我使用ssh-keygen -t rsa生成了rsa-key并上传到服务器,但仍然要求input密码。
如果我将在serverhost上创build用户antonio ,并将我的id_rsa.pub复制到用户antonio主目录中,则可以成功执行ssh antonio@serverhost 。 但是, ssh serveruser@serverhost不工作(id_rsa.pub serveruser home目录中)
我究竟做错了什么? 也许我应该指定用户名,而我生成rsa密钥? 就像ssh-keygen -t rsa --user serveruser ?
我用ssh-copy-id发送密钥到服务器,也试过做cat ~/.ssh/id_rsa_serveruser.pub |ssh -lserveruser <hostname or IP of server> "cat >> .ssh/authorized_keys"
服务器上的文件权限: drwx------ .ssh和-rw------- authorized_keys 。 serveruser是这个文件和dirs的所有者。
在服务器上的文件authorized_keys :
ssh-rsa AAAAB3NzaC1yc2EA....AAADAQA antonio@Antonio-Home
我可以看到,在这个文件的末尾仍然有错误的用户名: antonio@Antonio-Home 。 也许,有问题吗?
我试图设置,而不是设置密钥的密码 – 没有区别
Antonio-Home:.ssh antonio$ cat config Host serveruser Hostname <ip> User serveruser Identityfile2 ~/.ssh/id_rsa ssh -vvvv serveruser OpenSSH_6.9p1, LibreSSL 2.1.8 debug1: Reading configuration data /Users/antonio/.ssh/config debug1: /Users/antonio/.ssh/config line 1: Applying options for serveruser debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 20: Applying options for * debug1: /etc/ssh/ssh_config line 102: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to <ip> [<ip>] port 22. debug1: Connection established. debug1: identity file /Users/antonio/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /Users/antonio/.ssh/id_rsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to <ip>:22 as 'serveruser' debug3: hostkeys_foreach: reading file "/Users/antonio/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /Users/antonio/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from <ip> debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug1: kex: server->client [email protected] <implicit> none debug1: kex: client->server [email protected] <implicit> none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-rsa SHA256:ceUAVoQrX7gnlD3N4j82eaYSO15RKgNDfdL66+cdTCA debug3: hostkeys_foreach: reading file "/Users/antonio/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /Users/antonio/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from <ip> debug1: Host '<ip>' is known and matches the RSA host key. debug1: Found key in /Users/antonio/.ssh/known_hosts:1 debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /Users/antonio/.ssh/id_rsa (0x7f97e1713cb0), explicit debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/antonio/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password serveruser@<ip>'s password:
最后,我得到了解决scheme! 在服务器上,我的.ssh文件夹由用户serveruser和组root ,当我将组更改为hosting (serveruser所在的组)时。 一切开始正常工作。 谢谢大家的帮助!
您可以configuration您的SSH客户端默认情况下使用其他用户名连接到您的服务器。 在你的〜/ .ssh / config中:
Host serverhost User serveruser
这样,您可以直接连接而无需更改服务器用户。
然后在serveruser的家里确定ssh文件的权限:
chmod 0700 .ssh; chmod 0600 .ssh / authorized_keys
跑:
ssh-keygen -trsa -b2048 -f ~/.ssh/id_rsa_serveruser
然后
cat ~/.ssh/id_rsa_serveruser.pub |ssh -lserveruser <hostname or IP of server> "cat >> .ssh/authorized_keys"
提示时input您的密码。
那么在你的~/.ssh/config文件中:
Host <nickname for connection> Hostname <hostname or IP address of serverhost> User serveruser Identityfile2 ~/.ssh/id_rsa_serveruser
你应该可以使用
ssh <nickname for connection>
并且不会提示您input密码。 如果这不起作用,请确保~/.ssh/authorized_keys文件实际上在服务器上具有适当的权限
编辑
我可以看到,在这个文件的末尾仍然有错误的用户名:antonio @ Antonio-Home。 也许,有问题吗?
从ssh-keygen手册页:
For RSA1 keys, there is also a comment field in the key file that is only for convenience to the user to help identify the key. The comment can tell what the key is for, or whatever is useful. The com- ment is initialized to ``user@host'' when the key is created, but can be changed using the -c option.
我认为你在这个.pub文件末尾看到的“用户名”就是这个注释,所以这很可能不是问题。