已知的SSH服务器总是在第一个连接上询问我的密码,下面的连接使用密钥authentication

当我尝试连接到某个服务器(存在于~/.ssh/known_hosts )时,我复制了公钥,它总是询问我的密码。 如果我closures连接并再次尝试,则正确使用我的密钥。 如果我在一两个小时之后尝试再次连接,它将再次询问我的密码。

第一个连接:

 aurelien ~ > ssh -v fac OpenSSH_5.9p1, OpenSSL 1.0.0e 6 Sep 2011 debug1: Reading configuration data /home/aurelien/.ssh/config debug1: /home/aurelien/.ssh/config line 27: Applying options for fac debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to zzzzzzzz.univ-lyon1.fr [abcd] port 22. debug1: Connection established. debug1: identity file /home/aurelien/.ssh/id_rsa type 1 debug1: identity file /home/aurelien/.ssh/id_rsa-cert type -1 debug1: identity file /home/aurelien/.ssh/id_dsa type -1 debug1: identity file /home/aurelien/.ssh/id_dsa-cert type -1 debug1: identity file /home/aurelien/.ssh/id_ecdsa type -1 debug1: identity file /home/aurelien/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5 debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA 49:bb:84:f5:0b:7c:e3:be:29:9d:7b:09:1b:a0:4e:f4 debug1: Host 'zzzzzzzz.univ-lyon1.fr' is known and matches the RSA host key. debug1: Found key in /home/aurelien/.ssh/known_hosts:21 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/aurelien/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/aurelien/.ssh/id_dsa debug1: Trying private key: /home/aurelien/.ssh/id_ecdsa debug1: Next authentication method: password [email protected]'s password: debug1: Authentication succeeded (password). Authenticated to zzzzzzzz.univ-lyon1.fr ([abcd]:22). debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. Last login: Fri Dec 16 20:53:27 2011 from xxxxxx.rev.numericable.fr fac ~ $ logout debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0 logout logout debug1: channel 0: free: client-session, nchannels 1 Connection to zzzzzzzz.univ-lyon1.fr closed. Transferred: sent 2576, received 2216 bytes, in 13.5 seconds Bytes per second: sent 190.8, received 164.1 debug1: Exit status 0 

第二个连接(在第一个之后):

 aurelien ~ > ssh -v fac OpenSSH_5.9p1, OpenSSL 1.0.0e 6 Sep 2011 debug1: Reading configuration data /home/aurelien/.ssh/config debug1: /home/aurelien/.ssh/config line 27: Applying options for fac debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to zzzzzzzz.univ-lyon1.fr [abcd] port 22. debug1: Connection established. debug1: identity file /home/aurelien/.ssh/id_rsa type 1 debug1: identity file /home/aurelien/.ssh/id_rsa-cert type -1 debug1: identity file /home/aurelien/.ssh/id_dsa type -1 debug1: identity file /home/aurelien/.ssh/id_dsa-cert type -1 debug1: identity file /home/aurelien/.ssh/id_ecdsa type -1 debug1: identity file /home/aurelien/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5 debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA 49:bb:84:f5:0b:7c:e3:be:29:9d:7b:09:1b:a0:4e:f4 debug1: Host 'zzzzzzzz.univ-lyon1.fr' is known and matches the RSA host key. debug1: Found key in /home/aurelien/.ssh/known_hosts:21 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/aurelien/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). Authenticated to zzzzzzzz.univ-lyon1.fr ([abcd]:22). debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. Last login: Tue Dec 20 14:17:17 2011 from xxxxxx.rev.numericable.fr fac ~ $ logout debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0 -bash: /home/etu/a/yyyyyyy/.bash_logout: Permission denied logout debug1: channel 0: free: client-session, nchannels 1 Connection to zzzzzzzz.univ-lyon1.fr closed. Transferred: sent 3360, received 2648 bytes, in 748.5 seconds Bytes per second: sent 4.5, received 3.5 debug1: Exit status 0 

编辑 :我的私钥没有encryption(没有密码),我没有在其他服务器上的这个问题。 我在一个Linux机器上,与awesomewm和我没有使用任何代理(除了ssh代理,我猜?)。

当连接到带有AFP主目录的Mac时,我已经看到了这一点。 您的authorized_keys文件位于自动安装的主目录中,要么需要身份validation才能访问,要么需要很长时间才能进行安装。

您或者需要修复您的NFS自动安装系统,停止为主目录使用用户身份validation的文件共享系统,或者设置sshd以在您的authorized_keys的本地目录中查找。

下面是如何解决它的最后一个选项:

  1. 设置一个目录以将authorized_keys文件存储在本地磁盘上的任何位置。 /var/local/ssh可能是合适的。

  2. 为每个使用密钥login的用户创build一个目录。 让他们拥有适当的用户,不能被其他人阅读。

  3. sshd_config下行添加到系统范围的sshd_config文件中:

     AuthorizedKeysFile /var/local/ssh/%u/authorized_keys 
  4. 重新启动sshd。

一个可能的原因是你的远程主目录在login时挂载。 因此,没有~/.ssh/authorized_keys文件尚未与您的密钥进行身份validation。 在第二次login时,您的homedir仍然安装并且基于密钥的身份validation正常工作。 这意味着在退出一段时间之后,您的homedir将被卸载。

只是一个猜测,但它在这里的系统上工作。