我不小心擦除了本地机器中的私钥和公钥。
所以我用创建了一个新的配对
ssh-keygen -t rsa
并将id_rsa.pub的内容复制到服务器上的authorized_keys中(我可以以root身份登录,并且可以在authorized_key文件中看到root公钥)。
然而,我不断得到拒绝许可。我已经检查了~/.ssh和授权密钥权限(分别设置为700和600)。
有什么想法吗?
谢谢!
当我尝试从本地机器连接时,这里有日志输出:
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[16635]: debug1: Forked child 27356.
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: Set /proc/self/oom_score_adj to 0
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: inetd sockets after dupping: 3, 3
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: Connection from 50.67.165.140 port 60112
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: Client protocol version 2.0; client software version OpenSSH_5.9p1 Debian-5ubuntu1.1
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH*
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: Enabling compatibility mode for protocol 2.0
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: permanently_set_uid: 105/65534 [preauth]
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: SSH2_MSG_KEXINIT received [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: kex: client->server aes128-ctr hmac-md5 none [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: kex: server->client aes128-ctr hmac-md5 none [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: KEX done [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: userauth-request for user capistrano service ssh-connection method none [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: attempt 0 failures 0 [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: PAM: initializing for "capistrano"
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: PAM: setting PAM_RHOST to "s0106c8fb26427cda.vc.shawcable.net"
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: PAM: setting PAM_TTY to "ssh"
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: userauth-request for user capistrano service ssh-connection method publickey [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: attempt 1 failures 0 [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: test whether pkalg/pkblob are acceptable [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: temporarily_use_uid: 1001/1001 (e=0/0)
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: trying public key file /home/capistrano/.ssh/authorized_keys
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: fd 4 clearing O_NONBLOCK
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: restore_uid: 0/0
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: Failed publickey for capistrano from <ip> port 60112 ssh2
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: Connection closed by <ip> [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: do_cleanup [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: monitor_read_log: child log fd closed
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: do_cleanup
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: PAM: cleanup
删除工作站的known_hosts条目,然后重试。我使用644作为authorized_keys。
涉及哪些用户和路径?在标准的openssh设置中,远程用户的$HOME/.ssh目录(ssh正在登录的目录)是authorized_keys文件的正确位置。但是,也可以将文件放在其他位置。
此外,请检查文件所有权。authorized_keys文件必须由登录的用户所有。
检查/var/log/messages或/var/log/secure(尝试失败后的"ls-ltr/var/log"可能有助于找出正确的日志文件)可能会给出具体信息。
如果所有其他操作都失败了,您可以对sshd进程进行跟踪,以查看它们正在读取哪些文件。这不是一件小事,但它确实触及了服务器操作的核心。
对我有效的是:
chmod 750 /home/user
chmod 700 /home/user/.ssh
chmod 644 /home/user/.ssh/authorized_keys
如果这对你不起作用,试试:
chmod 755 /home/user
好吧,我想好了。。。问题是我正在将公钥添加到另一个用户目录上的authorized_keys文件中S.无论如何都要感谢