我正在尝试设置对自己本地机器的ssh访问。
我已经使用ssh-keygen创建了id_rsa密钥。我在.ssh中将id_rsa.pub添加到authroized_keys中/我确保authorized_keys的权限为640我在sshd_config&重新启动ssh
RSA身份验证是
PubkeyAuthentication是
AuthorizedKeysFile%u/.ssh/authorized_keys
但是,我无法登录ssh。
我收到的错误如下
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /home/rahul/.ssh/known_hosts:6
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug2: key: /home/rahul/.ssh/id_rsa (0x7fa12de58e70),
debug2: key: /home/rahul/.ssh/gitHubKey ((nil)), explicit
debug2: key: /home/rahul/.ssh/id_rsa_buhlServer (0x7fa12de59060), explicit
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/rahul/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/rahul/.ssh/gitHubKey
no such identity: /home/rahul/.ssh/gitHubKey: No such file or directory
debug1: Offering RSA public key: /home/rahul/.ssh/id_rsa_buhlServer
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
您看到auth.log(或system.log、secure.log等opensshd写入日志的地方)了吗?问题可能是.ssh/authorized_keys必须有600而不是640。
示例:https://help.ubuntu.com/community/SSH/OpenSSH/Keys
chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
希望能有所帮助。
编辑:
我们将卸载openssh服务器并清除配置文件:
(root)# apt-get remove --purge openssh-server
现在我们将使用默认设置再次安装:
(root)# apt-get install openssh-server
现在我们将生成我们的私钥/公钥:
(rahul)$ ssh-keygen
现在我们将在本地用户中复制密钥,您需要编写密码。
(rahul)$ ssh-copy-id rahul@localhost
现在尝试连接:
(rahul)$ ssh rahul@localhost
现在它可能会起作用。
为了能够在没有密码的情况下使用ssh localhost
,这5行应该涵盖所有基础。在Ubuntu上测试。
mkdir -p ~/.ssh/
ssh-keygen -q -f ~/.ssh/id_ed25519 -N '' -t ed25519
cat ~/.ssh/id_ed25519.pub >>~/.ssh/authorized_keys
echo "* $(cat /etc/ssh/ssh_host_ecdsa_key.pub)" >>~/.ssh/known_hosts
chmod go-w ~ ~/.ssh; chmod ugo-x,go-w ~/.ssh/authorized_keys
逐行解释:
- 如果
.ssh
目录还不存在,则创建该目录 - 如果还不存在,请创建新的私钥/公钥对
- 将新的公钥添加到我们的
authorized_keys
文件中,即允许我们在没有密码的情况下登录 - 将计算机的公共主机密钥添加到我们的
known_hosts
;这是我们认可和信任的计算机列表 - 以
ssh
命令的方式限制对敏感ssh文件的权限