Ssh
ssh-copy-id 成功,但還是提示輸入密碼
- 我以前
ssh-copy-id root@c199成功過。- 我可以在
ssh root@c199沒有密碼提示的情況下登錄- 我想由另一個使用者自動登錄
ufo(遠端機器有這個使用者)ssh-copy-id ufo@c199問我輸入密碼,/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys ufo@c199's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'ufo@c199'" and check to make sure that only the key(s) you wanted were added.
- 但是通過
ssh ufo@c199仍然提示輸入密碼登錄。我嘗試通過 ssh 在 msys2(在 Windows 上)上登錄遠端 centos,我發現有很多相同的行,例如
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCs7RTfvn83Rxdmvgfh+F4kUlM5FzIUb9rRHaqq11xKIW1gztn/+G4tr+OWl4o6GTW2Z361hIi ugy8DPtMATN66nTTDUYO0sSvw2BrQfDY4iIENdLpkkHO8KQVGpQE+8tDkaZfD6EQLVtl0uvDE3D77tfcnBLODXgZPQsUSlssMi+pxDbSVjjKgrP hM1G/L9OTrEHKWDhF+ZBgY1RuLl7ZEdoATbhJaK4FFb9hNn/2CSibVfLts8HJGYQXIQRX/RBzaDZp47sKZvq302ewkkVorNY+c9mmoze6mi8Ip2 zEQOMi6S9zM/yRiD0XZrbmzYfNkoXA03WTmMR/DynVvX2nV /c/Users/xxxx/.ssh/id_rsa以美分為
/home/ufo/.ssh/authorized_keys單位我已將 .ssh 使用者的文件夾權限更改為 700 並將 authorized_keys 文件更改為 644 。
相同的ssh密鑰,無提示
ssh root@c199登錄,但ssh ufo@c199提示輸入密碼..更新
ssh ufo@c199 -vv輸出:.... debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zmCg5vHhBAMd5P4ei82+KsVg072KXbC63C44P0w3zbU debug1: Host 'c199' is known and matches the ECDSA host key. debug1: Found key in /c/Users/xxxxx/.ssh/known_hosts:35 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug2: key: /c/Users/xxxxx/.ssh/id_rsa (0x60006bec0), agent debug2: key: /c/Users/xxxxx/.ssh/id_dsa (0x0) debug2: key: /c/Users/xxxxx/.ssh/id_ecdsa (0x0) debug2: key: /c/Users/xxxxx/.ssh/id_ed25519 (0x0) debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /c/Users/xxxxx/.ssh/id_rsa debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Trying private key: /c/Users/xxxxx/.ssh/id_dsa debug1: Trying private key: /c/Users/xxxxx/.ssh/id_ecdsa debug1: Trying private key: /c/Users/xxxxx/.ssh/id_ed25519 debug2: we did not send a packet, disable method debug1: Next authentication method: password
感謝https://unix.stackexchange.com/a/55481/106419,它告訴我如何調試 ssh。
啟用 ssh 調試以查看發生了什麼
systemctl stop sshd /usr/sbin/sshd -d -p 22我發現:
Authentication refused: bad ownership or modes for directory /home/ufo所有人只說:
/home/ufo/.ssh所有權正確 700/home/ufo/.ssh/authorized_keys所有權正確 600/644但是 sshd 仍然檢查使用者主文件夾!!!沒有人提到這個!
sudo chmod 700 /home/ufo解決這個問題。概括:
您需要確保:
/home/ufo所有權為 700/home/ufo/.ssh所有權為 700/home/ufo/.ssh/authorized_keys所有權為 600將 ufo 更改為您的主文件夾名稱