Ssh
SSH 無密碼 root 登錄獲得“權限被拒絕(公鑰)”。
我有兩個 Raspberry Pi(帶有 Raspbian 7 和 8)連接到同一個 LAN。一個與 APC UPS 有數據連接。在停電的情況下,兩台機器上都有幾個類似的腳本要執行。在
/etc/apcupsd/onbattery和/etc/apcupsd/offbattery(來自 UPS 附加的 Pi)中,我有類似的東西:# [...] # after the e-mail stuff # this is for the remote machine /usr/bin/ssh -f pi@piac-pal_wired "sh -c '/home/pi/bin/my_script.sh > /dev/null 2>&1'" # this is for the local machine, connected to the UPS /home/pi/bin/my_script.sh本地腳本有效,但遠端 Pi 的腳本無效(錯誤:“權限被拒絕(公鑰)。”如果以普通使用者身份執行它確實有效。同樣,如果使用
sudo, 從貝殼。所以我理解問題是 root 使用者無法使用共享密鑰方法通過 SSH 連接到另一台機器。
執行
sudo ssh命令-vv顯示提供的密鑰是/root/.ssh/id_rsa. 相應的公鑰已添加到root/.ssh/authorized_keys遠端電腦上,並且/etc/ssh/sshd_config已配置包括:RSAAuthentication yes PubkeyAuthentication yes PasswordAuthentication no PermitRootLogin without-password如果我將上面的最後兩行更改為:
PasswordAuthentication yes PermitRootLogin yesUPS 連接的 Pi 中的 root 使用者可以登錄到遠端 Pi,但該命令要求輸入密碼,當 apcupsd 腳本將無人值守執行時,這是無法完成的。
任何建議都非常受歡迎。謝謝。
ssh -vvv編輯:按照建議添加命令輸出。我認為相關部分在最後:debug3: load_hostkeys: loaded 1 keys debug1: Host '$HOSTNAME' is known and matches the ECDSA host key. debug1: Found key in /root/.ssh/known_hosts:7 debug1: ssh_ecdsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /root/.ssh/id_rsa (0x7f8c72a8) debug2: key: /root/.ssh/id_dsa ((nil)) debug2: key: /root/.ssh/id_ecdsa ((nil)) debug1: Authentications that can continue: publickey debug3: start over, passed a different list publickey debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /root/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa debug1: Trying private key: /root/.ssh/id_ecdsa debug3: no such identity: /root/.ssh/id_ecdsa debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey).
問題是 ssh 命令正在呼叫
pi使用者,而不是那個root,所以,檢查authorized_keys的是一個 in/home/pi/.ssh,而不是一個 in/root/.ssh。我需要做的就是將客戶端的根密鑰添加到伺服器的/home/pi/.ssh/authorized_keys. 就這樣。