SSH 公鑰不會發送到伺服器

我已經為此苦苦掙扎了幾個小時，因此非常感謝您的幫助…

我有 2 台伺服器，我可以ssh使用 OSX 的公鑰訪問這兩個伺服器，完全沒有問題，所以我確定一切都很好sshd_config。

我正在嘗試配置一個 cron 作業rsync以同步兩台伺服器，並需要伺服器 B（備份）ssh使用公鑰進入伺服器 A。

我一生都無法弄清楚為什麼它找不到我的公鑰-它們在~/.ssh/（即。/root/.ssh）中，並且所有文件權限在 A 和 B 上都是正確的。

這是輸出：

debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

另請注意，它正在尋找不存在的私鑰……

drwx------. 2 root root 4096 May 25 10:15 .
dr-xr-x---. 4 root root 4096 May 24 18:52 ..
-rw-------. 1 root root  403 May 25 01:37 authorized_keys
-rw-------. 1 root root    0 May 25 01:41 config
-rw-------. 1 root root 1675 May 25 02:35 id_rsa_tm1
-rw-------. 1 root root  405 May 25 02:35 id_rsa_tm1.pub
-rw-------. 1 root root  395 May 25 02:36 known_hosts

查看您的 ssh 手冊頁：

  -i identity_file
         Selects a file from which the identity (private key) for public
         key authentication is read.  The default is ~/.ssh/identity for
         protocol   version   1,   and  ~/.ssh/id_dsa,  ~/.ssh/id_ecdsa,
         ~/.ssh/id_ed25519 and ~/.ssh/id_rsa  for  protocol  version  2.
         Identity files may also be specified on a per-host basis in the
         configuration file.  It is possible to have multiple -i options
         (and  multiple  identities  specified  in configuration files).

或 ssh_config 手冊頁：

  IdentityFile
         Specifies a file from which the user's DSA, ECDSA,  ED25519  or
         RSA   authentication   identity   is   read.   The  default  is
         ~/.ssh/identity for  protocol  version  1,  and  ~/.ssh/id_dsa,
         ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for proto‐
         col version 2.  Additionally, any identities represented by the
         authentication  agent  will  be  used for authentication unless
         IdentitiesOnly is set.

您會看到，如果您不指定密鑰，則會嘗試一些特殊的文件名。這些也是您在日誌輸出中看到的文件。

要在具有不同名稱的文件中使用密鑰，您有三個選項：

• 使用上述-i選項明確指定文件。
• 使用上述IdentityFile選項在客戶端配置中配置文件。
• 使用 . 將密鑰添加到您的代理ssh-add。

對於互動式會話，代理是最靈活的。對於您的 cron 作業，該-i選項可能是最簡單的選項。

目標主機上的格式錯誤的 authorized_keys 文件是 ssh 輸出“我們沒有發送數據包”消息並要求輸入密碼而不是使用 pubkey auth 的另一個原因：-

debug1: Next authentication method: publickey
debug1: Offering RSA public key: ~/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method

在這種特殊情況下的問題是，已粘貼到.ssh/authorized_keys目標主機的公鑰數據失去了它的第一個字元：-

sh-rsa AAAA...

解決方案只是添加缺少的“s”。

ssh-rsa AAAA...

所以：-

debug1: Next authentication method: publickey
debug1: Offering RSA public key: ~/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
...
debug1: Authentication succeeded (publickey).

引用自：https://unix.stackexchange.com/questions/131886