不知何故,我的 SSH 从不想问我密码。
所以我在世界某个地方的某个随机服务器上设置了一个 VPS,我想用 ssh 连接到它。
我可以设置一个密钥,但是当我这样做时:
ssh -l some-user IP
我收到错误:
Received disconnect from ##.##.##.##: 2: Too many authentication failures for some-user
当我查看详细信息时,可以看到密码是选项之一:
debug1: Offering RSA public key: some-user@computer
debug1: Authentications that can continue: publickey,password
然而 SSH 从不要求我输入密码。它使用我怀疑的公钥方法尝试了 5 次,然后失败了。为什么不使用密码 ssh 尝试?!
以防万一,我的 ssh_config 文件有:
PasswordAuthentication yes
完整日志
ssh -v -l root ##.##.##.##
OpenSSH_6.1p1 Debian-4, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /home/someuser/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ##.##.##.## [##.##.##.##] port 22.
debug1: Connection established.
debug1: identity file /home/someuser/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/someuser/.ssh/id_rsa-cert type -1
debug1: identity file /home/someuser/.ssh/id_dsa type -1
debug1: identity file /home/someuser/.ssh/id_dsa-cert type -1
debug1: identity file /home/someuser/.ssh/id_ecdsa type -1
debug1: identity file /home/someuser/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2p2 Ubuntu-6
debug1: match: OpenSSH_6.2p2 Ubuntu-6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA XX:XX:...:XX:XX
debug1: Host '##.##.##.##' is known and matches the ECDSA host key.
debug1: Found key in /home/someuser/.ssh/known_hosts:38
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/someuser/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: someuser@computer
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: someuser@computer
debug1: Authentications that can continue: publickey,password
debug1: Offering DSA public key: someuser@computer
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: someuser@computer
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: someuser@computer
Received disconnect from ##.##.##.##: 2: Too many authentication failures for root
Kla*_*cha 19
尝试在禁用公钥身份验证的情况下登录,使用
ssh -o PubkeyAuthentication=no root@newserver
Oll*_*lli 18
很可能您identityfile的.ssh/config文件中有不止一行。
即使您identityfile在host配置中,它也是全局应用的。这意味着ssh在要求服务器提供密码提示之前,它会尝试每台主机上的每个身份文件(即公钥)。
您可以通过以下方式解决此问题
identityfile一行之外的所有行,或PubkeyAuthentication no到.ssh/config, 或-o PubkeyAuthentication=no参数执行 ssh 。来自man 5 ssh_config:
PubkeyAuthentication
Specifies whether to try public key authentication. The argument to this
keyword must be “yes” or “no”. The default is “yes”. This option applies
to protocol version 2 only.
IdentityFile
...
It is possible to have multiple identity files specified in configuration
files; all these identities will be tried in sequence. Multiple
IdentityFile directives will add to the list of identities tried (this
behaviour differs from that of other configuration directives).
使用公钥的一些一般说明:
这有一些例外,但不是太多。