在本地主机上运行 sshd 服务。为root并user1使用 ssh-keygen创建了两对 rsa 密钥。从 root/.ssh/id_rsa.pub 复制到 user1/.ssh/id_rsa.pub。改变权限为600试过ssh -l user1 localhost和ssh -l root localhost,但都失败,权限被拒绝(公钥,键盘交互)。. 我是否必须将公钥复制到~/.ssh两个用户的文件夹中?配置有什么问题?为什么我无法连接到本地主机?
文件/etc/ssh/sshd_config:
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication yes
UsePAM no
AllowUsers user1 root
PermitRootLogin yes
在文件中/etc/ssh/ssh_config是未注释的行:
RSAAuthentication yes
PasswordAuthentication no
ForwardX11 no
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
PubkeyAuthentication yes
编辑 1
我正在尝试连接到本地主机。我必须能够仅使用公钥登录到 user1,同时可以使用公钥和/或密码以 root 身份登录。
编辑 2
我复制了cp ~/.ssh/id_rsa.pub /home/user1/.ssh/authorized_keys。更改了权限chmod -R 700 ~/.ssh和chmod -R 700 /home/user1/.ssh. 重新启动 sshd 'service ssh restart'。但它似乎不起作用。
编辑 4
root@ubuntu:~# ssh-copy-id user1@localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is 34:29:b6:1b:fe:84:eb:82:85:77:87:f6:25:39:61:5a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
Permission denied (publickey,keyboard-interactive).
root@ubuntu:~# ssh-copy-id root@localhost
Permission denied (publickey,keyboard-interactive).
日志:
# tail /var/log/auth.log
... ubuntu sshd[8476]: User root not allowed because account is locked
一篇很好的 SSH 故障排除文章:问题和解决方案
小智 7
当我尝试登录没有密码的帐户时遇到了这个问题,即使我使用 SSH 密钥对身份验证并关闭了密码登录。解决方案是使用我的 root 帐户设置密码:
passwd user1
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
我不久前遇到了类似的问题,尝试做一个
chmod -R 600 ~/.ssh
显然,如果文件权限正确但目录权限不同,则会出现权限错误。
我还认为您需要将文件从 id_rsa.pub 重命名为authorized_keys。