use*_*608 2 linux mac ssh keys
我正在尝试使用 pp 密钥使 ssh 工作。但是,在遵循了几个 howto 之后,我仍然遇到登录问题。服务器是opensuse 12.1,客户端是mac。这是详细的输出:
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.139 [192.168.1.139] port 22.
debug1: Connection established.
debug1: identity file /Users/me/.ssh/id_rsa type 1
debug1: identity file /Users/me/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8
debug1: match: OpenSSH_5.8 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.1.139' is known and matches the RSA host key.
debug1: Found key in /Users/me/.ssh/known_hosts:7
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/me/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:
任何人的想法在哪里寻找?谢谢
不可能从客户端进一步调试它。客户端提供密钥,它不被接受,这一定是服务器端的问题。找出原因的最快方法(如果可行)是在调试模式下启动另一个 sshd,它会告诉您密钥被拒绝的确切原因。在服务器端:
/usr/sbin/sshd -d -p 2222
这将在端口 2222(一个不同的端口,以便我们不会干扰在端口 22 上运行的服务器)上以调试模式启动 sshd。
然后在客户端:
ssh -p 2222 user@remotehost
您应该在启动 sshd 的终端中看到您的密钥被拒绝的原因。
通常问题在于权限太松。authorized_keys 文件和整个目录祖先不能被除用户之外的任何人写入。因此,如果authorized_keys 文件在/home/username/.ssh/authorized_keys 中,那么,例如,/、/home、/home/username 都不能是组可写的。
| 归档时间: |
|
| 查看次数: |
822 次 |
| 最近记录: |