gil*_*ech 5 linux ssh centos rsa
我正在通过 SSH 远程运行 CentOS 6.5 机器。我使用 RSA 密钥并禁用了密码身份验证。我遇到的问题是,每当我添加新用户并希望他/她通过 SSH 登录时,他们都会被拒绝访问。
起初,这似乎是一个简单的问题。这些是我已经尝试过的:
这是我设置的内容sshd_config:
PermitRootLogin no
AllowUsers keving moman muser
这就是我的日志告诉我的:
Login attempted when not in AllowUsers list:
muser : 3 Time(s)
root : 127 Time(s)
为什么 SSH 不允许登录而 AllowUsers 列表显然列出了 muser?还有其他地方可以设置吗?
更新:将我的公钥添加到用户的authorized_keys 文件后,我尝试在我的机器上登录该帐户,并带有详细标志-v。这些是结果(出于安全原因使用假 IP 和服务器主机密钥):
$ ssh -v mattm@111.111.111.111
OpenSSH_6.6.1, OpenSSL 1.0.1i 6 Aug 2014
debug1: Reading configuration data /c/Users/[user]/.ssh/config
debug1: Connecting to 111.111.111.111 [111.111.111.111] port 22.
debug1: Connection established.
debug1: identity file /c/Users/[user]/.ssh/id_rsa type 1
debug1: identity file /c/Users/[user]/.ssh/id_rsa-cert type -1
debug1: identity file /c/Users/[user]/.ssh/id_dsa type -1
debug1: identity file /c/Users/[user]/.ssh/id_dsa-cert type -1
debug1: identity file /c/Users/[user]/.ssh/id_ecdsa type -1
debug1: identity file /c/Users/[user]/.ssh/id_ecdsa-cert type -1
debug1: identity file /c/Users/[user]/.ssh/id_ed25519 type -1
debug1: identity file /c/Users/[user]/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA [censored]
debug1: Host '111.111.111.111' is known and matches the RSA host key.
debug1: Found key in /c/Users/[user]/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /c/Users/[user]/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: /c/Users/[user]/.ssh/id_dsa
debug1: Trying private key: /c/Users/[user]/.ssh/id_ecdsa
debug1: Trying private key: /c/Users/[user]/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
gil*_*ech 13
正如@toppledwagon 在对我的问题的评论中所建议的那样,我检查/var/log/security并确定在~/.ssh/authorized_keys树上有一个错误权限的条目,包括主目录。
进行这些编辑后,我能够使用 RSA 密钥通过 ssh 登录到用户的帐户:
$ chmod g-w /home/your_user
$ chmod 700 /home/your_user/.ssh
$ chmod 600 /home/your_user/.ssh/authorized_keys
参考:http : //www.daveperrett.com/articles/2010/09/14/ssh-authentication-refused/
调整这些权限后,我就可以登录了。有趣的是,我已经将.sshdir 和authorized_keysfile分别设置为700和600。由于某种原因,主目录设置不正确。
感谢所有在评论中提供帮助的人。