SSH 公钥身份验证 - 服务器接受密钥但身份验证不成功

Question

我正在帮助一位在使用公钥身份验证连接到我维护的服务器时遇到问题的朋友。公钥身份验证适用于其他几个用户。当然，我朋友的公钥在服务器上的authorized_keys-file中。

debug1: Host 'xxxxx' is known and matches the RSA host key.
debug1: Found key in /home/xxx/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found
debug1: Unspecified GSS failure.  Minor code may provide more information
debug1: Unspecified GSS failure.  Minor code may provide more information
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/xxx/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering RSA public key: email@address.com
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/xxx/.ssh/id_dsa
debug1: Trying private key: /home/xxx/.ssh/id_ecdsa
debug1: Next authentication method: password

以下行对我来说没有意义

Server accepts key: pkalg ssh-rsa blen 279

既然服务器似乎认为公钥是完全正确的，那么为什么它继续进行密码认证而不是对用户进行认证呢？

Answer 1

我相信您正在显示客户端日志/调试输出。我想看看服务器端的日志，通常给出了关于更详细的原因服务器拒绝了公钥认证的尝试。

例如，对用户主目录或 .ssh 目录的不安全权限。