我在本地计算机上意外删除了我的私钥和公钥。
所以我用:
创建了一对新对ssh-keygen -t rsa
并将id_rsa.pub的内容复制到服务器上的authorized_keys中(我可以以root身份登录,我可以在authorized_keys文件中看到根公钥)。
但是,我一直拒绝权限。我已经检查了〜/ .ssh和授权密钥权限(分别设置为700和600)。
有什么想法吗?
谢谢!
当我尝试从本地计算机连接时,您有日志输出:
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[16635]: debug1: Forked child 27356.
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: Set /proc/self/oom_score_adj to 0
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: inetd sockets after dupping: 3, 3
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: Connection from 50.67.165.140 port 60112
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: Client protocol version 2.0; client software version OpenSSH_5.9p1 Debian-5ubuntu1.1
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH*
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: Enabling compatibility mode for protocol 2.0
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: permanently_set_uid: 105/65534 [preauth]
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: SSH2_MSG_KEXINIT received [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: kex: client->server aes128-ctr hmac-md5 none [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: kex: server->client aes128-ctr hmac-md5 none [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: KEX done [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: userauth-request for user capistrano service ssh-connection method none [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: attempt 0 failures 0 [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: PAM: initializing for "capistrano"
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: PAM: setting PAM_RHOST to "s0106c8fb26427cda.vc.shawcable.net"
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: PAM: setting PAM_TTY to "ssh"
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: userauth-request for user capistrano service ssh-connection method publickey [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: attempt 1 failures 0 [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: test whether pkalg/pkblob are acceptable [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: temporarily_use_uid: 1001/1001 (e=0/0)
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: trying public key file /home/capistrano/.ssh/authorized_keys
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: fd 4 clearing O_NONBLOCK
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: restore_uid: 0/0
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: Failed publickey for capistrano from <ip> port 60112 ssh2
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: Connection closed by <ip> [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: do_cleanup [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: monitor_read_log: child log fd closed
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: do_cleanup
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: PAM: cleanup
答案 0 :(得分:0)
删除工作站的known_hosts条目,然后重试。我将644用于authorized_keys。
答案 1 :(得分:0)
涉及哪些用户和路径?在标准的openssh设置中,远程用户的$ HOME / .ssh目录(ssh登录的目录)是authorized_keys文件的正确位置。但是,也可以将文件放在其他位置。
另外,检查文件所有权。 authorized_keys文件必须由登录用户拥有。
检查/ var / log / messages或/ var / log / secure(尝试失败后的“ls -ltr / var / log”可能有助于找出正确的日志文件)可能会给出具体信息。
如果所有其他方法都失败了,您可以使用sshd进程来查看他们正在阅读的文件。这不是一件容易的事,但它确实适应了服务器操作的内涵。
答案 2 :(得分:0)
对我有用的是:
chmod 750 /home/user
chmod 700 /home/user/.ssh
chmod 644 /home/user/.ssh/authorized_keys
如果这对您不起作用,请尝试:
chmod 755 /home/user
答案 3 :(得分:-1)
好的,我弄清楚了...问题是我将公钥添加到另一个用户目录上的authorized_keys文件中。 :S ..无论如何,谢谢