检查$HOME
和.ssh
的权限并运行推荐的命令后,仍然无法让ssh localhost无密码地工作。以下是ssh -vvv localhost
命令和输出的编辑历史记录。它无法加载id_rsa
,我无法弄清楚原因。在Max OSX yosemite 10.10.5上运行
java version "1.8.0_66"
Java(TM) SE Runtime Environment (build 1.8.0_66-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)
我已根据偏好启用远程登录。
zak-keirns-imac:~ zak$ ls -l .ssh
total 40
-rw------- 1 zak staff 2252 Dec 13 12:28 authorized_keys
-rw------- 1 zak staff 668 Dec 13 12:28 id_dsa
-rw-r--r-- 1 zak staff 615 Dec 13 12:28 id_dsa.pub
-rw------- 1 zak staff 1679 Dec 13 11:28 id_rsa
-rw-r--r-- 1 zak staff 407 Dec 13 11:28 id_rsa.pub
zak-keirns-imac:~ zak$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
Generating public/private dsa key pair.
/Users/zak/.ssh/id_dsa already exists.
Overwrite (y/n)? y
Your identification has been saved in /Users/zak/.ssh/id_dsa.
Your public key has been saved in /Users/zak/.ssh/id_dsa.pub.
zak-keirns-imac:~ zak$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
zak-keirns-imac:~ zak$ ssh -vvv localhost
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/Users/zak/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /Users/zak/.ssh/id_rsa type 1
debug1: identity file /Users/zak/.ssh/id_rsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/Users/zak/.ssh/id_dsa" as a RSA1 public key
debug1: identity file /Users/zak/.ssh/id_dsa type 2
debug1: identity file /Users/zak/.ssh/id_dsa-cert type -1
more output:
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug2: fd 5 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
....
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug2: mac_setup: found hmac-md5-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 135/256
debug2: bits set: 508/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 02:f8:78:65:22:75:23:44:c4:82:2a:8f:73:4b:f5:6a
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is 02:f8:78:65:22:75:23:44:c4:82:2a:8f:73:4b:f5:6a.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
答案 0 :(得分:1)
debug1:身份文件/Users/zak/.ssh/id_rsa类型1
此行告诉您标识已成功加载。
debug3:无法加载&#34; /Users/zak/.ssh/id_rsa"作为RSA1公钥
这只是低级别的通知,无法识别旧密钥类型。这部分是出于某些历史原因并且有点令人困惑,但这不是错误,只是调试3级注释。
主持人的真实性完全不同。您生成的密钥用于身份验证,但主机密钥确保真实性。
如果您想确保连接到正确的主机,请使用不同的安全通道将公共主机密钥从服务器复制到~/.ssh/known_hosts
,您将不会再看到此消息。
答案 1 :(得分:0)
ssh没有给localhost特殊的状态;它被视为另一个主机。在ssh连接到主机之前,它想知道它正在连接到正确的主机。 ssh无法回答此先验。您需要验证主机密钥并确认它是否为ssh。那时,ssh会将它保存在known_hosts文件中。正如Jakuje指出的那样,您也可以手动将密钥复制到此文件中。
对于localhost,验证密钥更容易一些,因为它可以在/etc/ssh/ssh_host_rsa_key.pub中找到(在类似Red Hat的系统上;位置会因其他操作系统而异)。识别主机密钥文件后,您可以使用以下命令获取其指纹:
ssh-keygen -l -f /path/to/host_key.pub
当要求您验证主机密钥时,如果显示的指纹与您计算的指纹匹配,则可以说“是”。
首次连接主机时,应事先确定主机的密钥指纹;这对远程主机来说更具挑战性。现实情况是,大多数人不会这样做,但这是正确的事情。