编辑:准确完成所做的工作
我需要在没有密码的情况下SSH本地主机,通常的方法(使用公钥)不起作用。
user@PC:~$ rm -rf .ssh/*
user@PC:~$ ssh-keygen -t rsa > /dev/null
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
user@PC:~$ ls .ssh/
id_rsa id_rsa.pub
user@PC:~$ ssh-copy-id -i localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is f7:87:b5:4e:31:a1:72:11:8e:5f:d2:61:bd:b3:40:1a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
user@localhost's password:
Now try logging into the machine, with "ssh 'localhost'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
user@PC:~$ ssh-agent $SHELL
user@PC:~$ ssh-add -L
The agent has no identities.
user@PC:~$ ssh-add
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)
user@PC:~$ ssh-add -L
ssh-rsa ...MY KEY HERE
user@PC:~$ ssh-copy-id -i localhost
user@localhost's password:
Now try logging into the machine, with "ssh 'localhost'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
user@PC:~$ ssh localhost echo 'testing'
user@localhost's password:
user@PC:~$
因此,您可以在上一个命令中看到它仍在询问密码! 我该如何解决这个问题? Ubuntu-10.04,OpenSSH_5.3p1
EDIT2:
添加有关sshd的一些信息
user@PC:~$ cat /etc/ssh/sshd_config | grep Authentication
# Authentication:
RSAAuthentication yes
PubkeyAuthentication yes
RhostsRSAAuthentication no
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
ChallengeResponseAuthentication no
# PasswordAuthentication yes
EDIT3:来自$ ssh -vv localhost的结果
$ssh -vv localhost
...
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/identity
debug1: Offering public key: /home/user/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/user/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
user@localhost's password:
答案 0 :(得分:128)
我按照3个步骤创建了密码少登录
1. ssh-keygen -t rsa
Press enter for each line
2. cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
3. chmod og-wx ~/.ssh/authorized_keys
答案 1 :(得分:16)
发现了问题。
使用调试运行服务器:
$sshd -Dd
我发现它无法读取auth_key
$chmod 750 $HOME
修正了它。
答案 2 :(得分:13)
另一个可能的答案:authorized_keys文件可能存在且可读。但如果它是组或世界可写的,它仍然会提示输入密码。这个问题的答案是
chmod og-wx ~/.ssh/authorized_keys
答案 3 :(得分:5)
执行以下步骤
ssh-keygen -t rsa -C "your_email@example.com"
# Creates a new ssh key, using the provided email as a label
# Generating public/private rsa key pair.
使用默认文件和空密码(只需在接下来的两个步骤中按Enter键)
# start the ssh-agent in the background
eval "$(ssh-agent -s)"
# Agent pid 59566
ssh-add
将〜/ .ssh / id_rsa.pub的内容复制到〜/ .ssh / authorized_keys
确保以下是权限
ls -l .ssh/
total 20
-rw-r--r--. 1 swati swati 399 May 5 14:53 authorized_keys
-rw-r--r--. 1 swati swati 761 Jan 12 15:59 config
-rw-------. 1 swati swati 1671 Jan 12 15:44 id_rsa
-rw-r--r--. 1 swati swati 399 Jan 12 15:44 id_rsa.pub
-rw-r--r--. 1 swati swati 410 Jan 12 15:46 known_hosts
另外,请确保.ssh目录的权限。这也很重要
drwx------. 2 swati swati 4096 May 5 14:56 .ssh
答案 4 :(得分:4)
两个简单的步骤:
ssh-keygen -t rsa <Press enter for each line>
ssh-copy-id localhost
输入密码,您已完成。
答案 5 :(得分:1)
正确而安全的方法是按照此处所述复制密钥。
在其他情况下,sshpass可以很方便。
sshpass -p raspberry ssh pi@192.168.0.145
请记住,这根本不安全。尽管在安全的环境中使用它并不是一个好主意,但它对于编写脚本,自动化测试非常有用......
这可以与
结合使用ssh -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no pi@192.168.0.145
以避免阻止脚本发生的确认问题。
同样,只在不同机器共享IP并且安全性不重要的开发系统中使用它。
https://ownyourbits.com/2017/02/22/easy-passwordless-ssh-with-sshh/
答案 6 :(得分:1)
作为公认的答案, 如果你想解决
的问题 Agent admitted failure to sign using the key.
你需要
ssh-add
答案 7 :(得分:0)
即使遵循了所有建议,我也遇到了同样的问题,但发现这个问题与gnome-keyring干扰有关。
解决方案:
答案 8 :(得分:0)
我以这种方式解决了ssh登录问题。
我在服务器端生成了密钥对,然后将私钥返回到Windows 10计算机,现在我无需密码即可登录。
以前,我使用的是Window 10笔记本电脑生成的密钥对,根本没有运气。
答案 9 :(得分:0)
在Centos 7上
解决方案
1 create rsa key
2 vim /etc/ssh/ssh_config
3
# IdentityFile ~/.ssh/identity
uncoment this line > IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
注意*我在复制密钥和其他答案之前做了此操作。但是我很确定这就是您要做的全部,但是如果没有,我将rsa密钥附加到authorized_keys上,然后运行
ssh-copy-id到username @ localhost
答案 10 :(得分:0)
在Docker容器(golang:1.13-alpine)上运行单元测试时,我遇到了同样的问题。
在Incognito mode和var version = 'v2:';
var offlineFundamentals = [
'/',
'/offline.html'
];
var updateStaticCache = function () {
return caches.open(version + 'fundamentals').then(function (cache) {
return Promise.all(offlineFundamentals.map(function (value) {
var request = new Request(value);
var url = new URL(request.url);
if (url.origin != location.origin) {
request = new Request(value, {
mode: 'no-cors'
});
}
return fetch(request).then(function (response) {
var cachedCopy = response.clone();
return cache.put(request, cachedCopy);
});
}))
})
};
var clearOldCaches = function () {
return caches.keys().then(function (keys) {
return Promise.all(keys.filter(function (key) {
return key.indexOf(version) != 0;
}).map(function (key) {
return caches.delete(key);
}));
});
};
var limitCache = function (cache, maxItems) {
cache.keys().then(function (items) {
if (items.length > maxItems) {
cache.delete(items[0]);
}
})
};
var trimCache = function (cacheName, maxItems) {
caches.open(cacheName).then(function (cache) {
cache.keys().then(function (keys) {
if (keys.length > maxItems) {
cache.delete(keys[0]).then(trimCache(cacheName, maxItems));
}
});
});
};
var hasUrlCacheExcludeMatch = function (url) {
var cacheExcludeUrls = [
"https:\/\/example.com\/user\/login",
"https:\/\/example.com\/user\/register"
];
return cacheExcludeUrls.some(path => url.includes(path));
};
self.addEventListener("install", function (event) {
event.waitUntil(updateStaticCache().then(function () {
return self.skipWaiting();
}));
});
self.addEventListener("message", function (event) {
var data = event.data;
if (data.command == "trimCache") {
trimCache(version + "pages", 80);
trimCache(version + "images", 50);
trimCache(version + "assets", 50);
}
});
self.addEventListener("fetch", function (event) {
var fetchFromNetwork = function (response) {
var cacheCopy = response.clone();
if (event.request.headers.get('Accept').indexOf('text/html') != -1) {
if (!hasUrlCacheExcludeMatch(event.request.url)) {
caches.open(version + 'pages').then(function (cache) {
cache.put(event.request, cacheCopy).then(function () {
limitCache(cache, 80);
})
});
}
} else if (event.request.headers.get('Accept').indexOf('image') != -1) {
caches.open(version + 'images').then(function (cache) {
cache.put(event.request, cacheCopy).then(function () {
limitCache(cache, 50);
});
});
} else {
caches.open(version + 'assets').then(function add(cache) {
cache.put(event.request, cacheCopy).then(function () {
limitCache(cache, 50);
});
});
}
return response;
}
var fallback = function () {
if (event.request.headers.get('Accept').indexOf('text/html') != -1) {
return caches.match(event.request).then(function (response) {
return response || caches.match('/offline.html');
})
}
}
if (event.request.method != 'GET') {
return;
}
if (event.request.headers.get('Accept').indexOf('text/html') != -1) {
event.respondWith(fetch(event.request).then(fetchFromNetwork, fallback));
return;
}
event.respondWith(caches.match(event.request).then(function (cached) {
return cached || fetch(event.request).then(fetchFromNetwork, fallback);
}))
});
self.addEventListener("activate", function (event) {
event.waitUntil(clearOldCaches().then(function () {
return self.clients.claim();
}));
});
调试之后,我找到了原因:
由于帐户已锁定,不允许用户root
因此,我们应该在sshd -Dd之前解锁帐户
或设置密码。
答案 11 :(得分:0)
我解决了在sshd_config文件上设置AllowUsers的问题。
通过调试运行服务器:
$ sshd -Dd
我发现不允许我的用户
$ sudo vi / etc / ssh / sshd_config
在#Authentication之后添加一行:
AllowUsers myUser