我有一个ubuntu服务器,它位于公司的本地网络中,我们进行了ip映射,以便我们可以从WAN访问该计算机。 我已经生成了一个pub键并添加到authorized_keys。
前几次登录成功,但后来我ssh服务器会弹出让我填写密码。我的意思是在没有密码的情况下登录是随机的,应该始终使用puk密钥登录。
这是服务器上的ssh目录的权限设置
drwxrwxr-x 2 fin fin 4096 2011-10-19 11:47 .ssh
drwxrwxr-x 2 fin fin 4096 2011-10-19 11:47 .
drwx------ 11 fin fin 4096 2011-11-30 11:10 ..
-rw-rw-r-- 1 fin fin 804 2011-11-29 20:06 authorized_keys
-rw------- 1 fin fin 1675 2011-10-19 11:46 id_rsa
-rw-r--r-- 1 fin fin 403 2011-10-19 11:46 id_rsa.pub
-rw-r--r-- 1 fin fin 884 2011-10-19 11:47 known_hosts
这是详细的连接信息
openSSH_5.2p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 211.154.169.179 [211.154.169.179] port 1066.
debug1: Connection established.
debug1: identity file /Users/lidongbin/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/lidongbin/.ssh/id_rsa type 1
debug1: identity file /Users/lidongbin/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-7ubuntu1
debug1: match: OpenSSH_5.8p1 Debian-7ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 124/256
debug2: bits set: 525/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '[211.154.169.179]:1066' is known and matches the RSA host key.
debug1: Found key in /Users/lidongbin/.ssh/known_hosts:5
debug2: bits set: 517/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/lidongbin/.ssh/identity (0x0)
debug2: key: /Users/lidongbin/.ssh/id_rsa (0x100118e10)
debug2: key: /Users/lidongbin/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/lidongbin/.ssh/identity
debug1: Offering public key: /Users/lidongbin/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/lidongbin/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
这是/var/log/auth.log
Nov 30 11:11:35 vrv-oes sshd[30474]: Connection from 192.168.0.1 port 55669
Nov 30 11:11:41 vrv-oes sshd[30474]: Failed publickey for fin from 192.168.0.1 port 55669 ssh2
Nov 30 11:11:46 vrv-oes sshd[30529]: pam_ecryptfs: Passphrase file wrapped
Nov 30 11:11:47 vrv-oes sshd[30474]: Accepted password for fin from 192.168.0.1 port 55669 ssh2
Nov 30 11:11:47 vrv-oes sshd[30474]: pam_unix(sshd:session): session opened for user fin by (uid=0)
Nov 30 11:11:47 vrv-oes sshd[30474]: User child is on pid 30561
答案 0 :(得分:0)
如果增加sshd服务器的详细程度,它可能会为您提供有关密钥未被接受的原因的更多信息。我遇到问题的时间是时间服务器问题(将时钟设置为奇怪的值)或权限问题 - sshd希望它具有特定权限的配置文件。