0

我不小心删除了本地机器上的私钥和公钥。

所以我使用以下方法创建了一个新对:

ssh-keygen -t rsa

并将 id_rsa.pub 的内容复制到服务器上的我的 authorized_keys 中(我可以以 root 身份登录,我可以在 authorized_keys 文件中看到根公钥)。

但是,我不断收到 Permission Denied。我已经检查了 ~/.ssh 和授权密钥权限(分别设置为 700 和 600)。

有任何想法吗?

谢谢!

当我尝试从本地计算机连接时,这里有日志输出:

Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[16635]: debug1: Forked child 27356.
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: Set /proc/self/oom_score_adj to 0
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: inetd sockets after dupping: 3, 3
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: Connection from 50.67.165.140 port 60112
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: Client protocol version 2.0; client software version OpenSSH_5.9p1 Debian-5ubuntu1.1
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH*
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: Enabling compatibility mode for protocol 2.0
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: permanently_set_uid: 105/65534 [preauth]
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
Aug 21 16:32:27 ip-xx-xx-xx-xx sshd[27356]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: SSH2_MSG_KEXINIT received [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: kex: client->server aes128-ctr hmac-md5 none [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: kex: server->client aes128-ctr hmac-md5 none [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: KEX done [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: userauth-request for user capistrano service ssh-connection method none [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: attempt 0 failures 0 [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: PAM: initializing for "capistrano"
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: PAM: setting PAM_RHOST to "s0106c8fb26427cda.vc.shawcable.net"
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: PAM: setting PAM_TTY to "ssh"
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: userauth-request for user capistrano service ssh-connection method publickey [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: attempt 1 failures 0 [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: test whether pkalg/pkblob are acceptable [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: temporarily_use_uid: 1001/1001 (e=0/0)
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: trying public key file /home/capistrano/.ssh/authorized_keys
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: fd 4 clearing O_NONBLOCK
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: restore_uid: 0/0
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: Failed publickey for capistrano from <ip> port 60112 ssh2
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: Connection closed by <ip> [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: do_cleanup [preauth]
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: monitor_read_log: child log fd closed
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: do_cleanup
Aug 21 16:32:28 ip-xx-xx-xx-xx sshd[27356]: debug1: PAM: cleanup
4

4 回答 4

0

涉及哪些用户和路径?在标准的 openssh 设置中,远程用户(ssh 登录的用户)的 $HOME/.ssh 目录是 authorized_keys 文件的正确位置。但是,也可以将文件放在其他地方。

另外,检查文件所有权。authorized_keys 文件必须为登录用户所有。

检查 /var/log/messages 或 /var/log/secure(尝试失败后的“ls -ltr /var/log”可能有助于找出正确的日志文件)可能会给出细节。

如果一切都失败了,您可以跟踪 sshd 进程以准确查看他们正在读取哪些文件。做起来并不简单,但它确实触及了服务器操作的核心。

于 2013-08-21T16:43:35.383 回答
0

删除工作站的 known_hosts 条目,然后重试。我使用 644 作为authorized_keys。

于 2013-08-21T16:37:06.777 回答
0

对我有用的是:

chmod 750 /home/user
chmod 700 /home/user/.ssh
chmod 644 /home/user/.ssh/authorized_keys

如果这对您不起作用,请尝试:

chmod 755 /home/user
于 2015-04-02T17:00:14.110 回答
-1

好的,所以我弄清楚了...问题是我将公钥添加到另一个用户目录上的 authorized_keys 文件中。:S.. 无论如何谢谢

于 2013-08-21T16:40:51.013 回答