0

一直在尝试在多台服务器之间设置无缝 ssh 登录,但遇到问题,因为在将公钥复制到主机后,ssh 仍然要求输入密码。这是我所做的

[root@app6 .ssh]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
e9:e9:b4:e5:50:7b:9b:f6:3f:d5:65:52:39:9c:ba:38 root@app6
The key's randomart image is:
+--[ RSA 2048]----+
|              . o|
|               =.|
|              ...|
|         .   .. o|
|        S . . .oo|
|       . o E .  o|
|        = o o   .|
|       o = ..o . |
|        o ..o...o|
+-----------------+

然后将id复制到主机

[root@app6 .ssh]# ssh-copy-id app3
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
\S
Kernel \r on an \m
Password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'app3'"
and check to make sure that only the key(s) you wanted were added.

但是当我尝试登录时它不起作用(要求输入密码) -

[root@app6 .ssh]# ssh 'app3'
\S
Kernel \r on an \m
Password:

我不应该看到“密码:”提示。显然有些不对劲。

这是正在运行的 ssh 版本:

[root@app6 ~]# ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013

添加以下输出ssh -vvv app3

debug3: load_hostkeys: loading entries for host "172.27.36.104" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1 keys
debug1: Host '172.27.36.104' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:5
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa (0x7f471042f250),
debug2: key: /root/.ssh/id_dsa ((nil)),
debug2: key: /root/.ssh/id_ecdsa (0x7f4710433730),
debug2: key: /root/.ssh/id_ed25519 ((nil)),
debug3: input_userauth_banner
\S
Kernel \r on an \m
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
debug1: Offering ECDSA public key: /root/.ssh/id_ecdsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_ed25519
debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
4

2 回答 2

2

检查以下

  1. 目录app3:~/.ssh有权限0700
  2. 该文件app3:~/.ssh/authorized_keys有权限0600
  3. 密钥app6:~/.ssh/id_rsa.pub存在于app3:~/.ssh/authorized_keys

  4. 检查 sshd 配置文件

    PermitRootLogin yes
RSAAuthentication yes
PubkeyAuthentication yes

如果以上所有内容都正确,则运行ssh -vvv app3以查看非常详细的连接信息。它应该提供有关无密码登录失败的原因的反馈。

于 2016-04-25T22:59:39.140 回答
1

评论@yk11 的回答:

4.检查sshd配置文件

PermitRootLogin yes
RSAAuthentication yes
PubkeyAuthentication yes

打开这些配置并重新启动 sshd 进程。

于 2016-04-26T10:50:03.777 回答