我试图通过SSH密钥设置从ServerA(SunOS)到ServerB(一些使用键盘交互式登录的自定义
Linux)的访问.作为概念验证,我能够在2台虚拟机之间完成.现在,在我的现实生活场景中它不起作用.
我在ServerA中创建了密钥,将它们复制到ServerB,将chmod’d .ssh文件夹复制到ServerA,B上的700.
这是我得到的日志.
- debug1: SSH2_MSG_KEXINIT sent
- debug1: SSH2_MSG_KEXINIT received
- debug1: kex: server->client aes128-ctr hmac-md5 none
- debug1: kex: client->server aes128-ctr hmac-md5 none
- debug1: Peer sent proposed langtags,ctos:
- debug1: Peer sent proposed langtags,stoc:
- debug1: We proposed langtags,ctos: en-US
- debug1: We proposed langtags,stoc: en-US
- debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
- debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
- debug1: dh_gen_key: priv key bits set: 125/256
- debug1: bits set: 1039/2048
- debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
- debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
- debug1: Host 'XXX.XXX.XXX.XXX' is known and matches the RSA host key.
- debug1: Found key in /XXX/.ssh/known_hosts:1
- debug1: bits set: 1061/2048
- debug1: ssh_rsa_verify: signature correct
- debug1: newkeys: mode 1
- debug1: set_newkeys: setting new keys for 'out' mode
- debug1: SSH2_MSG_NEWKEYS sent
- debug1: expecting SSH2_MSG_NEWKEYS
- debug1: newkeys: mode 0
- debug1: set_newkeys: setting new keys for 'in' mode
- debug1: SSH2_MSG_NEWKEYS received
- debug1: done: ssh_kex2.
- debug1: send SSH2_MSG_SERVICE_REQUEST
- debug1: got SSH2_MSG_SERVICE_ACCEPT
- debug1: Authentications that can continue: publickey,keyboard-interactive
- debug1: Next authentication method: publickey
- debug1: Trying private key: /XXXX/.ssh/identity
- debug1: Trying public key: /xxx/.ssh/id_rsa
- debug1: Authentications that can continue: publickey,keyboard-interactive
- debug1: Trying private key: /xxx/.ssh/id_dsa
- debug1: Next authentication method: keyboard-interactive
- Password:
- Password:
自从定制的专有Linux以来,ServerB的行动非常有限.
可能会发生什么?
编辑与答案:
问题是我没有在sshd_config中启用这些设置(请参阅接受的答案)并且在将密钥从ServerA粘贴到ServerB时,它会将密钥解释为3个单独的行.
我做的是,如果你不能像我一样使用ssh-copy-id.将您的密钥的第一行粘贴到“ServerB”authorized_keys文件中,不包含最后2个字符,然后键入第1行中缺少的字符和第2行中的第一行,这将阻止在第一行和第二行之间添加“新行”.第二行的关键.重复3d线.
解决方法
我不认为您的密钥已被正确复制,如果您有ssh-copy-id可用,我建议您使用它.
- $ssh-copy-id user@remote_server
- Password:
输入密码后,您的SSH密钥将被复制,您应该只需ssh而无需再次提供密码.
还要检查ServerB上的SSH配置并检查一些事项.
- $vi /etc/ssh/sshd_config
另一件事是检查这些设置:
- RSAAuthentication yes
- PubKeyAuthentication yes
- AuthorizedKeysFile %h/.ssh/authorized_keys
AuthorizedKeysFile的值是您需要粘贴公共ssh密钥的位置.
您可以使用以下命令收集SSH-Key信息:ssh-add -L
更新
当ssh-copy-id不存在时,您可以采用旧方法:
- $cat ~/.ssh/id_rsa.pub | ssh user@remote_host 'cat >> /home/user/.ssh/authorized_keys'
