$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa $ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys 经试验后还是需要密码 ssh -vvv localhost 查看debug信息发现如下信息: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_1000' not found 经搜索是权限问题 需要修改即可: $ chmod 600 ~/.ssh/authorized_keys $ chmod 700 ~/.ssh/ 转文章如下 使用公钥认证方式登录SSH可以免去输入密码的步骤,在某些情况下还是十分有用的。 基本步骤如下: 首先在客户端生成公钥和私钥: $ ssh-keygen -f ~/.ssh/filename filename替换为实际的文件名 该命令会提示输入口令以加密私钥,如果不需要直接回车即可。 命令执行完毕后会在~/.ssh/下生成两个文件,一个filename,这个是私钥,一个filename.pub,这个是公钥。 然后将生成的公钥添加到远程SSH服务器上,方法有两种: 在客户端直接添加: $ ssh-copy-id -i .ssh/filename.pub user@server 如果能够登录远程服务器,则可以将公钥上传至服务器然后直接写入对应帐号的authorized_keys文件: $ cat /tmp/filename.pub >> ~/.ssh/authorized_keys 理论上此时在客户端应该可以使用公钥直接登录了 $ ssh -i filename user@server 或者在~/.ssh/下创建配置文件config,内容如下: #server alias host srv #ssh username user user #remote server address hostname server #remote server port port 22 #the public key filename(without .pub) identityfile ~/.ssh/filename 然后输入 $ ssh srv 就可以了。 但是,很多时候事情没有那么顺利。 在本人尝试的时候,到了这一步,仍然提示要输入密码才能登录,那我折腾那么多是干嘛呢(摔 可是问题还是要解决的,ssh有个-v参数可以查看debug信息,于是 $ ssh srv -v 得到的结果如下: ...... debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found debug1: Unspecified GSS failure. Minor code may provide more information debug1: Next authentication method: publickey debug1: Offering public key: xxx/.ssh/filename debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: password user@server's password: 只能确认配置文件没错,确实找到了对应的公钥,其他似乎看不出特别的问题,于是登录远程服务器查看SSH登录日志: $ tail /var/log/secure -n 20 结果如下: ...... Dec 1 23:11:21 testserver sshd[1275]: Server listening on 0.0.0.0 port 22. Dec 1 23:11:21 testserver sshd[1275]: Server listening on :: port 22. Dec 1 23:11:29 testserver sshd[1278]: Authentication refused: bad ownership or modes for file /home/user/.ssh/authorized_keys Dec 1 23:11:29 testserver sshd[1278]: Authentication refused: bad ownership or modes for file /home/user/.ssh/authorized_keys Dec 1 23:11:36 testserver sshd[1279]: Connection closed by ::1 Dec 1 23:11:39 testserver sshd[1281]: Authentication refused: bad ownership or modes for file /home/user/.ssh/authorized_keys Dec 1 23:11:39 testserver sshd[1281]: Authentication refused: bad ownership or modes for file /home/user/.ssh/authorized_keys Dec 1 23:11:48 testserver sshd[1282]: Connection closed by ::1 问题似乎很明显了,authorized_keys的权限问题,搜索了一下,发现此文件权限必须为600,这个测试用户是本人新建的,文件的权限不正确,于是修改之: $ chmod 600 ~/.ssh/authorized_keys .ssh目录的权限必须为700: $ chmod 700 ~/.ssh/ 再次测试,终于能够顺利登录了。 转载请保留固定链接: https://linuxeye.com/Linux/936.html |