1. 首页
  2. 问答
  3. Linux ssh无密码登录不起作用?

Linux ssh无密码登录不起作用?

2012-05-25 104 views
1 
[email protected]:~$ ssh-keygen 
Generating public/private rsa key pair. 
Enter file in which to save the key (/home/local/bharathi-1397/.ssh/id_rsa): 
/home/local/bharathi-1397/.ssh/id_rsa already exists. 
Overwrite (y/n)? y 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/local/bharathi-1397/.ssh/id_rsa. 
Your public key has been saved in /home/local/bharathi-1397/.ssh/id_rsa.pub. 
The key fingerprint is: 
de:e3:e5:f6:a3:8e:83:76:f0:7d:d6:e1:b3:d6:cc:93 [email protected] 
The key's randomart image is: 
+--[ RSA 2048]----+ 
|     | 
|     | 
|     | 
|     | 
|  S  | 
|  ...  . | 
|  .+o.. .++| 
|  o.+=o +E=| 
|  . .o++=oo+| 
+-----------------+

接下来,我从.ssh/id_rsa.pub复制内容并存储在远程机器中。Linux ssh无密码登录不起作用?

[email protected]:~$ mkdir .ssh 
[email protected]:~$ vi authorized_keys

将复制的内容粘贴到authorized_keys中,但下次尝试登录时会问密码为什么? ssh [email protected] [email protected]的密码:

为什么要问密码? 。我按照正确的步骤。我不知道它为什么要求密码?

ssh -v [email protected] 
OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: Applying options for * 
debug1: Connecting to integ-build3 [192.168.5.173] port 22. 
debug1: Connection established. 
debug1: identity file /home/local/bharathi-1397/.ssh/id_rsa type 1 
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 
debug1: identity file /home/local/bharathi-1397/.ssh/id_rsa-cert type -1 
debug1: identity file /home/local/bharathi-1397/.ssh/id_dsa type -1 
debug1: identity file /home/local/bharathi-1397/.ssh/id_dsa-cert type -1 
debug1: identity file /home/local/bharathi-1397/.ssh/id_ecdsa type -1 
debug1: identity file /home/local/bharathi-1397/.ssh/id_ecdsa-cert type -1 
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 
debug1: match: OpenSSH_4.3 pat OpenSSH_4* 
debug1: Enabling compatibility mode for protocol 2.0 
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1 
debug1: SSH2_MSG_KEXINIT sent 
debug1: SSH2_MSG_KEXINIT received 
debug1: kex: server->client aes128-ctr hmac-md5 none 
debug1: kex: client->server aes128-ctr hmac-md5 none 
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent 
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP 
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent 
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY 
debug1: Server host key: RSA 66:3e:67:25:65:22:f0:70:3d:e3:ce:3b:14:49:7e:76 
debug1: Host '172.20.2.7' is known and matches the RSA host key. 
debug1: Found key in /home/local/bharathi-1397/.ssh/known_hosts:5 
debug1: ssh_rsa_verify: signature correct 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug1: SSH2_MSG_NEWKEYS received 
debug1: Roaming not allowed by server 
debug1: SSH2_MSG_SERVICE_REQUEST sent 
debug1: SSH2_MSG_SERVICE_ACCEPT received 
debug1: Authentications that can continue: publickey,gssapi-with-mic,password 
debug1: Next authentication method: publickey 
debug1: Offering RSA public key: /home/local/bharathi-1397/.ssh/id_rsa 
debug1: Authentications that can continue: publickey,gssapi-with-mic,password 
debug1: Trying private key: /home/local/bharathi-1397/.ssh/id_dsa 
debug1: Trying private key: /home/local/bharathi-1397/.ssh/id_ecdsa 
debug1: Next authentication method: password 
[email protected]'s password:

来源

2012-05-25 kannanrbk

+2

的全键结构,尝试在你的.ssh目录做搭配chmod 700你在你的authorized_keys文件创建和/或搭配chmod 600 ,我很确定ssh不喜欢它是世界可读的。 –

+0

@joachim 我在两台计算机上将.ssh目录的权限修改为700。我仍然面临这个问题。 – kannanrbk

+1

你可以发布使用ssh -v连接的输出吗?这应该给更多的信息有什么不对。 –

回答

8

根据您的描述,您在家中创建了.ssh目录,然后在同一目录(您的家中,不在〜/ .ssh /中)创建.authorized_keys文件。请确保文件位于正确的位置。

此外,下面的命令可以设置你没有所有的麻烦:

[email protected]:~$ ssh-copy-id [email protected]

希望有所帮助。

来源

2012-05-31 20:42:19

1

这是要求输入密码,因为您还没有告诉客户机使用哪个密钥。

你可以做两个方面,这一个:

1)当您终端到你的远程机器上,使用以下命令:

ssh -i /path/to/your/privatekey [email protected]

2)在客户机上创建文件~/.ssh/config并插入以下内容:

Host your.hostname.tld 
IdentityFile /path/to/your/privatekey

如果您想要使用多个不同的密钥,方法1是非常好的。每次连接到给定主机时,方法2都会自动实现自动。

来源

2012-05-25 05:57:52

+0

不应该有必要 - 将自动找到名为id_rsa的键。 – glglgl

+0

这对我有用。我的钥匙没有被命名为id_rsa,但是按照+贾斯汀的指示,它现在按预期工作!谢谢 – Chaos

2

这两个系统上的.ssh dir应该是700

drwx------ .ssh

来源

2013-04-15 09:43:30

1

您可能没有〜/ .ssh目录或没有.ssh/authorized_keys文件。请注意,只需手动创建〜/ .ssh/authorized_keys文件,就可以轻松地获得其中一个权限错误。

chmod 700 ~/.ssh 
chmod 600 ~/.ssh/id_rsa 
chmod 644 ~/.ssh/id_rsa.pub 
chmod 644 ~/.ssh/authorized_keys 
chmod 644 ~/.ssh/known_hosts 
restorecon -R ~/.ssh

真正的疑难杂症是最后一个,SELINUX(这是我偶然发现的,我总是这么做)。您可以随时尝试将其设置为宽容和/或检查audit.log。

# ll -Z ~/.ssh/authorized_keys 
-rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 /root/.ssh/authorized_keys 
# restorecon -R ~/.ssh 
# ll -Z ~/.ssh/authorized_keys 
-rw-r--r--. root root unconfined_u:object_r:ssh_home_t:s0 /root/.ssh/authorized_keys

做不到这一切登录到目标机器并创建

ssh-keygen

来源

2013-05-16 05:02:28 KCD

+0

我在CentOS 6上遇到了这个bug。需要运行'restorecon -R -v〜/ .ssh'。 – jnovack

+0

我刚刚意识到authorized_keys是一个文件,而不是一个文件夹。谢谢你清理这个!现在它在我的机器上运行。 – raunay

相关问题

 相关问题