2010-04-23 299 views
2

我想ssh到遠程機器,我得到了以下的調試消息:SSH權限被拒絕

debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: Applying options for * 
debug2: ssh_connect: needpriv 0 
debug1: Connecting to xxx.xxx.x.xx [xxx.xxx.xx.x] port 22. 
debug1: Connection established. 
debug3: Not a RSA1 key file /home/hadoop/.ssh/id_rsa. 
debug2: key_type_from_name: unknown key type '-----BEGIN' 
debug3: key_read: missing keytype 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug3: key_read: missing whitespace 
debug2: key_type_from_name: unknown key type '-----END' 
debug3: key_read: missing keytype 
debug1: identity file /home/hadoop/.ssh/id_rsa type 1 
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-6ubuntu2 
debug1: match: OpenSSH_5.1p1 Debian-6ubuntu2 pat OpenSSH* 
debug1: Enabling compatibility mode for protocol 2.0 
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-6ubuntu2 
debug2: fd 3 setting O_NONBLOCK 
debug1: SSH2_MSG_KEXINIT sent 
debug1: SSH2_MSG_KEXINIT received 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss 
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr 
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none,[email protected],zlib 
debug2: kex_parse_kexinit: none,[email protected],zlib 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss 
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr 
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected]m,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none,[email protected] 
debug2: kex_parse_kexinit: none,[email protected] 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5 
debug1: kex: server->client aes128-cbc hmac-md5 none 
debug2: mac_setup: found hmac-md5 
debug1: kex: client->server aes128-cbc hmac-md5 none 
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent 
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP 
debug2: dh_gen_key: priv key bits set: 128/256 
debug2: bits set: 511/1024 
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent 
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY 
debug3: check_host_in_hostfile: filename /home/hadoop/.ssh/known_hosts 
debug3: check_host_in_hostfile: match line 20 
debug1: Host '192.168.1.63' is known and matches the RSA host key. 
debug1: Found key in /home/hadoop/.ssh/known_hosts:20 
debug2: bits set: 511/1024 
debug1: ssh_rsa_verify: signature correct 
debug2: kex_derive_keys 
debug2: set_newkeys: mode 1 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug2: set_newkeys: mode 0 
debug1: SSH2_MSG_NEWKEYS received 
debug1: SSH2_MSG_SERVICE_REQUEST sent 
debug2: service_accept: ssh-userauth 
debug1: SSH2_MSG_SERVICE_ACCEPT received 
debug2: key: /home/hadoop/.ssh/id_rsa (0x241c110) 
debug1: Authentications that can continue: publickey,password 
debug3: start over, passed a different list publickey,password 
debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive 
debug3: authmethod_lookup publickey 
debug3: remaining preferred: keyboard-interactive 
debug3: authmethod_is_enabled publickey 
debug1: Next authentication method: publickey 
debug1: Offering public key: /home/hadoop/.ssh/id_rsa 
debug3: send_pubkey_test 
debug2: we sent a publickey packet, wait for reply 
debug1: Authentications that can continue: publickey,password 
debug2: we did not send a packet, disable method 
debug1: No more authentication methods to try. 
Permission denied (publickey,password). 

似乎是什麼問題?我嘗試了一切,這讓我瘋狂。

回答

4

你說你在「新」節點有問題,但是,似乎在〜/ .ssh/known_hosts它很可能是嘗試使用以前會話的設置。你說你複製了id_rsa,但你應該試着移動它以防止被發現和使用。你可以看到在您的文章中提到的文件,特別是線「提供公鑰:/home/hadoop/.ssh/id_rsa」

嘗試移動這兩個文件(id_rsa和known_hosts中)的,看看是否有變化的東西。

+0

非常感謝!這工作。 – Gitmo 2010-05-01 04:22:01

1

看起來像一個壞的私鑰。我首先將/home/hadoop/.ssh/id_rsa移動到/home/hadoop/.ssh/id_rsa.bak,看看是否有幫助

+0

感謝您的回覆..我試着將id_rsa的內容複製到id_rsa.bak。這沒有幫助。 其實,我目前的設置完全適用於現有的5臺機器。我無法將SSH添加到我剛剛添加的新節點中。 任何幫助將不勝感激。 – Gitmo 2010-04-23 06:03:56

+0

你是怎麼知道這是一個糟糕的私鑰? – Gitmo 2010-04-23 06:05:03

0

正如上面的答案所述,它看起來是一個壞鑰匙。運行ssh-keygen並創建一個新的備份現有的。

然後嘗試做一個

id_rsa.pub >> authorized_keys 

沒有複製/粘貼。從VIM複製/粘貼可能會導致用戶錯誤。

+0

如果你想澄清問題中的問題,請留下評論(一旦你有足夠的聲望),而不是在問題的*答案*部分提問。 – Sumurai8 2013-09-04 14:17:48

+0

這是一個有效的問題。我整天處理sftp傳輸。很抱歉,我沒有「聲譽」來添加評論。我已經刪除了這個問題。 – tomlarmon 2013-09-04 14:57:05