-1
我有一個ubuntu服務器,這是在公司的本地網絡,我們做了ip映射,以便我們可以從廣域網訪問該計算機。 我已經生成了一個pub key並添加到了authorized_keys中。ssh公鑰登錄失敗,隨機到我的Ubuntu服務器
前幾次登錄成功,但後來我ssh服務器它會彈出讓我填寫密碼。我的意思是隨機登錄時不需要密碼,它應該總是使用puk密鑰登錄。
這裏是SSH目錄的服務器上
drwxrwxr-x 2 fin fin 4096 2011-10-19 11:47 .ssh
drwxrwxr-x 2 fin fin 4096 2011-10-19 11:47 .
drwx------ 11 fin fin 4096 2011-11-30 11:10 ..
-rw-rw-r-- 1 fin fin 804 2011-11-29 20:06 authorized_keys
-rw------- 1 fin fin 1675 2011-10-19 11:46 id_rsa
-rw-r--r-- 1 fin fin 403 2011-10-19 11:46 id_rsa.pub
-rw-r--r-- 1 fin fin 884 2011-10-19 11:47 known_hosts
這裏的權限設置的詳細信息連接
openSSH_5.2p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 211.154.169.179 [211.154.169.179] port 1066.
debug1: Connection established.
debug1: identity file /Users/lidongbin/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/lidongbin/.ssh/id_rsa type 1
debug1: identity file /Users/lidongbin/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-7ubuntu1
debug1: match: OpenSSH_5.8p1 Debian-7ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 124/256
debug2: bits set: 525/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '[211.154.169.179]:1066' is known and matches the RSA host key.
debug1: Found key in /Users/lidongbin/.ssh/known_hosts:5
debug2: bits set: 517/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/lidongbin/.ssh/identity (0x0)
debug2: key: /Users/lidongbin/.ssh/id_rsa (0x100118e10)
debug2: key: /Users/lidongbin/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/lidongbin/.ssh/identity
debug1: Offering public key: /Users/lidongbin/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/lidongbin/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
這裏是/var/log/auth.log
Nov 30 11:11:35 vrv-oes sshd[30474]: Connection from 192.168.0.1 port 55669
Nov 30 11:11:41 vrv-oes sshd[30474]: Failed publickey for fin from 192.168.0.1 port 55669 ssh2
Nov 30 11:11:46 vrv-oes sshd[30529]: pam_ecryptfs: Passphrase file wrapped
Nov 30 11:11:47 vrv-oes sshd[30474]: Accepted password for fin from 192.168.0.1 port 55669 ssh2
Nov 30 11:11:47 vrv-oes sshd[30474]: pam_unix(sshd:session): session opened for user fin by (uid=0)
Nov 30 11:11:47 vrv-oes sshd[30474]: User child is on pid 30561
你有沒有遇到過這個問題? 我很困惑這幾天...
任何人都可以幫助我嗎?感謝您的提前!
謝謝awrn,我將詳細添加到ssh服務器配置,但是當我檢查/var/log/auth.log它只告訴我這個「失敗的公鑰從鰭從192.168.0.1端口55669 ssh2」,沒有更多相關信息?我應該在別處找到具體的日誌嗎?謝謝 –
和我服務器的.ssh目錄權限是「drwxrwxr-x 2 fin fin 4096 2011-10-19 11:47 .ssh」,我認爲這就夠了。 –
在調試中啓動一個新的sshd以查看發生了什麼:#/ usr/sbin/sshd -D -ddd -p 60022 ---現在從客戶端啓動一個新的ssh到端口60222,您應該在屏幕上看到sshd的調試權限當它發生時。那裏應該有更多的信息。 – awm