SSHD給出錯誤無法打開授權密鑰，但權限

Question

我無法登錄到SSH因爲在/ var /日誌下面的錯誤/安全（根據調試日誌）似乎正確：

Dec 19 18:01:05 hostname sshd[25119]: debug1: trying public key file /root/.ssh/authorized_keys 
Dec 19 18:01:05 hostname sshd[25119]: debug1: Could not open authorized keys '/root/.ssh/authorized_keys': Permission denied 

我有根設置以下權限

chmod 700 ~/.ssh 
chmod 600 ~/.ssh/authorized_keys 
chmod go-wrx ~ 

LS -lah給出了這些目錄以下輸出：

drwx------. 6 root root 4.0K Dec 19 17:46 root 
drwx------. 2 root root 4.0K Dec 19 17:41 .ssh 
-rw-------. 1 root root 416 Dec 19 17:12 authorized_keys 

我知道我使用的密鑰是正確的，因爲我只是在安裝其他服務器時沒有任何問題。

我運行：CentOS版本6.4（最終）

我已經添加了我的sshd的配置的情況下，有一些錯誤配置在那裏，可能會導致問題：

#  $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ 

# This is the sshd server system-wide configuration file. See 
# sshd_config(5) for more information. 

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin 

# The strategy used for options in the default sshd_config shipped with 
# OpenSSH is to specify options with their default value where 
# possible, but leave them commented. Uncommented options change a 
# default value. 

#Port 22 
#AddressFamily any 
#ListenAddress 0.0.0.0 
#ListenAddress :: 

# Disable legacy (protocol version 1) support in the server for new 
# installations. In future the default will change to require explicit 
# activation of protocol 1 
Protocol 2 

# HostKey for protocol version 1 
#HostKey /etc/ssh/ssh_host_key 
# HostKeys for protocol version 2 
#HostKey /etc/ssh/ssh_host_rsa_key 
#HostKey /etc/ssh/ssh_host_dsa_key 

# Lifetime and size of ephemeral version 1 server key 
#KeyRegenerationInterval 1h 
#ServerKeyBits 1024 

# Logging 
# obsoletes QuietMode and FascistLogging 
#SyslogFacility AUTH 
SyslogFacility AUTHPRIV 
LogLevel DEBUG 

# Authentication: 

#LoginGraceTime 2m 
PermitRootLogin yes 
StrictModes no 
#MaxAuthTries 6 
#MaxSessions 10 

RSAAuthentication yes 
PubkeyAuthentication yes 
AuthorizedKeysFile  .ssh/authorized_keys 
#AuthorizedKeysCommand none 
#AuthorizedKeysCommandRunAs nobody 

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 
#RhostsRSAAuthentication no 
# similar for protocol version 2 
#HostbasedAuthentication no 
# Change to yes if you don't trust ~/.ssh/known_hosts for 
# RhostsRSAAuthentication and HostbasedAuthentication 
#IgnoreUserKnownHosts no 
# Don't read the user's ~/.rhosts and ~/.shosts files 
IgnoreRhosts yes 

# To disable tunneled clear text passwords, change to no here! 
#PasswordAuthentication yes 
#PermitEmptyPasswords no 
PasswordAuthentication yes 

# Change to no to disable s/key passwords 
#ChallengeResponseAuthentication yes 
ChallengeResponseAuthentication no 

# Kerberos options 
#KerberosAuthentication no 
#KerberosOrLocalPasswd yes 
#KerberosTicketCleanup yes 
#KerberosGetAFSToken no 
#KerberosUseKuserok yes 

# GSSAPI options 
#GSSAPIAuthentication no 
GSSAPIAuthentication yes 
#GSSAPICleanupCredentials yes 
GSSAPICleanupCredentials yes 
#GSSAPIStrictAcceptorCheck yes 
#GSSAPIKeyExchange no 

# Set this to 'yes' to enable PAM authentication, account processing, 
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication and 
# PasswordAuthentication. Depending on your PAM configuration, 
# PAM authentication via ChallengeResponseAuthentication may bypass 
# the setting of "PermitRootLogin without-password". 
# If you just want the PAM account and session checks to run without 
# PAM authentication, then enable this but set PasswordAuthentication 
# and ChallengeResponseAuthentication to 'no'. 
#UsePAM no 
UsePAM yes 

# Accept locale-related environment variables 
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE 
AcceptEnv XMODIFIERS 

#AllowAgentForwarding yes 
#AllowTcpForwarding yes 
#GatewayPorts no 
#X11Forwarding no 
X11Forwarding yes 
#X11DisplayOffset 10 
#X11UseLocalhost yes 
#PrintMotd yes 
#PrintLastLog yes 
#TCPKeepAlive yes 
#UseLogin no 
#UsePrivilegeSeparation yes 
#PermitUserEnvironment no 
#Compression delayed 
#ClientAliveInterval 0 
#ClientAliveCountMax 3 
#ShowPatchLevel no 
UseDNS no 
#PidFile /var/run/sshd.pid 
#MaxStartups 10:30:100 
#PermitTunnel no 
#ChrootDirectory none 

# no default banner path 
#Banner none 

# override default of no subsystems 
Subsystem  sftp /usr/libexec/openssh/sftp-server 

# Example of overriding settings on a per-user basis 
#Match User anoncvs 
#  X11Forwarding no 
#  AllowTcpForwarding no 
#  ForceCommand cvs server 

任何想法非常感謝。

Answer 1

如果權限正確，SELinux可能仍然會阻止sshd打開文件。

試着修復裏面的標籤。SSH目錄（也許$ HOME）：

restorecon -FRvv ~/.ssh 

（我故意不建議禁用了SELinux或將其設置爲許可模式。）

Answer 2

一對夫婦的想法，以檢查：

• 你能貓的authorized_keys？這個文件是什麼樣的？
• 你的sshd配置爲允許root登錄嗎？這通常是皺眉，
• 你是做它的根或作爲一個sudoer？

Answer 3

1. 不要~/.ssh/...做chmod。嘗試寫出確切的路徑：/root/.ssh/...，因爲有時（當使用su等）時，~可能被錯誤地設置。在命令中不使用~，請再次檢查併發布完整路徑的權限。

2. 一旦您完全確定權限正常，請檢查您的sshd是否實際上在用戶root下運行：ps -A u | grep sshd。

Answer 4

幾件事情要仔細檢查：

1. 你確定你複製公鑰到authorized_keys中，不 私鑰？ :-)
2. 做cat -tv authorized_keys。每行末尾有任何^M個字符？在authorized_keys上執行dos2unix
3. 您是否在做出 配置更改後重新啓動ssh守護進程？

Answer 5

我掙扎着用密鑰認證爲好。

無法打開授權密鑰「/home/myUserName/.ssh/authorized_keys2」：權限被拒絕

測試過的所有上面的東西時，我在這裏結束了（對谷歌第一個鏈接）。 我意識到這是一箇舊帖子，但我會在這裏添加它，以防其他人遇到與我一樣的問題並最終到達此處。

我有authorized_keys文件到 「根」 的主人，所以用作修改：

CHOWN名爲myUsername authorized_keys2中

解決了這個問題對我來說。

Answer 6

我遇到同樣的問題，得到它通過在同一時間同時改變的.ssh和authorized_keys的所有者解決： CHOWN名爲myUsername名稱：myusername的.ssh CHOWN名爲myUsername名稱：myusername的.ssh/authorized_keys中

感謝@niclaslindgren 。

而且順便說一句，這是不管用是否有^ M通過在authorized_keys與否，我已經測試證明，它與兩個