Linux ssh 无密码登录不起作用?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10749020/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Linux ssh passwordless login doesn't work?
提问by kannanrbk
bharathi-1397@bharathi-1397:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/local/bharathi-1397/.ssh/id_rsa):
/home/local/bharathi-1397/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/local/bharathi-1397/.ssh/id_rsa.
Your public key has been saved in /home/local/bharathi-1397/.ssh/id_rsa.pub.
The key fingerprint is:
de:e3:e5:f6:a3:8e:83:76:f0:7d:d6:e1:b3:d6:cc:93 bharathi-1397@bharathi-1397
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| |
| |
| S |
| ... . |
| .+o.. .++|
| o.+=o +E=|
| . .o++=oo+|
+-----------------+
Next i copy content's from .ssh/id_rsa.pub and stored in remote machine.
接下来我从 .ssh/id_rsa.pub 复制内容并存储在远程机器中。
[email protected]:~$ mkdir .ssh
[email protected]:~$ vi authorized_keys
paste the copied content into authorized_keys but next time i try to login it will ask password why ? ssh [email protected] [email protected]'s password:
将复制的内容粘贴到authorized_keys 中,但下次我尝试登录时,它会询问密码为什么?ssh [email protected] [email protected] 的密码:
Why it asking password ? . I follow the step's correctly . I don't know why it ask password ?
为什么要问密码?. 我按照步骤正确。我不知道为什么它会问密码?
ssh -v [email protected]
OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to integ-build3 [192.168.5.173] port 22.
debug1: Connection established.
debug1: identity file /home/local/bharathi-1397/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/local/bharathi-1397/.ssh/id_rsa-cert type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_dsa type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_dsa-cert type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_ecdsa type -1
debug1: identity file /home/local/bharathi-1397/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 66:3e:67:25:65:22:f0:70:3d:e3:ce:3b:14:49:7e:76
debug1: Host '172.20.2.7' is known and matches the RSA host key.
debug1: Found key in /home/local/bharathi-1397/.ssh/known_hosts:5
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/local/bharathi-1397/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/local/bharathi-1397/.ssh/id_dsa
debug1: Trying private key: /home/local/bharathi-1397/.ssh/id_ecdsa
debug1: Next authentication method: password
[email protected]'s password:
采纳答案by Kristof Jozsa
According to your description you created the .ssh directory in your home and then created the .authorized_keys file in the same directory (your home, not in ~/.ssh/). Please make sure the file is at the correct place.
根据您的描述,您在自己的家中创建了 .ssh 目录,然后在同一目录(您的家,而不是 ~/.ssh/)中创建了 .authorized_keys 文件。请确保文件位于正确的位置。
Also, the following command can set you up without all the hassle:
此外,以下命令可以让您轻松设置:
user@host:~$ ssh-copy-id user@otherhost
Hope that helps.
希望有帮助。
回答by Justin Pearce
It's asking for a password because you haven't told the client machine what key to use.
它要求输入密码,因为您没有告诉客户端机器使用什么密钥。
You can do this one of two ways:
您可以通过以下两种方式之一执行此操作:
1) when you terminal into your remote machine, use the following:
1) 当您终端进入远程机器时,请使用以下命令:
ssh -i /path/to/your/privatekey user@host
ssh -i /path/to/your/privatekey user@host
2) Create the file ~/.ssh/configon your client machine and insert the following:
2)~/.ssh/config在您的客户端机器上创建文件并插入以下内容:
Host your.hostname.tld
IdentityFile /path/to/your/privatekey
Method 1 is great if you have several different keys your want to use. Method 2 is effectively automatic every time you connect to the given host.
如果您要使用多个不同的键,则方法 1 非常有用。每次连接到给定主机时,方法 2 都会自动生效。
回答by Hermann Kebol
The .sshdir should be 700on both systems.
该.ssh目录应700在两个系统上。
drwx------ .ssh
回答by KCD
You probably had no ~/.ssh directory or no .ssh/authorized_keys file. Be aware when simply creating the ~/.ssh/authorized_keys file manually you can easily get one of the permissions wrong.
您可能没有 ~/.ssh 目录或没有 .ssh/authorized_keys 文件。请注意,仅手动创建 ~/.ssh/authorized_keys 文件时,您很容易获得错误的权限之一。
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 644 ~/.ssh/authorized_keys
chmod 644 ~/.ssh/known_hosts
restorecon -R ~/.ssh
The real gotcha is the last one, SELINUX (this is what I stumbled on, I always do). You can always try setting it to permissive and/or checking the audit.log too.
真正的问题是最后一个,SELINUX(这是我偶然发现的,我总是这样做)。您可以随时尝试将其设置为宽松和/或检查 audit.log。
# ll -Z ~/.ssh/authorized_keys
-rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 /root/.ssh/authorized_keys
# restorecon -R ~/.ssh
# ll -Z ~/.ssh/authorized_keys
-rw-r--r--. root root unconfined_u:object_r:ssh_home_t:s0 /root/.ssh/authorized_keys
Failing all this login to the target machine and create the full key structure with
失败所有这些登录到目标机器并创建完整的密钥结构
ssh-keygen
