我有我的计算机(Mac OSX 10.9.4)和远程服务器(Ubuntu 14.04.1 LTS)。我用ssh-keygen
创建了一个ssh密钥(没有密码短语),将公钥添加到服务器的.ssh/authorized_keys
中,这一切都很好。然后,今天早些时候,ssh
开始再次要求我输入密码。
我真的不确定是什么原因造成的-这些是我的最佳猜测:
rm
将它们复制了)。从我的命令历史记录可以看出,没有删除与ssh相关的文件,只有.git,.gitignore和各种* .sw? vim剩下的文件。ssh-keygen -l -f ~/.ssh/authorized_keys
以查看(我认为)该文件中密钥的指纹。当我运行ssh -v -i ~/.ssh/mykey_rsa user@serverip
时,我得到了:
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/myusername/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 50: Applying options for *
debug1: Connecting to {ip address} [{ip address}] port 22.
debug1: Connection established.
debug1: identity file .ssh/mykey_rsa type 1
debug1: identity file .ssh/mykey_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH*
debug1: Miscellaneous failure (see text)
No credentials cache file found
debug1: An invalid name was supplied
unknown mech-code 0 for mech 1 2 752 43 14 2
debug1: Miscellaneous failure (see text)
unknown mech-code 0 for mech 1 3 6 1 5 5 14
debug1: Miscellaneous failure (see text)
unknown mech-code 2 for mech 1 3 6 1 4 1 311 2 2 10
debug1: An unsupported mechanism was requested
unknown mech-code 0 for mech 1 3 5 1 5 2 7
debug1: Miscellaneous failure (see text)
unknown mech-code 0 for mech 1 3 6 1 5 2 5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA {fingerprint}
debug1: Host '{ip address}' is known and matches the RSA host key.
debug1: Found key in /Users/myusername/.ssh/known_hosts:16
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: .ssh/otherkey_rsa
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: .ssh/mykey_rsa
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
user@serverip's password:
[我发现它在我告诉它使用一个不同的ssh密钥(otherkey_rsa)之前尝试了一个不同的ssh密钥(mykey_rsa),这有点奇怪,但是我对ssh的了解还不足以对此进行很好的解析。
同时,远程服务器的/var/log/auth.log
有用地说
Aug 12 02:04:19 servername sshd[22147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Aug 12 02:04:19 servername sshd[22147]: Authentication refused: bad ownership or modes for directory /root
本地/在我的计算机上:
~/ drwxr-xr-x+ 105 myusername staff 3570 Aug 11 23:14
~/.ssh/ drwx------ 13 myusername staff 442 Aug 11 23:14
~/.ssh/mykey_rsa.pub -rw-r--r-- 1 myusername staff 397 Aug 5 20:52
~/.ssh/mykey_rsa -rw------- 1 myusername staff 1675 Aug 5 20:52
远程/在服务器上:
~/ drwxr-xr-x 8 501 staff 4096 Aug 12 02:16
~/.ssh/ drwx------ 2 remoteuser root 4096 Aug 12 01:49
~/.ssh/authorized_keys -rw------- 1 remoteuser root 794 Aug 12 01:44
[aecolley在超级用户身上指出,答案盯着我。权限问题[[was,原因是使用uid 501的用户拥有我的主目录。你为什么问?因为我(出于某种偶然)使用rsync
从笔记本电脑中复制了一堆文件,并且rsync
似乎使用了笔记本电脑的用户ID(501,这是OS X上的默认设置)来完成这项工作。 >从服务器上我的主目录中的[chown root .
解决了该问题。