ssh keygen後登陸無效解決
設置無密碼登陸,結果出錯無效.
ssh-keygen,
錯誤的設置方式:
登陸到遠程主機:mkdir .ssh && chmod 700 .ssh
本地:scp .ssh/id_rsa.pub root@your_remote_host
結果登陸還是提示要求輸入密碼.... ++ 試了好多次,權限啥的都是完全正確的...就是不行...
後來發現,正確的設置方式:
登陸到遠程主機:mkdir .ssh && chmod 700 .ssh
本地:ssh-copy-id -i .ssh/id_rsa.pub root@your_remote_host
ok成功了~~
錯誤的設置時,ssh顯示調試信息:ssh -vvv -oPreferredAuthentications=publickey root@your_remote_host
錯誤的調試信息如下,供參考:
引用
OpenSSH_5.2p1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /usr/local/etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.113 [192.168.0.113] port 22.
debug1: Connection established.
debug1: identity file ~/.ssh/identity type -1
debug3: Not a RSA1 key file /home/gototouch/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file ~/.ssh/id_rsa type 1
debug1: identity file ~/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,
[email protected],hmac-ripemd160,
[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,
[email protected],hmac-ripemd160,
[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,
[email protected],zlib
debug2: kex_parse_kexinit: none,
[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,
[email protected],hmac-ripemd160,
[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,
[email protected],hmac-ripemd160,
[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,
[email protected]
debug2: kex_parse_kexinit: none,
[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 121/256
debug2: bits set: 499/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/gototouch/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 6
debug1: Host '192.168.0.113' is known and matches the RSA host key.
debug1: Found key in ~/.ssh/known_hosts:6
debug2: bits set: 522/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: ~/.ssh/id_rsa (0x15fce10)
debug2: key:
[email protected] (0x1604210)
debug2: key: ~/.ssh/identity ((nil))
debug2: key: ~/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred:
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: ~/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering public key:
[email protected]
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: ~/.ssh/identity
debug3: no such identity: ~/.ssh/identity
debug1: Trying private key: ~/.ssh/id_dsa
debug3: no such identity: ~/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
後記:本人仔細看了下/usr/bin/ssh-copy-id的腳步,發現了centos的restorecon命令起的作用,測試了下如下方式也是可以有效的不用密碼登陸:
遠程執行:mkdir .ssh && chmod 700 .ssh
本地執行:cat ~/.ssh/id_rsa.pub | ssh root@your_host 'cat - >> .ssh/authorized_keys'
遠程執行:restorecon .ssh .ssh/authorized_keys
最後一步是成功的保證