歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux基礎 >> 關於Linux

ssh keygen後登陸無效解決

ssh keygen後登陸無效解決   設置無密碼登陸,結果出錯無效.  ssh-keygen,    錯誤的設置方式:  登陸到遠程主機:mkdir .ssh && chmod 700 .ssh  本地:scp .ssh/id_rsa.pub root@your_remote_host  結果登陸還是提示要求輸入密碼.... ++ 試了好多次,權限啥的都是完全正確的...就是不行...    後來發現,正確的設置方式:  登陸到遠程主機:mkdir .ssh && chmod 700 .ssh  本地:ssh-copy-id -i .ssh/id_rsa.pub root@your_remote_host  ok成功了~~    錯誤的設置時,ssh顯示調試信息:ssh -vvv -oPreferredAuthentications=publickey root@your_remote_host  錯誤的調試信息如下,供參考:  引用 OpenSSH_5.2p1, OpenSSL 1.0.1c 10 May 2012  debug1: Reading configuration data /usr/local/etc/ssh_config  debug2: ssh_connect: needpriv 0  debug1: Connecting to 192.168.0.113 [192.168.0.113] port 22.  debug1: Connection established.  debug1: identity file ~/.ssh/identity type -1  debug3: Not a RSA1 key file /home/gototouch/.ssh/id_rsa.  debug2: key_type_from_name: unknown key type '-----BEGIN'  debug3: key_read: missing keytype  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug3: key_read: missing whitespace  debug2: key_type_from_name: unknown key type '-----END'  debug3: key_read: missing keytype  debug1: identity file ~/.ssh/id_rsa type 1  debug1: identity file ~/.ssh/id_dsa type -1  debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3  debug1: match: OpenSSH_5.3 pat OpenSSH*  debug1: Enabling compatibility mode for protocol 2.0  debug1: Local version string SSH-2.0-OpenSSH_5.2  debug2: fd 3 setting O_NONBLOCK  debug1: SSH2_MSG_KEXINIT sent  debug1: SSH2_MSG_KEXINIT received  debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1  debug2: kex_parse_kexinit: ssh-rsa,ssh-dss  debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]  debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]  debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96  debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96  debug2: kex_parse_kexinit: none,[email protected],zlib  debug2: kex_parse_kexinit: none,[email protected],zlib  debug2: kex_parse_kexinit:  debug2: kex_parse_kexinit:  debug2: kex_parse_kexinit: first_kex_follows 0  debug2: kex_parse_kexinit: reserved 0  debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1  debug2: kex_parse_kexinit: ssh-rsa,ssh-dss  debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]  debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]  debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96  debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96  debug2: kex_parse_kexinit: none,[email protected]  debug2: kex_parse_kexinit: none,[email protected]  debug2: kex_parse_kexinit:  debug2: kex_parse_kexinit:  debug2: kex_parse_kexinit: first_kex_follows 0  debug2: kex_parse_kexinit: reserved 0  debug2: mac_setup: found hmac-md5  debug1: kex: server->client aes128-ctr hmac-md5 none  debug2: mac_setup: found hmac-md5  debug1: kex: client->server aes128-ctr hmac-md5 none  debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent  debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP  debug2: dh_gen_key: priv key bits set: 121/256  debug2: bits set: 499/1024  debug1: SSH2_MSG_KEX_DH_GEX_INIT sent  debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY  debug3: check_host_in_hostfile: filename /home/gototouch/.ssh/known_hosts  debug3: check_host_in_hostfile: match line 6  debug1: Host '192.168.0.113' is known and matches the RSA host key.  debug1: Found key in ~/.ssh/known_hosts:6  debug2: bits set: 522/1024  debug1: ssh_rsa_verify: signature correct  debug2: kex_derive_keys  debug2: set_newkeys: mode 1  debug1: SSH2_MSG_NEWKEYS sent  debug1: expecting SSH2_MSG_NEWKEYS  debug2: set_newkeys: mode 0  debug1: SSH2_MSG_NEWKEYS received  debug1: SSH2_MSG_SERVICE_REQUEST sent  debug2: service_accept: ssh-userauth  debug1: SSH2_MSG_SERVICE_ACCEPT received  debug2: key: ~/.ssh/id_rsa (0x15fce10)  debug2: key: [email protected] (0x1604210)  debug2: key: ~/.ssh/identity ((nil))  debug2: key: ~/.ssh/id_dsa ((nil))  debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password  debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password  debug3: preferred publickey  debug3: authmethod_lookup publickey  debug3: remaining preferred:  debug3: authmethod_is_enabled publickey  debug1: Next authentication method: publickey  debug1: Offering public key: ~/.ssh/id_rsa  debug3: send_pubkey_test  debug2: we sent a publickey packet, wait for reply  debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password  debug1: Offering public key: [email protected]  debug3: send_pubkey_test  debug2: we sent a publickey packet, wait for reply  debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password  debug1: Trying private key: ~/.ssh/identity  debug3: no such identity: ~/.ssh/identity  debug1: Trying private key: ~/.ssh/id_dsa  debug3: no such identity: ~/.ssh/id_dsa  debug2: we did not send a packet, disable method  debug1: No more authentication methods to try.  Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).   後記:本人仔細看了下/usr/bin/ssh-copy-id的腳步,發現了centos的restorecon命令起的作用,測試了下如下方式也是可以有效的不用密碼登陸:  遠程執行:mkdir .ssh && chmod 700 .ssh  本地執行:cat ~/.ssh/id_rsa.pub | ssh root@your_host 'cat -  >> .ssh/authorized_keys'  遠程執行:restorecon .ssh .ssh/authorized_keys  最後一步是成功的保證   
Copyright © Linux教程網 All Rights Reserved