大神们，ssh登录问题求解啊~

jiwang1980

关于ssh配置登录不需要密码

步骤如下：
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

然后ssh localhost
结果还是让我输入密码

调试信息：
1，
[root@hadoop .ssh]# ssh -v localhost
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
root@localhost's password:


2，tail -f /var/log/secure
没有输出，所以不是认证文件的权限问题

求思路

llouis

补充一点：被远程登录的主机上用户的主目录的权限必须为755

llouis

试试这个方法，我之前遇到过类似问题，应该还是目录和文件的权限问题：

1. Create a public ssh key, if you haven’t one already.

Look at ~/.ssh. If you see a file named id_dsa.pub then you obviously already have a public key. If not, simply create one. ssh-keygen -t dsa should do the trick.

Please note that there are other types of keys, e.g. RSA instead of DSA. I simply recomend DSA, but keep that in mind if you run into errors.

2. Make sure your .ssh dir is 700:
chmod 700 ~/.ssh


3. Get your public ssh key on the server you want to login automatically.
A simple scp ~/.ssh/id_dsa.pub remoteuser@remoteserver.com: is ok.


4. Append the contents of your public key to the ~/.ssh/authorized_keys and remove it.

Important: This must be done on the server you just copied your public key to. Otherwise you wouldn’t have had to copy it on your server.

Simply issue something like ---
cat id_dsa.pub >> .ssh/authorized_keys while at your home directory.


5. Instead of steps 3 and 4, you can issue something like this:

cat ~/.ssh/id_dsa.pub | ssh -l remoteuser remoteserver.com 'cat >> ~/.ssh/authorized_keys'


6. Remove your public key from the home directory on the server.


7. Done!
You can now login:

ssh -l remoteuser remoteserver.com or ssh remoteuser@remoteserver.com

without getting asked for a password.

jiwang1980

换了台虚拟机，没有问题。
人品问题，也不想深究了，谢谢各位回复

jiwang1980

不是权限问题，权限问题应该在/var/log/secure里面有记录吧

我尝试修改权限，仍需密码

jiwang1980

试了，一样的错误，3ks

Shell_HAT

本地.ssh 700
远程.ssh 755

DiDeCrouse

/etc/ssh/sshd_config文件修改了吗？下面几行注释去掉
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

重启sshd服务，/etc/init.d/sshd restart

jiwang1980

这不是问题的原因，3ks

ajdan4q

不要用local,用ssh serv_ip