免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
论坛 操作系统 Linux系统管理 关于ssh公钥登录
12下一页
最近访问板块 发新帖
查看: 8919 | 回复: 14
打印 上一主题 下一主题

关于ssh公钥登录 [复制链接]

小UUUU

论坛徽章:
0
跳转到指定楼层
1 [收藏(0)] [报告]
发表于 2011-08-08 15:52 |只看该作者 |倒序浏览
想从A登录B

A上ssh-keygen -t rsa
拷贝生成的id_rsa.pub到B /home/aaa/.ssh下
cat id_rsa.pub >> authorized_keys 之后修改了B上的/etc/ssh/sshd_config的相关设置
从A上连接B报“Permission denied (publickey,gssapi-with-mic).”
加-v参数见下

到底啥问题呀 没看出来撒? 指点一下

$ ssh -l aaa 10.10.115.27
Permission denied (publickey,gssapi-with-mic).
[aaa@CentOS-26 .ssh]$ ssh -l aaa 10.10.115.27 -v
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.10.115.27 [10.10.115.27] port 22.
debug1: Connection established.
debug1: identity file /home/aaa/.ssh/identity type -1
debug1: identity file /home/aaa/.ssh/id_rsa type 1
debug1: identity file /home/aaa/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.10.115.27' is known and matches the RSA host key.
debug1: Found key in /home/aaa/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Next authentication method: publickey
debug1: Trying private key: /home/aaa/.ssh/identity
debug1: Offering public key: /home/aaa/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Trying private key: /home/aaa/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-with-mic).
taojie2000

论坛徽章:
0
2 [报告]
发表于 2011-08-08 16:04 |只看该作者
回复 1# 小UUUU


    生成key时候你直接回车默认还是 修改过key  哪保存 ?

     看下log/secure 关于ssh的报错
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
小UUUU

论坛徽章:
0
3 [报告]
发表于 2011-08-08 16:08 |只看该作者
回复  小UUUU


    生成key时候你直接回车默认还是 修改过key  哪保存 ?

     看下log/secure 关于 ...
taojie2000 发表于 2011-08-08 16:04


额 没改过

Aug  8 23:35:42 CentOS-27 sshd[2559]: Server listening on :: port 22.
Aug  8 23:35:42 CentOS-27 sshd[2559]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Aug  8 23:36:04 CentOS-27 sshd[2563]: Authentication refused: bad ownership or modes for file /home/aaa/.ssh/authorized_keys
Aug  8 23:36:04 CentOS-27 sshd[2563]: Authentication refused: bad ownership or modes for file /home/aaa/.ssh/authorized_keys
Aug  8 23:36:04 CentOS-27 sshd[2564]: Connection closed by 10.10.115.26
Aug  8 23:36:25 CentOS-27 sshd[2565]: Authentication refused: bad ownership or modes for file /home/aaa/.ssh/authorized_keys
Aug  8 23:36:25 CentOS-27 sshd[2565]: Authentication refused: bad ownership or modes for file /home/aaa/.ssh/authorized_keys
Aug  8 23:36:25 CentOS-27 sshd[2566]: Connection closed by 10.10.115.26
Aug  8 23:36:57 CentOS-27 sshd[2567]: Authentication refused: bad ownership or modes for file /home/aaa/.ssh/authorized_keys
Aug  8 23:36:57 CentOS-27 sshd[2567]: Authentication refused: bad ownership or modes for file /home/aaa/.ssh/authorized_keys
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
taojie2000

论坛徽章:
0
4 [报告]
发表于 2011-08-08 16:11 |只看该作者
回复 3# 小UUUU


    bad ownership or modes for file /home/aaa/.ssh/authorized_keys   

    权限错误  

     ll -a     /home/user/.ssh/    列出来     


     对比下我这root的
    -rw-r--r-- 1 root root     authorized_keys

     权限644   属主要对应给用户
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
小UUUU

论坛徽章:
0
5 [报告]
发表于 2011-08-08 16:14 |只看该作者
回复  小UUUU


    bad ownership or modes for file /home/aaa/.ssh/authorized_keys   

    权限 ...
taojie2000 发表于 2011-08-08 16:11


[aaa@CentOS-27 .ssh]$ pwd
/home/aaa/.ssh
[aaa@CentOS-27 .ssh]$ ll
total 8
-rw-r--r-- 1 aaa aaa 395 Aug  8 23:34 authorized_keys
-rw-r--r-- 1 aaa aaa 395 Aug  8 23:09 id_rsa.pub

600 644都试过 不行耶
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
taojie2000

论坛徽章:
0
6 [报告]
发表于 2011-08-08 16:37 |只看该作者
回复 1# 小UUUU


   不用什么文档   就是 用A的aaa用户  生成key   pub 到B机器 aaa家目录的 authorized_keys   

   你配置文件都修改什么?
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
小UUUU

论坛徽章:
0
7 [报告]
发表于 2011-08-08 16:38 |只看该作者
唉 果然是权限的问题 解决了
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
taojie2000

论坛徽章:
0
8 [报告]
发表于 2011-08-08 16:44 |只看该作者
回复 7# 小UUUU


    写出答案来
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
taojie2000

论坛徽章:
0
9 [报告]
发表于 2011-08-08 16:47 |只看该作者
回复 3# 小UUUU


    error: Bind to port 22 on 0.0.0.0 failed: Address already in use.   

     这个地方有个小报错信息,虽然没影响,但可以去掉  

     你把sshd.config里的   Listenaddress  0.0.0.0 前面的 # 去掉就行!  

     再重启服务就没那提示了!
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
小UUUU

论坛徽章:
0
10 [报告]
发表于 2011-08-08 16:48 |只看该作者
回复  小UUUU


    error: Bind to port 22 on 0.0.0.0 failed: Address already in use.   

      ...
taojie2000 发表于 2011-08-08 16:47


嗯 呵呵 就是.ssh目录权限的问题
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP