关于ssh登陆的时候总是提示密码的问题

james5

问题简要描述，\r\n为什么从sol5.9 ssh登陆 sol5.10 的时候总是需要输入user1的密码？ 能否不要密码提示呢\r\n下面生成key的时候，passphrase是empty[空的]\r\n\r\n环境如下\r\n2台server\r\nos 版本\r\nsol 5.9                      sol 5.10\r\nssh版本\r\nSun_SSH_1.0.1        Sun_SSH_1.1\r\n\r\n2个server都是同样的用户user1\r\n\r\n在sol5.9上生成key\r\n

1. \r\n$ ssh-keygen -t rsa\r\nEnter file in which to save the key(/opt/user1/.ssh/id_rsa):\r\nGenerating public/private rsa key pair.\r\nEnter passphrase(empty for no passphrase):\r\nEnter same passphrase again:\r\nYour identification has been saved in /opt/user1/.ssh/id_rsa.\r\nYour public key has been saved in /opt/user1/.ssh/id_rsa.pub.\r\nThe key fingerprint is:\r\nmd5 1024 eb:6a:8a:0c:c7:8e:97:82:63:ce:68:4f:23:3d:41:08 gdntuser@zsups3j9\r\n

复制代码

\r\n然后把id_rsa.pub放到sol5.10那个server的 ~user1/.ssh/目录下\r\n并且\r\n

1. \r\ncat id_rsa.pub >> ~user1/.ssh/authorized_keys\r\nchmod 644 ~user1/.ssh/authorized_keys\r\n

复制代码

\r\n\r\n在sol5.9用 user1登陆sol5.10 \r\n\r\n

1. \r\n$ ssh -v xxx.xxx.xxx.xxx\r\nSSH Version Sun_SSH_1.0.1, protocol versions 1.5/2.0.\r\ndebug1: Reading configuration data /opt/user1/.ssh/config\r\ndebug1: Applying options for *\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: Rhosts Authentication disabled, originating port will not be trusted.\r\ndebug1: ssh_connect: getuid 12476 geteuid 12476 anon 1\r\ndebug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.\r\ndebug1: Connection established.\r\ndebug1: Bad RSA1 key file /opt/user1/.ssh/id_rsa.\r\ndebug1: identity file /opt/user1/.ssh/id_rsa type 3\r\ndebug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1\r\ndebug1: no match: Sun_SSH_1.1\r\nEnabling compatibility mode for protocol 2.0\r\ndebug1: Local version string SSH-2.0-Sun_SSH_1.0.1\r\ndebug1: sent kexinit: diffie-hellman-group1-sha1\r\ndebug1: sent kexinit: ssh-rsa,ssh-dss\r\ndebug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc\r\ndebug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc\r\ndebug1: sent kexinit: hmac-sha1,hmac-md5\r\ndebug1: sent kexinit: hmac-sha1,hmac-md5\r\ndebug1: sent kexinit: none\r\ndebug1: sent kexinit: none\r\ndebug1: sent kexinit:\r\ndebug1: sent kexinit:\r\ndebug1: send KEXINIT\r\ndebug1: done\r\ndebug1: wait KEXINIT\r\ndebug1: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sh\r\na1\r\ndebug1: got kexinit: ssh-rsa,ssh-dss\r\ndebug1: got kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc\r\ndebug1: got kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc\r\ndebug1: got kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96\r\ndebug1: got kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96\r\ndebug1: got kexinit: none,zlib\r\ndebug1: got kexinit: none,zlib\r\ndebug1: got kexinit: C,POSIX\r\ndebug1: got kexinit: C,POSIX\r\ndebug1: first kex follow: 0\r\ndebug1: reserved: 0\r\ndebug1: done\r\ndebug1: kex: server->client unable to decide common locale\r\ndebug1: kex: server->client aes128-cbc hmac-sha1 none\r\ndebug1: kex: client->server unable to decide common locale\r\ndebug1: kex: client->server aes128-cbc hmac-sha1 none\r\ndebug1: Sending SSH2_MSG_KEXDH_INIT.\r\ndebug1: bits set: 512/1024\r\ndebug1: Wait SSH2_MSG_KEXDH_REPLY.\r\ndebug1: Got SSH2_MSG_KEXDH_REPLY.\r\ndebug1: Host \'xxx.xxx.xxx.xxx\' is known and matches the RSA host key.\r\ndebug1: Found key in /opt/user1/.ssh/known_hosts:1\r\ndebug1: bits set: 507/1024\r\ndebug1: ssh_rsa_verify: signature correct\r\ndebug1: Wait SSH2_MSG_NEWKEYS.\r\ndebug1: GOT SSH2_MSG_NEWKEYS.\r\ndebug1: send SSH2_MSG_NEWKEYS.\r\ndebug1: done: send SSH2_MSG_NEWKEYS.\r\ndebug1: done: KEX2.\r\ndebug1: send SSH2_MSG_SERVICE_REQUEST\r\ndebug1: service_accept: ssh-userauth\r\ndebug1: got SSH2_MSG_SERVICE_ACCEPT\r\ndebug1: authentications that can continue: gssapi-keyex,gssapi-with-mic,publicke\r\ny,password,keyboard-interactive\r\ndebug1: next auth method to try is publickey\r\ndebug1: try pubkey: /opt/user1/.ssh/id_rsa\r\ndebug1: read SSH2 private key done: name rsa w/o comment success 1\r\ndebug1: authentications that can continue: gssapi-keyex,gssapi-with-mic,publicke\r\ny,password,keyboard-interactive\r\ndebug1: next auth method to try is publickey\r\ndebug1: next auth method to try is password\r\nuser1@xxx.xxx.xxx.xxx\'s password:\r\n\r\n

复制代码

\r\n\r\n为什么这里总是需要密码？ 能否不要密码提示呢，谢谢\r\n\r\n下面是/etc/ssh/sshd_config文件\r\n\r\n

1. \r\nProtocol 2\r\nPort 22\r\nListenAddress ::\r\nAllowTcpForwarding no\r\nGatewayPorts no\r\nX11Forwarding yes\r\nX11DisplayOffset 10\r\nX11UseLocalhost yes\r\nPrintMotd no\r\nKeepAlive yes\r\nSyslogFacility auth\r\nLogLevel info\r\nHostKey /etc/ssh/ssh_host_rsa_key\r\nHostKey /etc/ssh/ssh_host_dsa_key\r\nServerKeyBits 768\r\nKeyRegenerationInterval 3600\r\nStrictModes yes\r\nLoginGraceTime 600\r\nMaxAuthTries    6\r\nMaxAuthTriesLog 3\r\nPermitEmptyPasswords no\r\nPasswordAuthentication yes\r\nPAMAuthenticationViaKBDInt yes\r\nPermitRootLogin no\r\nSubsystem       sftp    /usr/lib/ssh/sftp-server\r\nIgnoreRhosts yes\r\nRhostsAuthentication no\r\nRhostsRSAAuthentication no\r\nRSAAuthentication yes\r\n

复制代码

\r\n\r\n\r\n相应的目录和文件权限\r\n

1. \r\ndrwx------   2 user1 other        512 Aug  3 15:16 .ssh\r\n-rw-r--r--   1 user1 other       1397 Aug  3 03:41 authorized_keys\r\n

复制代码

netsure

vi  /etc/ssh/sshd_config \r\nin line:\r\n\"PasswordAuthentication yes\"\r\nuse \"no\"  instead of  \" yes\"

james5

确定是这个问题吗？ 我没有要访问的sol5.10 root权限，哪位兄弟姐妹有环境的帮我测试确认一下，谢谢啦

james5

ding, 谁有环境帮我测试一下

james5

我刚刚测试了一下，打开了 /etc/ssh/sshd_config中的\r\nPermitRootLogin yes  (no改成yes)\r\n然后root就可以在sol5.9上 ssh登陆sol5.10  不用输入密码\r\n可是除了root其他用户（我自己创建的user1）不可以，为什么呢？\r\nuser1在sol5.9和sol5.10上都有这个用户。

SILVER0918

不知james5 后来是否解决了06年的问题\r\n最近我也遇到了相似的现象，平台是LINUX，不过是只有一个普通帐号有问题，root和其他帐号都可以正常ssh互通。\r\n后来发现是因为这个帐号的权限设置在两台主机上不一致，一边设有sudo，而另一边没有，有sudo的一边ssh时总是提示要输入密码；在另一边也设置sudo后，就解决了。