关于ssh登陆的时候总是提示密码的问题

james5

问题简要描述，
为什么从sol5.9 ssh登陆 sol5.10 的时候总是需要输入user1的密码？ 能否不要密码提示呢
下面生成key的时候，passphrase是empty[空的]

环境如下
2台server
os 版本
sol 5.9                      sol 5.10
ssh版本
Sun_SSH_1.0.1        Sun_SSH_1.1

2个server都是同样的用户user1

在sol5.9上生成key

1. 
   
2. $ ssh-keygen -t rsa
   
3. Enter file in which to save the key(/opt/user1/.ssh/id_rsa):
   
4. Generating public/private rsa key pair.
   
5. Enter passphrase(empty for no passphrase):
   
6. Enter same passphrase again:
   
7. Your identification has been saved in /opt/user1/.ssh/id_rsa.
   
8. Your public key has been saved in /opt/user1/.ssh/id_rsa.pub.
   
9. The key fingerprint is:
   
10. md5 1024 eb:6a:8a:0c:c7:8e:97:82:63:ce:68:4f:23:3d:41:08 gdntuser@zsups3j9
    

复制代码

然后把id_rsa.pub放到sol5.10那个server的 ~user1/.ssh/目录下
并且

1. 
   
2. cat id_rsa.pub >> ~user1/.ssh/authorized_keys
   
3. chmod 644 ~user1/.ssh/authorized_keys
   

复制代码

在sol5.9用 user1登陆sol5.10

1. 
   
2. $ ssh -v xxx.xxx.xxx.xxx
   
3. SSH Version Sun_SSH_1.0.1, protocol versions 1.5/2.0.
   
4. debug1: Reading configuration data /opt/user1/.ssh/config
   
5. debug1: Applying options for *
   
6. debug1: Reading configuration data /etc/ssh/ssh_config
   
7. debug1: Rhosts Authentication disabled, originating port will not be trusted.
   
8. debug1: ssh_connect: getuid 12476 geteuid 12476 anon 1
   
9. debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
   
10. debug1: Connection established.
    
11. debug1: Bad RSA1 key file /opt/user1/.ssh/id_rsa.
    
12. debug1: identity file /opt/user1/.ssh/id_rsa type 3
    
13. debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
    
14. debug1: no match: Sun_SSH_1.1
    
15. Enabling compatibility mode for protocol 2.0
    
16. debug1: Local version string SSH-2.0-Sun_SSH_1.0.1
    
17. debug1: sent kexinit: diffie-hellman-group1-sha1
    
18. debug1: sent kexinit: ssh-rsa,ssh-dss
    
19. debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
    
20. debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
    
21. debug1: sent kexinit: hmac-sha1,hmac-md5
    
22. debug1: sent kexinit: hmac-sha1,hmac-md5
    
23. debug1: sent kexinit: none
    
24. debug1: sent kexinit: none
    
25. debug1: sent kexinit:
    
26. debug1: sent kexinit:
    
27. debug1: send KEXINIT
    
28. debug1: done
    
29. debug1: wait KEXINIT
    
30. debug1: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sh
    
31. a1
    
32. debug1: got kexinit: ssh-rsa,ssh-dss
    
33. debug1: got kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
    
34. debug1: got kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
    
35. debug1: got kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
    
36. debug1: got kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
    
37. debug1: got kexinit: none,zlib
    
38. debug1: got kexinit: none,zlib
    
39. debug1: got kexinit: C,POSIX
    
40. debug1: got kexinit: C,POSIX
    
41. debug1: first kex follow: 0
    
42. debug1: reserved: 0
    
43. debug1: done
    
44. debug1: kex: server->client unable to decide common locale
    
45. debug1: kex: server->client aes128-cbc hmac-sha1 none
    
46. debug1: kex: client->server unable to decide common locale
    
47. debug1: kex: client->server aes128-cbc hmac-sha1 none
    
48. debug1: Sending SSH2_MSG_KEXDH_INIT.
    
49. debug1: bits set: 512/1024
    
50. debug1: Wait SSH2_MSG_KEXDH_REPLY.
    
51. debug1: Got SSH2_MSG_KEXDH_REPLY.
    
52. debug1: Host 'xxx.xxx.xxx.xxx' is known and matches the RSA host key.
    
53. debug1: Found key in /opt/user1/.ssh/known_hosts:1
    
54. debug1: bits set: 507/1024
    
55. debug1: ssh_rsa_verify: signature correct
    
56. debug1: Wait SSH2_MSG_NEWKEYS.
    
57. debug1: GOT SSH2_MSG_NEWKEYS.
    
58. debug1: send SSH2_MSG_NEWKEYS.
    
59. debug1: done: send SSH2_MSG_NEWKEYS.
    
60. debug1: done: KEX2.
    
61. debug1: send SSH2_MSG_SERVICE_REQUEST
    
62. debug1: service_accept: ssh-userauth
    
63. debug1: got SSH2_MSG_SERVICE_ACCEPT
    
64. debug1: authentications that can continue: gssapi-keyex,gssapi-with-mic,publicke
    
65. y,password,keyboard-interactive
    
66. debug1: next auth method to try is publickey
    
67. debug1: try pubkey: /opt/user1/.ssh/id_rsa
    
68. debug1: read SSH2 private key done: name rsa w/o comment success 1
    
69. debug1: authentications that can continue: gssapi-keyex,gssapi-with-mic,publicke
    
70. y,password,keyboard-interactive
    
71. debug1: next auth method to try is publickey
    
72. debug1: next auth method to try is password
    
73. user1@xxx.xxx.xxx.xxx's password:
    
74. 
    

复制代码

为什么这里总是需要密码？ 能否不要密码提示呢，谢谢

下面是/etc/ssh/sshd_config文件

1. 
   
2. Protocol 2
   
3. Port 22
   
4. ListenAddress ::
   
5. AllowTcpForwarding no
   
6. GatewayPorts no
   
7. X11Forwarding yes
   
8. X11DisplayOffset 10
   
9. X11UseLocalhost yes
   
10. PrintMotd no
    
11. KeepAlive yes
    
12. SyslogFacility auth
    
13. LogLevel info
    
14. HostKey /etc/ssh/ssh_host_rsa_key
    
15. HostKey /etc/ssh/ssh_host_dsa_key
    
16. ServerKeyBits 768
    
17. KeyRegenerationInterval 3600
    
18. StrictModes yes
    
19. LoginGraceTime 600
    
20. MaxAuthTries    6
    
21. MaxAuthTriesLog 3
    
22. PermitEmptyPasswords no
    
23. PasswordAuthentication yes
    
24. PAMAuthenticationViaKBDInt yes
    
25. PermitRootLogin no
    
26. Subsystem       sftp    /usr/lib/ssh/sftp-server
    
27. IgnoreRhosts yes
    
28. RhostsAuthentication no
    
29. RhostsRSAAuthentication no
    
30. RSAAuthentication yes
    

复制代码

相应的目录和文件权限

1. 
   
2. drwx------   2 user1 other        512 Aug  3 15:16 .ssh
   
3. -rw-r--r--   1 user1 other       1397 Aug  3 03:41 authorized_keys
   

复制代码

netsure

vi  /etc/ssh/sshd_config
in line:
"PasswordAuthentication yes"
use "no"  instead of  " yes"

james5

确定是这个问题吗？ 我没有要访问的sol5.10 root权限，哪位兄弟姐妹有环境的帮我测试确认一下，谢谢啦

james5

ding, 谁有环境帮我测试一下

james5

我刚刚测试了一下，打开了 /etc/ssh/sshd_config中的
PermitRootLogin yes  (no改成yes)
然后root就可以在sol5.9上 ssh登陆sol5.10  不用输入密码
可是除了root其他用户（我自己创建的user1）不可以，为什么呢？
user1在sol5.9和sol5.10上都有这个用户。

SILVER0918

不知james5 后来是否解决了06年的问题
最近我也遇到了相似的现象，平台是LINUX，不过是只有一个普通帐号有问题，root和其他帐号都可以正常ssh互通。
后来发现是因为这个帐号的权限设置在两台主机上不一致，一边设有sudo，而另一边没有，有sudo的一边ssh时总是提示要输入密码；在另一边也设置sudo后，就解决了。