无密码登录仅在服务器上使用直接调用的sshd才有效

马克·凯利

对于经典的ssh密钥问题,我已经经历了许多错误修复:我已经“正确”设置了公用密钥和专用密钥,但是无密码登录仍然无法正常工作。细节 :

首先,我知道没有人想阅读另一个许可问题:

~$ ls -lhd $HOME
drwx------. 28 mrkelly mrkelly 4.0K May 13 16:23 /mnt/driveB/mrkelly
~$ ls -lhd $HOME/.ssh
drwx------. 2 mrkelly mrkelly 4.0K May 13 15:37 /mnt/driveB/mrkelly/.ssh
~$ ls -lh $HOME/.ssh
total 24K
-rwx------. 1 mrkelly mrkelly 1.7K May 13 15:37 authorized_keys
-rwx------. 1 mrkelly mrkelly  668 May 13 15:20 id_dsa
-rwx------. 1 mrkelly mrkelly  625 May 13 15:20 id_dsa.pub
-rwx------. 1 mrkelly mrkelly 1.7K May 13 15:11 id_rsa
-rwx------. 1 mrkelly mrkelly  417 May 13 15:11 id_rsa.pub
-rwx------. 1 mrkelly mrkelly  980 May 13 14:57 known_hosts
/$ ll -d /
dr-xr-xr-x. 17 root root 4.0K May 14 12:21 /
/$ ll -d /mnt
drwxr-xr-x. 4 root root 4.0K Nov 18 04:33 /mnt
/$ ll -d /mnt/driveB
drwxr-xr-x. 4 root root 4.0K May 13 17:31 /mnt/driveB
~$ uname -a 
Linux action-jackson.stanford.edu 3.19.7-200.fc21.x86_64 #1 SMP Thu May 7 22:00:21 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

读完SELinux在这种情况下是常见的反派,我已将其禁用:

~$ sudo systemctl status selinux 
● selinux.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)

我是主机上的管理员,因此我将一个终端用于sshd服务器端服务,并将一个终端用作客户端。

一,工作版本:

  • 主机终端(sshd已被禁用):

    ~$ sudo /usr/sbin/sshd -d   
    debug1: sshd version OpenSSH_6.6.1, OpenSSL 1.0.1k-fips 8 Jan 2015
    debug1: key_parse_private2: missing begin marker
    debug1: read PEM private key done: type RSA
    debug1: private host key: #0 type 1 RSA
    debug1: key_parse_private2: missing begin marker
    debug1: read PEM private key done: type ECDSA
    debug1: private host key: #1 type 3 ECDSA
    debug1: private host key: #2 type 4 ED25519
    debug1: rexec_argv[0]='/usr/sbin/sshd'
    debug1: rexec_argv[1]='-d'
    Set /proc/self/oom_score_adj from 0 to -1000
    debug1: Bind to port 22 on 0.0.0.0.
    Server listening on 0.0.0.0 port 22.
    debug1: Bind to port 22 on ::.
    Server listening on :: port 22.
    

    (我们一直在这里,直到使用“ client”终端登录,然后:)

    debug1: Server will not fork when running in debugging mode.
    debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
    debug1: inetd sockets after dupping: 3, 3
    Connection from 127.0.0.1 port 49966 on 127.0.0.1 port 22
    debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1
    debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_6.6.1
    debug1: SELinux support enabled [preauth]
    debug1: ssh_selinux_change_context: setting context from 'unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023' to 'unconfined_u:unconfined_r:sshd_net_t:s0-s0:c0.c1023' [preauth]
    debug1: permanently_set_uid: 74/74 [preauth]
    debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
    debug1: SSH2_MSG_KEXINIT sent [preauth]
    debug1: SSH2_MSG_KEXINIT received [preauth]
    debug1: kex: client->server aes128-ctr [email protected] none [preauth]
    debug1: kex: server->client aes128-ctr [email protected] none [preauth]
    debug1: kex: [email protected] need=16 dh_need=16 [preauth]
    debug1: kex: [email protected] need=16 dh_need=16 [preauth]
    debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
    debug1: SSH2_MSG_NEWKEYS sent [preauth]
    debug1: expecting SSH2_MSG_NEWKEYS [preauth]
    debug1: SSH2_MSG_NEWKEYS received [preauth]
    debug1: KEX done [preauth]
    debug1: userauth-request for user mrkelly service ssh-connection method none [preauth]
    debug1: attempt 0 failures 0 [preauth]
    debug1: PAM: initializing for "mrkelly"
    debug1: PAM: setting PAM_RHOST to "localhost.localdomain"
    debug1: PAM: setting PAM_TTY to "ssh"
    debug1: userauth-request for user mrkelly service ssh-connection method publickey [preauth]
    debug1: attempt 1 failures 0 [preauth]
    debug1: test whether pkalg/pkblob are acceptable [preauth]
    debug1: temporarily_use_uid: 1000/1000 (e=0/0)
    debug1: trying public key file /mnt/driveB/mrkelly/.ssh/authorized_keys
    debug1: fd 4 clearing O_NONBLOCK
    Found matching RSA key: d7:9e:aa:54:63:d7:2d:87:d3:b1:0e:83:3b:70:27:d4
    debug1: restore_uid: 0/0
    Postponed publickey for mrkelly from 127.0.0.1 port 49966 ssh2 [preauth]
    debug1: userauth-request for user mrkelly service ssh-connection method publickey [preauth]
    debug1: attempt 2 failures 0 [preauth]
    debug1: temporarily_use_uid: 1000/1000 (e=0/0)
    debug1: trying public key file /mnt/driveB/mrkelly/.ssh/authorized_keys
    debug1: fd 4 clearing O_NONBLOCK
    Found matching RSA key: d7:9e:aa:54:63:d7:2d:87:d3:b1:0e:83:3b:70:27:d4
    debug1: restore_uid: 0/0
    debug1: ssh_rsa_verify: signature correct
    debug1: do_pam_account: called
    Accepted publickey for mrkelly from 127.0.0.1 port 49966 ssh2: RSA d7:9e:aa:54:63:d7:2d:87:d3:b1:0e:83:3b:70:27:d4
    debug1: monitor_child_preauth: mrkelly has been authenticated by privileged process
    debug1: monitor_read_log: child log fd closed
    debug1: SELinux support enabled
    debug1: PAM: establishing credentials
    User child is on pid 8196
    debug1: PAM: establishing credentials
    debug1: permanently_set_uid: 1000/1000
    debug1: Entering interactive session for SSH2.
    debug1: server_init_dispatch_20
    debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
    debug1: input_session_request
    debug1: channel 0: new [server-session]
    debug1: session_new: session 0
    debug1: session_open: channel 0
    debug1: session_open: session 0: link with channel 0
    debug1: server_input_channel_open: confirm session
    debug1: server_input_global_request: rtype [email protected] want_reply 0
    debug1: server_input_channel_req: channel 0 request x11-req reply 1
    debug1: session_by_channel: session 0 channel 0
    debug1: session_input_channel_req: session 0 req x11-req
    debug1: channel 1: new [X11 inet listener]
    debug1: channel 2: new [X11 inet listener]
    debug1: server_input_channel_req: channel 0 request pty-req reply 1
    debug1: session_by_channel: session 0 channel 0
    debug1: session_input_channel_req: session 0 req pty-req
    debug1: Allocating pty.
    debug1: session_new: session 0
    debug1: SELinux support enabled
    debug1: session_pty_req: session 0 alloc /dev/pts/4
    debug1: server_input_channel_req: channel 0 request env reply 0
    debug1: session_by_channel: session 0 channel 0
    debug1: session_input_channel_req: session 0 req env
    debug1: server_input_channel_req: channel 0 request env reply 0
    debug1: session_by_channel: session 0 channel 0
    debug1: session_input_channel_req: session 0 req env
    debug1: server_input_channel_req: channel 0 request shell reply 1
    debug1: session_by_channel: session 0 channel 0
    debug1: session_input_channel_req: session 0 req shell
    Starting session: shell on pts/4 for mrkelly from 127.0.0.1 port 49966
    debug1: Setting controlling tty using TIOCSCTTY.
    
  • 客户终端:

    ~$ ssh -v `whoami`@localhost
    OpenSSH_6.6.1, OpenSSL 1.0.1k-fips 8 Jan 2015
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 56: Applying options for *
    debug1: Connecting to localhost [127.0.0.1] port 22.
    debug1: Connection established.
    debug1: identity file /mnt/driveB/mrkelly/.ssh/id_rsa type 1
    debug1: identity file /mnt/driveB/mrkelly/.ssh/id_rsa-cert type -1
    debug1: identity file /mnt/driveB/mrkelly/.ssh/id_dsa type 2
    debug1: identity file /mnt/driveB/mrkelly/.ssh/id_dsa-cert type -1
    debug1: identity file /mnt/driveB/mrkelly/.ssh/id_ecdsa type -1
    debug1: identity file /mnt/driveB/mrkelly/.ssh/id_ecdsa-cert type -1
    debug1: identity file /mnt/driveB/mrkelly/.ssh/id_ed25519 type -1
    debug1: identity file /mnt/driveB/mrkelly/.ssh/id_ed25519-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_6.6.1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
    debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr [email protected] none
    debug1: kex: client->server aes128-ctr [email protected] none
    debug1: kex: [email protected] need=16 dh_need=16
    debug1: kex: [email protected] need=16 dh_need=16
    debug1: sending SSH2_MSG_KEX_ECDH_INIT
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ECDSA 8d:cb:f2:94:da:97:7b:0d:ee:e6:bb:8e:3f:41:ae:d8
    debug1: Host 'localhost' is known and matches the ECDSA host key.
    debug1: Found key in /mnt/driveB/mrkelly/.ssh/known_hosts:3
    debug1: ssh_ecdsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: Roaming not allowed by server
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Offering RSA public key: /mnt/driveB/mrkelly/.ssh/id_rsa
    debug1: Server accepts key: pkalg ssh-rsa blen 279
    debug1: key_parse_private2: missing begin marker
    debug1: read PEM private key done: type RSA
    debug1: Authentication succeeded (publickey).
    Authenticated to localhost ([127.0.0.1]:22).
    debug1: channel 0: new [client-session]
    debug1: Requesting [email protected]
    debug1: Entering interactive session.
    debug1: Requesting X11 forwarding with authentication spoofing.
    debug1: Sending environment.
    debug1: Sending env LANGUAGE = 
    debug1: Sending env LANG = en_US.UTF-8
    Last login: Wed May 13 15:58:17 2015 from localhost.localdomain
    Environment:
      LANGUAGE=
      LANG=en_US.UTF-8
      USER=mrkelly
      LOGNAME=mrkelly
      HOME=/mnt/driveB/mrkelly
      PATH=/usr/local/bin:/usr/bin
      MAIL=/var/mail/mrkelly
      SHELL=/bin/zsh
      SSH_CLIENT=127.0.0.1 49967 22
      SSH_CONNECTION=127.0.0.1 49967 127.0.0.1 22
      SSH_TTY=/dev/pts/4
      TERM=xterm-256color
      DISPLAY=localhost:11.0
      SELINUX_ROLE_REQUESTED=
      SELINUX_LEVEL_REQUESTED=
      SELINUX_USE_CURRENT_RANGE=
      XDG_SESSION_ID=21
      XDG_RUNTIME_DIR=/run/user/1000
      XDG_SEAT=seat0
      XDG_VTNR=1
    Running /usr/bin/xauth remove unix:11.0
    /usr/bin/xauth add unix:11.0 MIT-MAGIC-COOKIE-1 62951eb22f06d56df8189ee23126a19e
    

(工作中,无密码登录)

现在,我们重新启动sshd.service并显示非工作版本。

  • 主机终端

    sudo systemctl start sshd
    
  • 客户终端

    ~$ ssh -v `whoami`@localhost
    OpenSSH_6.6.1, OpenSSL 1.0.1k-fips 8 Jan 2015
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 56: Applying options for *
    debug1: Connecting to localhost [127.0.0.1] port 22.
    debug1: Connection established.
    debug1: identity file /mnt/driveB/mrkelly/.ssh/id_rsa type 1
    debug1: identity file /mnt/driveB/mrkelly/.ssh/id_rsa-cert type -1
    debug1: identity file /mnt/driveB/mrkelly/.ssh/id_dsa type 2
    debug1: identity file /mnt/driveB/mrkelly/.ssh/id_dsa-cert type -1
    debug1: identity file /mnt/driveB/mrkelly/.ssh/id_ecdsa type -1
    debug1: identity file /mnt/driveB/mrkelly/.ssh/id_ecdsa-cert type -1
    debug1: identity file /mnt/driveB/mrkelly/.ssh/id_ed25519 type -1
    debug1: identity file /mnt/driveB/mrkelly/.ssh/id_ed25519-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_6.6.1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
    debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr [email protected] none
    debug1: kex: client->server aes128-ctr [email protected] none
    debug1: kex: [email protected] need=16 dh_need=16
    debug1: kex: [email protected] need=16 dh_need=16
    debug1: sending SSH2_MSG_KEX_ECDH_INIT
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ECDSA 8d:cb:f2:94:da:97:7b:0d:ee:e6:bb:8e:3f:41:ae:d8
    debug1: Host 'localhost' is known and matches the ECDSA host key.
    debug1: Found key in /mnt/driveB/mrkelly/.ssh/known_hosts:3
    debug1: ssh_ecdsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: Roaming not allowed by server
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Offering RSA public key: /mnt/driveB/mrkelly/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Offering DSA public key: /mnt/driveB/mrkelly/.ssh/id_dsa
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Trying private key: /mnt/driveB/mrkelly/.ssh/id_ecdsa
    debug1: Trying private key: /mnt/driveB/mrkelly/.ssh/id_ed25519
    debug1: Next authentication method: keyboard-interactive
    Password: 
    

(有)。

最后几点:最近我不得不重新格式化安装驱动器,并且我正在使用存储在另一个驱动器上的文件夹。重新安装Fedora 21时,我被迫在该驱动器上创建一个主目录,但是在为其他驱动器创建安装点后,我切换了用户帐户,使其指向旧主目录的备份版本。

编辑:无密码登录也可以使用以下调用进行工作:

/usr/sbin/sshd -D

(没有守护程序,但是没有调试消息)

/usr/shbin/sshd

(我猜这是一个临时解决方法,因为它确实会调用守护程序)

EDIT2:从输出sudo journalctl -u sshd之后sudo systemctl restart sshd(记录级别debug3)

我限制了提交的字符数,因此我将使用输出链接到保管箱中纯文本文件

感谢您的任何帮助,您可以提供!

马特

这是SELinux问题,由您的主目录位于一个奇怪的位置引起。您为禁用它所做的事情没有。SELinux的不是服务,而systemctl status selinux只是告诉你(“未找到(原因:没有这样的文件或目录) ”)。

可以运行setenforce permissiveSELinux或以其他方式禁用SELinux,但这就像只是因为一次放错房门钥匙而把门关了。跑步chcon -t ssh_home_t ~/.ssh/应该做到这一点。

我怎么知道?因为那是系统~/.ssh文件的类型但是我可以软件包中进行安装,然后运行以生成手册页,该手册页记录了实际的策略。sepolicypolicycoreutils-develsepolicy manpage -t ssh_dssh_selinux.8

确实,我建议您忘记所有这些,只是将驱动器安装在/home而不是/mnt/driveB,然后再运行restorecon -R -v /home

本文收集自互联网,转载请注明来源。

如有侵权,请联系[email protected] 删除。

编辑于
0

我来说两句

0条评论
登录后参与评论

相关文章

来自分类Dev

jQuery ajax调用在本地主机上有效,但在实时服务器上无效

来自分类Dev

令牌解密RSA在localhost上有效,但在服务器上无效

来自分类Dev

HMVC Codeigniter在本地服务器上有效,但在Web服务器上无效

来自分类Dev

图像RotateFlip仅在直接调用时有效

来自分类Dev

MVC Durandal应用程序仅在服务器根URL中有效

来自分类Dev

MySql连接查询在本地服务器上有效,但在实时服务器上无效

来自分类Dev

自定义页面布局仅在本地服务器上有效

来自分类Dev

无密码SSH仅在调试模式下有效

来自分类Dev

没有密码的证书上的“指定的网络密码不正确”,仅在活动服务器上

来自分类Dev

具有DynamoDB的无服务器框架:Lambda函数有效,但数据尚未保存到DynamoDB

来自分类Dev

仅当我已经登录SSH时,无密码SSH才有效

来自分类Dev

Github页面重定向仅在本地有效,而在远程Github服务器上无效(获取404)

来自分类Dev

JavaScript在使用Node调用时有效,但仅在从HTML调用时才有效

来自分类Dev

我无法获得一个闪亮的模块来用作服务器。仅当服务器作为单独的命令集分开时才有效

来自分类Dev

仅当我已经登录SSH时,无密码SSH才有效

来自分类Dev

带有jQuery,Ajax和PHP的投票系统仅在本地服务器上有效

来自分类Dev

图像RotateFlip仅在直接调用时有效

来自分类Dev

无法使用有效的用户名和密码使用PuTTy进行ssh。如何确保服务器和PuTTy键盘/端子相同?其他事宜?

来自分类Dev

仅在不使用数组的情况下,使用IFS循环读取文件才有效

来自分类Dev

PeekNamedPipe无法从服务器提供句柄时提供正确的可用字节数,仅当句柄来自客户端时才有效

来自分类Dev

页面上的自动滚动仅在 ctrl+单击使用 jquery 的按钮时才有效

来自分类Dev

数据绑定仅在 select ng-options 中使用 as 语法时才有效

来自分类Dev

Tomcat 服务器上具有有效证书的 SSLHandshakeException

来自分类Dev

问题 - IE 上的 Ajax 调用仅在浏览器中打开具有相同 Ajax 调用的另一个页面时才有效

来自分类Dev

Powershell 脚本仅在存在断点时才有效

来自分类Dev

Groovy 元编程 (getProperty) 仅在从类外部调用时才有效?

来自分类Dev

为什么将文本写入文件仅在从终端调用时才有效?

来自分类Dev

将文件发送到 blob 仅在 while 循环中调用函数时才有效

来自分类Dev

Python 线程仅在从另一个模块调用时才有效

Related 相关文章

  1. 1

    jQuery ajax调用在本地主机上有效,但在实时服务器上无效

  2. 2

    令牌解密RSA在localhost上有效,但在服务器上无效

  3. 3

    HMVC Codeigniter在本地服务器上有效,但在Web服务器上无效

  4. 4

    图像RotateFlip仅在直接调用时有效

  5. 5

    MVC Durandal应用程序仅在服务器根URL中有效

  6. 6

    MySql连接查询在本地服务器上有效,但在实时服务器上无效

  7. 7

    自定义页面布局仅在本地服务器上有效

  8. 8

    无密码SSH仅在调试模式下有效

  9. 9

    没有密码的证书上的“指定的网络密码不正确”,仅在活动服务器上

  10. 10

    具有DynamoDB的无服务器框架:Lambda函数有效,但数据尚未保存到DynamoDB

  11. 11

    仅当我已经登录SSH时,无密码SSH才有效

  12. 12

    Github页面重定向仅在本地有效,而在远程Github服务器上无效(获取404)

  13. 13

    JavaScript在使用Node调用时有效,但仅在从HTML调用时才有效

  14. 14

    我无法获得一个闪亮的模块来用作服务器。仅当服务器作为单独的命令集分开时才有效

  15. 15

    仅当我已经登录SSH时,无密码SSH才有效

  16. 16

    带有jQuery,Ajax和PHP的投票系统仅在本地服务器上有效

  17. 17

    图像RotateFlip仅在直接调用时有效

  18. 18

    无法使用有效的用户名和密码使用PuTTy进行ssh。如何确保服务器和PuTTy键盘/端子相同?其他事宜?

  19. 19

    仅在不使用数组的情况下,使用IFS循环读取文件才有效

  20. 20

    PeekNamedPipe无法从服务器提供句柄时提供正确的可用字节数,仅当句柄来自客户端时才有效

  21. 21

    页面上的自动滚动仅在 ctrl+单击使用 jquery 的按钮时才有效

  22. 22

    数据绑定仅在 select ng-options 中使用 as 语法时才有效

  23. 23

    Tomcat 服务器上具有有效证书的 SSLHandshakeException

  24. 24

    问题 - IE 上的 Ajax 调用仅在浏览器中打开具有相同 Ajax 调用的另一个页面时才有效

  25. 25

    Powershell 脚本仅在存在断点时才有效

  26. 26

    Groovy 元编程 (getProperty) 仅在从类外部调用时才有效?

  27. 27

    为什么将文本写入文件仅在从终端调用时才有效?

  28. 28

    将文件发送到 blob 仅在 while 循环中调用函数时才有效

  29. 29

    Python 线程仅在从另一个模块调用时才有效

热门标签

归档