对于经典的ssh密钥问题,我已经经历了许多错误修复:我已经“正确”设置了公用密钥和专用密钥,但是无密码登录仍然无法正常工作。细节 :
首先,我知道没有人想阅读另一个许可问题:
~$ ls -lhd $HOME
drwx------. 28 mrkelly mrkelly 4.0K May 13 16:23 /mnt/driveB/mrkelly
~$ ls -lhd $HOME/.ssh
drwx------. 2 mrkelly mrkelly 4.0K May 13 15:37 /mnt/driveB/mrkelly/.ssh
~$ ls -lh $HOME/.ssh
total 24K
-rwx------. 1 mrkelly mrkelly 1.7K May 13 15:37 authorized_keys
-rwx------. 1 mrkelly mrkelly 668 May 13 15:20 id_dsa
-rwx------. 1 mrkelly mrkelly 625 May 13 15:20 id_dsa.pub
-rwx------. 1 mrkelly mrkelly 1.7K May 13 15:11 id_rsa
-rwx------. 1 mrkelly mrkelly 417 May 13 15:11 id_rsa.pub
-rwx------. 1 mrkelly mrkelly 980 May 13 14:57 known_hosts
/$ ll -d /
dr-xr-xr-x. 17 root root 4.0K May 14 12:21 /
/$ ll -d /mnt
drwxr-xr-x. 4 root root 4.0K Nov 18 04:33 /mnt
/$ ll -d /mnt/driveB
drwxr-xr-x. 4 root root 4.0K May 13 17:31 /mnt/driveB
~$ uname -a
Linux action-jackson.stanford.edu 3.19.7-200.fc21.x86_64 #1 SMP Thu May 7 22:00:21 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
读完SELinux在这种情况下是常见的反派,我已将其禁用:
~$ sudo systemctl status selinux
● selinux.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
我是主机上的管理员,因此我将一个终端用于sshd服务器端服务,并将一个终端用作客户端。
一,工作版本:
主机终端(sshd已被禁用):
~$ sudo /usr/sbin/sshd -d
debug1: sshd version OpenSSH_6.6.1, OpenSSL 1.0.1k-fips 8 Jan 2015
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type ECDSA
debug1: private host key: #1 type 3 ECDSA
debug1: private host key: #2 type 4 ED25519
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
(我们一直在这里,直到使用“ client”终端登录,然后:)
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 49966 on 127.0.0.1 port 22
debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: SELinux support enabled [preauth]
debug1: ssh_selinux_change_context: setting context from 'unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023' to 'unconfined_u:unconfined_r:sshd_net_t:s0-s0:c0.c1023' [preauth]
debug1: permanently_set_uid: 74/74 [preauth]
debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr [email protected] none [preauth]
debug1: kex: server->client aes128-ctr [email protected] none [preauth]
debug1: kex: [email protected] need=16 dh_need=16 [preauth]
debug1: kex: [email protected] need=16 dh_need=16 [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user mrkelly service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "mrkelly"
debug1: PAM: setting PAM_RHOST to "localhost.localdomain"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user mrkelly service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /mnt/driveB/mrkelly/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
Found matching RSA key: d7:9e:aa:54:63:d7:2d:87:d3:b1:0e:83:3b:70:27:d4
debug1: restore_uid: 0/0
Postponed publickey for mrkelly from 127.0.0.1 port 49966 ssh2 [preauth]
debug1: userauth-request for user mrkelly service ssh-connection method publickey [preauth]
debug1: attempt 2 failures 0 [preauth]
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /mnt/driveB/mrkelly/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
Found matching RSA key: d7:9e:aa:54:63:d7:2d:87:d3:b1:0e:83:3b:70:27:d4
debug1: restore_uid: 0/0
debug1: ssh_rsa_verify: signature correct
debug1: do_pam_account: called
Accepted publickey for mrkelly from 127.0.0.1 port 49966 ssh2: RSA d7:9e:aa:54:63:d7:2d:87:d3:b1:0e:83:3b:70:27:d4
debug1: monitor_child_preauth: mrkelly has been authenticated by privileged process
debug1: monitor_read_log: child log fd closed
debug1: SELinux support enabled
debug1: PAM: establishing credentials
User child is on pid 8196
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 1000/1000
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype [email protected] want_reply 0
debug1: server_input_channel_req: channel 0 request x11-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req x11-req
debug1: channel 1: new [X11 inet listener]
debug1: channel 2: new [X11 inet listener]
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_new: session 0
debug1: SELinux support enabled
debug1: session_pty_req: session 0 alloc /dev/pts/4
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
Starting session: shell on pts/4 for mrkelly from 127.0.0.1 port 49966
debug1: Setting controlling tty using TIOCSCTTY.
客户终端:
~$ ssh -v `whoami`@localhost
OpenSSH_6.6.1, OpenSSL 1.0.1k-fips 8 Jan 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /mnt/driveB/mrkelly/.ssh/id_rsa type 1
debug1: identity file /mnt/driveB/mrkelly/.ssh/id_rsa-cert type -1
debug1: identity file /mnt/driveB/mrkelly/.ssh/id_dsa type 2
debug1: identity file /mnt/driveB/mrkelly/.ssh/id_dsa-cert type -1
debug1: identity file /mnt/driveB/mrkelly/.ssh/id_ecdsa type -1
debug1: identity file /mnt/driveB/mrkelly/.ssh/id_ecdsa-cert type -1
debug1: identity file /mnt/driveB/mrkelly/.ssh/id_ed25519 type -1
debug1: identity file /mnt/driveB/mrkelly/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: kex: [email protected] need=16 dh_need=16
debug1: kex: [email protected] need=16 dh_need=16
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 8d:cb:f2:94:da:97:7b:0d:ee:e6:bb:8e:3f:41:ae:d8
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /mnt/driveB/mrkelly/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /mnt/driveB/mrkelly/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to localhost ([127.0.0.1]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env LANGUAGE =
debug1: Sending env LANG = en_US.UTF-8
Last login: Wed May 13 15:58:17 2015 from localhost.localdomain
Environment:
LANGUAGE=
LANG=en_US.UTF-8
USER=mrkelly
LOGNAME=mrkelly
HOME=/mnt/driveB/mrkelly
PATH=/usr/local/bin:/usr/bin
MAIL=/var/mail/mrkelly
SHELL=/bin/zsh
SSH_CLIENT=127.0.0.1 49967 22
SSH_CONNECTION=127.0.0.1 49967 127.0.0.1 22
SSH_TTY=/dev/pts/4
TERM=xterm-256color
DISPLAY=localhost:11.0
SELINUX_ROLE_REQUESTED=
SELINUX_LEVEL_REQUESTED=
SELINUX_USE_CURRENT_RANGE=
XDG_SESSION_ID=21
XDG_RUNTIME_DIR=/run/user/1000
XDG_SEAT=seat0
XDG_VTNR=1
Running /usr/bin/xauth remove unix:11.0
/usr/bin/xauth add unix:11.0 MIT-MAGIC-COOKIE-1 62951eb22f06d56df8189ee23126a19e
(工作中,无密码登录)
现在,我们重新启动sshd.service并显示非工作版本。
主机终端
sudo systemctl start sshd
客户终端
~$ ssh -v `whoami`@localhost
OpenSSH_6.6.1, OpenSSL 1.0.1k-fips 8 Jan 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /mnt/driveB/mrkelly/.ssh/id_rsa type 1
debug1: identity file /mnt/driveB/mrkelly/.ssh/id_rsa-cert type -1
debug1: identity file /mnt/driveB/mrkelly/.ssh/id_dsa type 2
debug1: identity file /mnt/driveB/mrkelly/.ssh/id_dsa-cert type -1
debug1: identity file /mnt/driveB/mrkelly/.ssh/id_ecdsa type -1
debug1: identity file /mnt/driveB/mrkelly/.ssh/id_ecdsa-cert type -1
debug1: identity file /mnt/driveB/mrkelly/.ssh/id_ed25519 type -1
debug1: identity file /mnt/driveB/mrkelly/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: kex: [email protected] need=16 dh_need=16
debug1: kex: [email protected] need=16 dh_need=16
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 8d:cb:f2:94:da:97:7b:0d:ee:e6:bb:8e:3f:41:ae:d8
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /mnt/driveB/mrkelly/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /mnt/driveB/mrkelly/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering DSA public key: /mnt/driveB/mrkelly/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /mnt/driveB/mrkelly/.ssh/id_ecdsa
debug1: Trying private key: /mnt/driveB/mrkelly/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
Password:
(有)。
最后几点:最近我不得不重新格式化安装驱动器,并且我正在使用存储在另一个驱动器上的文件夹。重新安装Fedora 21时,我被迫在该驱动器上创建一个主目录,但是在为其他驱动器创建安装点后,我切换了用户帐户,使其指向旧主目录的备份版本。
编辑:无密码登录也可以使用以下调用进行工作:
/usr/sbin/sshd -D
(没有守护程序,但是没有调试消息)
/usr/shbin/sshd
(我猜这是一个临时解决方法,因为它确实会调用守护程序)
EDIT2:从输出sudo journalctl -u sshd
之后sudo systemctl restart sshd
(记录级别debug3)
我限制了提交的字符数,因此我将使用输出链接到保管箱中的纯文本文件。
感谢您的任何帮助,您可以提供!
这是SELinux问题,由您的主目录位于一个奇怪的位置引起。您为禁用它所做的事情没有。SELinux的不是服务,而systemctl status selinux
只是告诉你这(“未找到(原因:没有这样的文件或目录) ”)。
您可以运行setenforce permissive
SELinux或以其他方式禁用SELinux,但这就像只是因为一次放错房门钥匙而把门关了。跑步chcon -t ssh_home_t ~/.ssh/
应该做到这一点。
我怎么知道?因为那是我系统~/.ssh
上文件的类型。但是我可以从软件包中进行安装,然后运行以生成手册页,该手册页记录了实际的策略。sepolicy
policycoreutils-devel
sepolicy manpage -t ssh_d
ssh_selinux.8
确实,我最建议您忘记所有这些,只是将驱动器安装在/home
而不是/mnt/driveB
,然后再运行restorecon -R -v /home
。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句