我正在尝试从Ubuntu SSH到Debian。我已经有一把RSA密钥;它和我用于Git的密钥相同。
我使用以下命令将密钥从Ubuntu复制到Debian:
ssh-copy-id -i ~/.ssh/id_rsa.pub root@ip-address
然后我在Debian上修改了sshd_config
文件,加入以下内容:
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no
之后我重新启动了SSH服务。现在我尝试使用Ubuntu SSH登录。
ssh -v root@ip-addr
但我得到了以下内容:
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.0.1.64 [10.0.1.64] port 22.
debug1: Connection established.
debug1: identity file /home/koushatalebian/.ssh/id_rsa.pub type 1
debug1: identity file /home/koushatalebian/.ssh/id_rsa.pub-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-8
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA e2:af:83:f8:df:e2:15:db:77:30:e1:6b:e7:dc:77:99
debug1: Host '10.0.1.64' is known and matches the ECDSA host key.
debug1: Found key in /home/koushatalebian/.ssh/known_hosts:10
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/koushatalebian/.ssh/id_rsa.pub
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
我想强制SSH只能通过公钥身份验证进行。
我已经阅读了与此主题相关的所有其他帖子,但它们都对我无效。这就是为什么我将其作为单独的帖子创建的原因。
编辑
在sshd_config
中将 StrictModes
从yes
更改为no
可以解决问题。这样做是否安全?
编辑2
以下是服务器上SSH的日志:
May 5 18:23:55 lemaker sshd[2591]: Connection from 10.0.1.37 port 42748
May 5 18:23:55 lemaker sshd[2591]: debug1: PAM: setting PAM_RHOST to "10.0.1.37"
May 5 18:23:55 lemaker sshd[2591]: Failed publickey for root from 10.0.1.37 port 42748 ssh2
May 5 18:23:55 lemaker sshd[2591]: Connection closed by 10.0.1.37 [preauth]
StrictModes
可能不是一个好主意,因为这意味着您有一个ssh认为权限保护不足以被信任的密钥文件。您可以选择仍然信任它,但这样做可能会带来风险。最好找到它不喜欢的文件并修复它们的权限。 - Eric Renouf