0
Ich habe versucht, den nahtlosen SSH-Login über mehrere Server einzurichten, aber es treten Probleme auf, da nach dem Kopieren des öffentlichen Schlüssels das SSH immer noch nach dem Passwort fragt. Hier ist, was ich tatopenssh nahtlose Anmeldung funktioniert nicht
[[email protected] .ssh]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
e9:e9:b4:e5:50:7b:9b:f6:3f:d5:65:52:39:9c:ba:38 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| . o|
| =.|
| ...|
| . .. o|
| S . . .oo|
| . o E . o|
| = o o .|
| o = ..o . |
| o ..o...o|
+-----------------+
Und dann kopiert die ID an den Host
[[email protected] .ssh]# ssh-copy-id app3
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
\S
Kernel \r on an \m
Password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'app3'"
and check to make sure that only the key(s) you wanted were added.
Aber wenn ich versuche dann einzuloggen es funktioniert nicht (fragt nach Passwort) -
[[email protected] .ssh]# ssh 'app3'
\S
Kernel \r on an \m
Password:
Ich sollte die Aufforderung "Passwort:" nicht sehen. Anscheinend ist etwas nicht in Ordnung. Hier
ist die Version von ssh, die ausgeführt wird:
[[email protected] ~]# ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013
die Ausgabe von ssh -vvv app3 unter Hinzufügen:
debug3: load_hostkeys: loading entries for host "172.27.36.104" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1 keys
debug1: Host '172.27.36.104' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:5
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa (0x7f471042f250),
debug2: key: /root/.ssh/id_dsa ((nil)),
debug2: key: /root/.ssh/id_ecdsa (0x7f4710433730),
debug2: key: /root/.ssh/id_ed25519 ((nil)),
debug3: input_userauth_banner
\S
Kernel \r on an \m
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
debug1: Offering ECDSA public key: /root/.ssh/id_ecdsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_ed25519
debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
Ich überprüfte 1. und 2. und sie waren im Einklang mit dem, was Sie vorgeschlagen hatten. Die ausführliche Ausgabe wurde oben zur Frage hinzugefügt. – rks
Anscheinend ist es mit 'root' Benutzer zu tun, der nahtlosen Login zu tun versucht. – rks
Ich denke, wenn es ein Problem mit Root-Berechtigung für Login-Nachricht ist, ist es anders. Nachricht es ist "keine solche Identität: /root/.ssh/XXXXX: Keine solche Datei oder Verzeichnis". Ich schaue auf Remote-Server, wenn /root/.ssh/authorized_keys eine id_rsa.pub auf dem lokalen Server hat. – abkrim