網上的方法如下:
$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
$
cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
經試驗後還是需要密碼
ssh -vvv localhost
查看debug信息發現如下信息:
Unspecified GSS failure. Minor code may provide more information
Credentials cache
file '/tmp/krb5cc_1000' not found
經搜索是權限問題
需要修改即可:
$
chmod 600 ~/.ssh/authorized_keys
$ chmod 700 ~/.ssh/
轉文章如下
使用公鑰認證方式登錄SSH可以免去輸入密碼的步驟,在某些情況下還是十分有用的。
基本步驟如下:
首先在客戶端生成公鑰和私鑰:
$ ssh-keygen -f ~/.ssh/filename
filename替換為實際的文件名
該命令會提示輸入口令以加密私鑰,如果不需要直接回車即可。
命令執行完畢後會在~/.ssh/下生成兩個文件,一個filename,這個是私鑰,一個filename.pub,這個是公鑰。
然後將生成的公鑰添加到遠程SSH服務器上,方法有兩種:
在客戶端直接添加:
$ ssh-copy-id -i .ssh/filename.pub user@server
如果能夠登錄遠程服務器,則可以將公鑰上傳至服務器然後直接寫入對應帳號的authorized_keys文件:
$ cat /tmp/filename.pub >> ~/.ssh/authorized_keys
理論上此時在客戶端應該可以使用公鑰直接登錄了
$ ssh -i filename user@server
或者在~/.ssh/下創建配置文件config,內容如下:
#server alias
host srv
#ssh username
user user
#remote server address
hostname server
#remote server port
port 22
#the public key filename(without .pub)
identityfile ~/.ssh/filename
然後輸入
$ ssh srv
就可以了。
但是,很多時候事情沒有那麼順利。
在本人嘗試的時候,到了這一步,仍然提示要輸入密碼才能登錄,那我折騰那麼多是干嘛呢(摔
可是問題還是要解決的,ssh有個-v參數可以查看debug信息,於是
$ ssh srv -v
得到的結果如下:
......
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Next authentication method: publickey
debug1: Offering public key: xxx/.ssh/filename
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: password
user@server's password:
只能確認配置文件沒錯,確實找到了對應的公鑰,其他似乎看不出特別的問題,於是登錄遠程服務器查看SSH登錄日志:
$ tail /var/log/secure -n 20
結果如下:
......
Dec 1 23:11:21 testserver sshd[1275]: Server listening on 0.0.0.0 port 22.
Dec 1 23:11:21 testserver sshd[1275]: Server listening on :: port 22.
Dec 1 23:11:29 testserver sshd[1278]: Authentication refused: bad ownership or modes for file /home/user/.ssh/authorized_keys
Dec 1 23:11:29 testserver sshd[1278]: Authentication refused: bad ownership or modes for file /home/user/.ssh/authorized_keys
Dec 1 23:11:36 testserver sshd[1279]: Connection closed by ::1
Dec 1 23:11:39 testserver sshd[1281]: Authentication refused: bad ownership or modes for file /home/user/.ssh/authorized_keys
Dec 1 23:11:39 testserver sshd[1281]: Authentication refused: bad ownership or modes for file /home/user/.ssh/authorized_keys
Dec 1 23:11:48 testserver sshd[1282]: Connection closed by ::1
問題似乎很明顯了,authorized_keys的權限問題,搜索了一下,發現此文件權限必須為600,這個測試用戶是本人新建的,文件的權限不正確,於是修改之:
$ chmod 600 ~/.ssh/authorized_keys
.ssh目錄的權限必須為700:
$ chmod 700 ~/.ssh/
再次測試,終於能夠順利登錄了。
