我正在从 server1 转发到 server2 。我生成了 id_rsa & id_rsa.pub 文件。如果我ssh到mike @ server2它工作正常,但ssh到john @ server2不能没有密码。麦克和麦克风都是john主目录包含“.ssh”,它是chmod 700,该文件夹包含“authorized_keys”,其中仅包含先前生成的id_rsa.pub文件的内容(并且是chmod 600)。两者的内容是相同的。
服务器1:Linux x86_64 x86_64 x86_64 GNU / Linux
服务器2:AIX 5.3.0.0 64位
命令1,用户Mike(无密码工作):
ssh -v -n -o StrictHostKeychecking=no -o NumberOfPasswordPrompts=0 mike@server2 echo Hello
〜drwx------ 7 mike mike 4096 Jan 19 2011 .
〜/ .ssh drwx------ 2 mike mike 256 Nov 28 16:39 .ssh
〜/ .ssh / authorized_keys -rw------- 1 mike mike 823 Apr 06 11:56 .ssh/authorized_keys
命令2,用户John(需要密码)
ssh -v -n -o StrictHostKeychecking=no -o NumberOfPasswordPrompts=0 john@server2 echo Hello
〜drwx------ 12 john jgroup 4096 Apr 06 23:13 .
〜/ .ssh drwx------ 2 john jgroup 256 Apr 06 23:56 .ssh
〜/ .ssh / authorized_keys -rw------- 1 john jgroup 414 Apr 06 11:55 .ssh/authorized_keys
从命令2上面输出ssh -v:
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server2 [X.X.X.X] port 22.
debug1: Connection established.
debug1: identity file /home/will/.ssh/identity type -1
debug1: identity file /home/will/.ssh/id_rsa type 1
debug1: identity file /home/will/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.0
debug1: match: OpenSSH_5.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server2' is known and matches the RSA host key.
debug1: Found key in /home/will/.ssh/known_hosts:838
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
This network/computer system is for the use of authori...
.........................................................
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/will/.ssh/identity
debug1: Offering public key: /home/will/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/will/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Next authentication method: password
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).
任何人都知道为什么它可以与一个用户合作而不是另一个用户(两者都在同一台服务器上)?
答案 0 :(得分:2)
无法通过密钥进行身份验证的常见原因:
同时检查服务器的auth.log。
答案 1 :(得分:0)
你可以登录,因为迈克是一个真正的绊脚石。您可以尝试制作authorized_keys2文件。 authorized_keys不适用于所有版本的OpenSSH。
ln -s authorized_keys authorized_keys2