在打通虛擬機之間的ssh無密碼登錄時出現的問題,每次嘗試登陸都會提示錯誤:Permission denied 。歷時一天多,我終於把問題搞定,期間百度了很多人的方法,也受到啟發,其實是很簡單的一個原理,今天就跟大家一起分享下吧,也算是做個記錄。
開始走了很多誤區,重復設置sshd_config,vsftpd.conf 等等文件,找不出問題出在哪。
因為 ssh localhost 時 可以連通,ssh 192.168.1.10時就不行
ssh localhost 如下
ssh 192.168.1.10如下
總結:因為localhost是本機,本機有正確的密鑰,所以能連上,而那個則沒有,因為來沒有傳,也沒辦法傳,因為現在無法連通,所以現在要解決連通問題。
后來通過 ssh -v 查看了連接記錄,有所收獲,對比如下
ssh localhost(只截取了一部分)
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Wed May 13 01:13:48 2015 from localhost
ssh 192,168,1,10
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.1.10' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
這句很重要,說明除了驗證密鑰的方式,沒有其他方式可以選擇,而現在沒傳公鑰所以鏈接是注定失敗的 ,那么我們就要添加一個方式就是 密碼驗證方式,到這里我就恍然大悟了,需要設置passwordauthority yes !!!!
解決方式:
打開ssh配置文件修改
命令:vim /etc/ssh/sshd_config
其中有一項 passwordauthority ,這個要注意了,我們設置無密碼登錄就需要把本機的公鑰傳到服務器上去,加入服務器的authorized_keys文件里,才可以訪問到此服務器,如果passwordauthority no 就不允許ssh進行密碼訪問,所以這個設置不能過早的設置。
正確的順序是:
1、passwordauthority yes;
2、把公鑰id_rsa.pub傳到服務器上,命令:scp ~/.ssh/id_rsa.pub 遠程用戶名@遠程服務器IP:~/
3、把公鑰追加到authorized_keys里,命令:cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
4、更改授權,命令:chmod 600 ~/.ssh/authorized_keys
5、passwordauthority no //此時再更改為不許密碼登陸,使用密鑰即可。
反思:除了跟着網上步驟一步步做,還需要自己思考,知道how還要知道why,這樣才能把握住問題,靈活應變。
ps:最近挺累的,真的,尤其,夏天又到了,看着別的菇涼穿的美美的,我好想去逛街,啊啊,好想穿着裙子美美的出去玩耍~~%>_<%,哎,but,i can't !
不過還好,堅持學習的這段時間,每天都有進步,也都有新的收獲,加油吧。gogo!!
over 成功連接~!!