我正在尝试从Ubuntu SSH到Debian.我已经有了RSA密钥;它与我使用
Git时使用的密钥相同.
我使用以下方法将密钥从Ubuntu复制到Debian:
ssh-copy-id -i ~/.ssh/id_rsa.pub root@ip-address
然后我在Debian上修改了sshd_config以包含以下内容:
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no
然后我重新开始了我的SSH服务.现在我尝试使用SSH从Ubuntu进入
ssh -v root@ip-addr
但我得到以下内容:
OpenSSH_6.6.1,OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.0.1.64 [10.0.1.64] port 22. debug1: Connection established. debug1: identity file /home/koushatalebian/.ssh/id_rsa.pub type 1 debug1: identity file /home/koushatalebian/.ssh/id_rsa.pub-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-8 debug1: Remote protocol version 2.0,remote software version OpenSSH_6.0p1 Debian-4+deb7u2 debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH* compat 0x04000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA e2:af:83:f8:df:e2:15:db:77:30:e1:6b:e7:dc:77:99 debug1: Host '10.0.1.64' is kNown and matches the ECDSA host key. debug1: Found key in /home/koushatalebian/.ssh/kNown_hosts:10 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/koushatalebian/.ssh/id_rsa.pub debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. Permission denied (publickey).
我基本上只想通过publickey身份验证强制SSH.
我已经阅读了与此主题相关的所有其他帖子,但这些帖子都不适合我.这就是为什么我把它创建为一个单独的帖子.
编辑
在sshd_config中将StrictModes从yes更改为no修复了问题.这样做安全吗?
编辑2
这是服务器上SSH的日志:
May 5 18:23:55 lemaker sshd[2591]: Connection from 10.0.1.37 port 42748 May 5 18:23:55 lemaker sshd[2591]: debug1: PAM: setting PAM_RHOST to "10.0.1.37" May 5 18:23:55 lemaker sshd[2591]: Failed publickey for root from 10.0.1.37 port 42748 ssh2 May 5 18:23:55 lemaker sshd[2591]: Connection closed by 10.0.1.37 [preauth]
解决方法
您不希望将.pub作为凭据提供.你想在你的最后使用你的私钥,所以你可能应该这样做
ssh -v -i ~/.ssh/id_rsa root@ip-addr
这是使用的deault键,所以你可以完全放弃-i标志
此外,如果您要通过ssh以root身份登录,请确保PermitRootLogin是