V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
jiaqidianbo
V2EX  ›  问与答

免密码登录有的成功,有的失败是怎么回事儿

  •  
  •   jiaqidianbo · 2015-07-22 23:22:11 +08:00 · 3971 次点击
    这是一个创建于 3406 天前的主题,其中的信息可能已经有所发展或是发生改变。

    自己创建了一台centos 6.5的虚拟机,然后克隆了3台,修改了ip,都可以互相ping通,都可以连外网。但我想让这几台都SSH无密码访问,可是同样的操作,ssh-keygen -t rsa,将第一台的公钥拷贝到了其他三台的authoried_keys,

    结果第一台和第二台成功免密钥登录,而第一台登录其他两台不行,都需要密码。这是为什么呢?

    4 条回复    2021-03-12 17:50:23 +08:00
    kaneg
        1
    kaneg  
       2015-07-22 23:59:54 +08:00 via iPhone
    ssh -v xxx看输出什么
    jiaqidianbo
        2
    jiaqidianbo  
    OP
       2015-07-23 00:14:15 +08:00
    @kaneg

    [root@newmaster .ssh]# ssh -v newnode3
    OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to newnode3 [192.168.1.25] port 22.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: identity file /root/.ssh/identity type -1
    debug1: identity file /root/.ssh/identity-cert type -1
    debug1: identity file /root/.ssh/id_rsa type 1
    debug1: identity file /root/.ssh/id_rsa-cert type -1
    debug1: identity file /root/.ssh/id_dsa type -1
    debug1: identity file /root/.ssh/id_dsa-cert type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
    debug1: match: OpenSSH_5.3 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.3
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'newnode3' is known and matches the RSA host key.
    debug1: Found key in /root/.ssh/known_hosts:3
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    debug1: Next authentication method: gssapi-keyex
    debug1: No valid Key exchange context
    debug1: Next authentication method: gssapi-with-mic
    debug1: Unspecified GSS failure. Minor code may provide more information
    Credentials cache file '/tmp/krb5cc_0' not found

    debug1: Unspecified GSS failure. Minor code may provide more information
    Credentials cache file '/tmp/krb5cc_0' not found

    debug1: Unspecified GSS failure. Minor code may provide more information


    debug1: Unspecified GSS failure. Minor code may provide more information
    Credentials cache file '/tmp/krb5cc_0' not found

    debug1: Next authentication method: publickey
    debug1: Trying private key: /root/.ssh/identity
    debug1: Offering public key: /root/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    debug1: Trying private key: /root/.ssh/id_dsa
    debug1: Next authentication method: password

    root@newnode3's password:
    kaneg
        3
    kaneg  
       2015-07-23 22:46:09 +08:00
    从 debug1: Offering public key: /root/.ssh/id_rsa 一行来看,客户端已经尝试发送RSA public 方式登录,但未成功,所以问题很有可能在服务端。一般来说,可能是服务端~/.ssh/authorized_keys的权限不对。不过为了查到正真的原因,需要如下方法:
    将ssh日志调为debug模式: 修改/etc/ssh/sshd_config,将LogLevel INFO 改为LogLevel DEBUG
    重启ssh 服务: service ssh restart
    然后一边登录,一边观察/var/log/auth.log,一般来说错误原因就在其中。
    awanganddong
        4
    awanganddong  
       2021-03-12 17:50:23 +08:00
    标记以下, 现在也出现问题,学习下判断方法
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3457 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 20ms · UTC 11:28 · PVG 19:28 · LAX 03:28 · JFK 06:28
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.