ssh 免密登陸公鑰設置失敗分析調試

前景

看到這里肯定已經知道如何設置免密登陸。本文主要用于解決免密登陸設置失效問題。

`ssh`調試

目的

ssh設置了公鑰仍然無法免密登陸; 需要調試

解決

通過systemctl status sshd的日志輸出查看原因

步驟

打開調試

systemctl status sshd查看所在服務文件

$ sudo systemctl status sshd
● sshd.service - OpenSSH DaemonLoaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: disabled)Active: active (running) since Sun 2023-12-24 20:00:51 CST; 4s agoMain PID: 2565 (sshd)Tasks: 2 (limit: 9374)Memory: 2.4M (peak: 2.7M)CPU: 8msCGroup: /system.slice/sshd.service├─2522 "sshd: ch [net]"└─2565 "sshd: /usr/bin/sshd -D -d [listener] 0 of 10-100 startups"

修改/usr/lib/systemd/system/sshd.service為debug模式

[Service]
# -d 調試
ExecStart=/usr/bin/sshd -D -d
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always

重新加載配置sudo systemctl daemon-reload并執行sudo systemctl restart sshd重啟;
開始查看調試信息


$ sudo systemctl status sshd
● sshd.service - OpenSSH DaemonLoaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: disabled)Active: active (running) since Sun 2023-12-24 19:58:34 CST; 10s agoMain PID: 2516 (sshd)Tasks: 2 (limit: 9374)Memory: 2.0M (peak: 2.7M)CPU: 47msCGroup: /system.slice/sshd.service├─2516 "sshd: ch [priv]"└─2522 "sshd: ch [net]"Dec 24 19:58:44 ch sshd[2516]: debug1: PAM: setting PAM_RHOST to "192.168.1.15"
Dec 24 19:58:44 ch sshd[2516]: debug1: PAM: setting PAM_TTY to "ssh"
Dec 24 19:58:44 ch sshd[2516]: debug1: userauth-request for user ch service ssh-connection method publickey [preauth]
Dec 24 19:58:44 ch sshd[2516]: debug1: attempt 1 failures 0 [preauth]
Dec 24 19:58:44 ch sshd[2516]: debug1: userauth_pubkey: publickey test pkalg rsa-sha2-512 pkblob RSA SHA256:* [preauth]
Dec 24 19:58:44 ch sshd[2516]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
Dec 24 19:58:44 ch sshd[2516]: debug1: trying public key file /home/ch/.ssh/authorized_keys
Dec 24 19:58:44 ch sshd[2516]: Could not open user 'ch' authorized keys '/home/ch/.ssh/authorized_keys': Permission denied

最終方案

通過添加字段和修改權限;

$ sudo ls -la .ssh/
total 20
drwx------ 2 ch ch 4096 Dec 24 19:14 .
drwx------ 9 ch ch 4096 Dec 24 19:44 ..
-rw------- 1 ch ch  578 Dec 24 20:03 authorized_keys
-rwxrwxrwx 1 ch ch 2590 Dec 24 12:34 id_rsa
-rwxrwxrwx 1 ch ch  559 Dec 24 12:34 id_rsa.pub

.為0700, 即chmod 0700 .ssh, authorized_keys需要為0600;

本文來自互聯網用戶投稿，該文觀點僅代表作者本人，不代表本站立場。本站僅提供信息存儲空間服務，不擁有所有權，不承擔相關法律責任。
如若轉載，請注明出處：http://www.pswp.cn/news/536660.shtml
繁體地址，請注明出處：http://hk.pswp.cn/news/536660.shtml
英文地址，請注明出處：http://en.pswp.cn/news/536660.shtml

如若內容造成侵權/違法違規/事實不符，請聯系多彩編程網進行投訴反饋email:809451989@qq.com，一經查實，立即刪除！