在打通虚拟机之间的ssh无密码登录时出现的问题,每次尝试登陆都会提示错误:Permission denied 。历时一天多,我终于把问题搞定,期间百度了很多人的方法,也受到启发,其实是很简单的一个原理,今天就跟大家一起分享下吧,也算是做个记录。
开始走了很多误区,重复设置sshd_config,vsftpd.conf 等等文件,找不出问题出在哪。
因为 ssh localhost 时 可以连通,ssh 192.168.1.10时就不行
ssh localhost 如下
ssh 192.168.1.10如下
总结:因为localhost是本机,本机有正确的密钥,所以能连上,而那个则没有,因为来没有传,也没办法传,因为现在无法连通,所以现在要解决连通问题。
后来通过 ssh -v 查看了连接记录,有所收获,对比如下
ssh localhost(只截取了一部分)
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Wed May 13 01:13:48 2015 from localhost
ssh 192,168,1,10
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.1.10' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
这句很重要,说明除了验证密钥的方式,没有其他方式可以选择,而现在没传公钥所以链接是注定失败的 ,那么我们就要添加一个方式就是 密码验证方式,到这里我就恍然大悟了,需要设置passwordauthority yes !!!!
解决方式:
打开ssh配置文件修改
命令:vim /etc/ssh/sshd_config
其中有一项 passwordauthority ,这个要注意了,我们设置无密码登录就需要把本机的公钥传到服务器上去,加入服务器的authorized_keys文件里,才可以访问到此服务器,如果passwordauthority no 就不允许ssh进行密码访问,所以这个设置不能过早的设置。
正确的顺序是:
1、passwordauthority yes;
2、把公钥id_rsa.pub传到服务器上,命令:scp ~/.ssh/id_rsa.pub 远程用户名@远程服务器IP:~/
3、把公钥追加到authorized_keys里,命令:cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
4、更改授权,命令:chmod 600 ~/.ssh/authorized_keys
5、passwordauthority no //此时再更改为不许密码登陆,使用密钥即可。
反思:除了跟着网上步骤一步步做,还需要自己思考,知道how还要知道why,这样才能把握住问题,灵活应变。
ps:最近挺累的,真的,尤其,夏天又到了,看着别的菇凉穿的美美的,我好想去逛街,啊啊,好想穿着裙子美美的出去玩耍~~%>_<%,哎,but,i can't !
不过还好,坚持学习的这段时间,每天都有进步,也都有新的收获,加油吧。gogo!!
over 成功连接~!!