Tidak dapat masuk ke mesin jarak jauh dengan kunci

15

Saya dulu masuk ke mesin jarak jauh (saya harus me-root mesin ini) menggunakan kunci. Mesin lokal dan mesin jarak jauh saya ada di f23. Dari beberapa hari terakhir, saya tidak bisa masuk ke mesin ini menggunakan kunci. Ia meminta kata sandi. Inilah ssh -vvv:

ssh -vvv aveta
OpenSSH_7.1p1, OpenSSL 1.0.2d-fips 9 Jul 2015
debug1: Reading configuration data /home/rudra/.ssh/config
debug1: /home/rudra/.ssh/config line 4: Applying options for aveta
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to phy-aveta.physics.uu.se [130.238.194.143] port 22.
debug1: Connection established.
debug1: identity file /home/rudra/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1
debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to phy-aveta.physics.uu.se:22 as 'rudra'
debug3: hostkeys_foreach: reading file "/home/rudra/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/rudra/.ssh/known_hosts:16
debug3: load_hostkeys: loaded 1 keys from phy-aveta.physics.uu.se
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-ed25519,ssh-rsa
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: kex: [email protected] need=64 dh_need=64
debug1: kex: [email protected] need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:F34tt6QLRDt6Qm45eHOFhYGS5DSxYrThhR2lbBHNXes
debug3: hostkeys_foreach: reading file "/home/rudra/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/rudra/.ssh/known_hosts:16
debug3: load_hostkeys: loaded 1 keys from phy-aveta.physics.uu.se
debug3: hostkeys_foreach: reading file "/home/rudra/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/rudra/.ssh/known_hosts:14
debug3: load_hostkeys: loaded 1 keys from 130.238.194.143
debug1: Host 'phy-aveta.physics.uu.se' is known and matches the ECDSA host key.
debug1: Found key in /home/rudra/.ssh/known_hosts:16
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/rudra/.ssh/id_rsa (0x562e17c87070),
debug2: key: /home/rudra/.ssh/id_dsa ((nil)),
debug2: key: /home/rudra/.ssh/id_ecdsa ((nil)),
debug2: key: /home/rudra/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/rudra/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/rudra/.ssh/id_dsa
debug3: no such identity: /home/rudra/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/rudra/.ssh/id_ecdsa
debug3: no such identity: /home/rudra/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/rudra/.ssh/id_ed25519
debug3: no such identity: /home/rudra/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
[email protected]'s password: 

Saya telah menghapus .ssh, .configdan .cachedari remote dan mengulang ssh-copy-id, tanpa bantuan.

Untuk memecahkan masalah, saya telah membuat pengguna lain, lakukan ssh-copy-iddan yang itu berfungsi dengan baik. ssh -vvvuntuk itu mesin yang bekerja adalah:

ssh -vvv [email protected] 
OpenSSH_7.1p1, OpenSSL 1.0.2d-fips 9 Jul 2015
debug1: Reading configuration data /home/rudra/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to phy-aveta.physics.uu.se [130.238.194.143] port 22.
debug1: Connection established.
debug1: identity file /home/rudra/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1
debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to phy-aveta.physics.uu.se:22 as 'rudra2'
debug3: hostkeys_foreach: reading file "/home/rudra/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/rudra/.ssh/known_hosts:16
debug3: load_hostkeys: loaded 1 keys from phy-aveta.physics.uu.se
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-ed25519,ssh-rsa
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: kex: [email protected] need=64 dh_need=64
debug1: kex: [email protected] need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:F34tt6QLRDt6Qm45eHOFhYGS5DSxYrThhR2lbBHNXes
debug3: hostkeys_foreach: reading file "/home/rudra/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/rudra/.ssh/known_hosts:16
debug3: load_hostkeys: loaded 1 keys from phy-aveta.physics.uu.se
debug3: hostkeys_foreach: reading file "/home/rudra/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/rudra/.ssh/known_hosts:14
debug3: load_hostkeys: loaded 1 keys from 130.238.194.143
debug1: Host 'phy-aveta.physics.uu.se' is known and matches the ECDSA host key.
debug1: Found key in /home/rudra/.ssh/known_hosts:16
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/rudra/.ssh/id_rsa (0x55c98f7eb080),
debug2: key: /home/rudra/.ssh/id_dsa ((nil)),
debug2: key: /home/rudra/.ssh/id_ecdsa ((nil)),
debug2: key: /home/rudra/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/rudra/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp SHA256:xT3VPQUunB3Nv/Pmi6C6Sroc0fa9SlKcQ4d0eF2vxzI
debug3: sign_and_send_pubkey: RSA SHA256:xT3VPQUunB3Nv/Pmi6C6Sroc0fa9SlKcQ4d0eF2vxzI
debug1: Authentication succeeded (publickey).
Authenticated to phy-aveta.physics.uu.se ([130.238.194.143]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env XDG_VTNR
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env HOSTNAME
debug3: Ignored env SHELL
debug3: Ignored env TERM
debug3: Ignored env XDG_MENU_PREFIX
debug3: Ignored env VTE_VERSION
debug3: Ignored env HISTSIZE
debug3: Ignored env XCRYSDEN_SCRATCH
debug3: Ignored env WINDOWID
debug3: Ignored env QTDIR
debug3: Ignored env QTINC
debug3: Ignored env QT_GRAPHICSSYSTEM_CHECKED
debug3: Ignored env XCRYSDEN_TOPDIR
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env DESKTOP_AUTOSTART_ID
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env PATH
debug3: Ignored env MAIL
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env QT_IM_MODULE
debug3: Ignored env XDG_SESSION_TYPE
debug3: Ignored env PWD
debug1: Sending env XMODIFIERS = @im=ibus
debug2: channel 0: request env confirm 0
debug1: Sending env LANG = en_GB.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env MODULEPATH
debug3: Ignored env GDM_LANG
debug3: Ignored env LOADEDMODULES
debug3: Ignored env GDMSESSION
debug3: Ignored env SSH_ASKPASS
debug3: Ignored env HISTCONTROL
debug3: Ignored env HOME
debug3: Ignored env XDG_SEAT
debug3: Ignored env SHLVL
debug3: Ignored env GNOME_DESKTOP_SESSION_ID
debug3: Ignored env XBANDPATH
debug3: Ignored env XDG_SESSION_DESKTOP
debug3: Ignored env LOGNAME
debug3: Ignored env QTLIB
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env MODULESHOME
debug3: Ignored env LESSOPEN
debug3: Ignored env WINDOWPATH
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env DISPLAY
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env XAUTHORITY
debug3: Ignored env BASH_FUNC_module()
debug3: Ignored env BASH_FUNC_scl()
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Mon Oct 12 12:33:15 2015 from 130.238.194.90
[rudra2@phy-aveta ~]$ debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0

Saya tidak mengerti mengapa dalam kombinasi lokal-remote yang sama, yang satu berfungsi dan yang lainnya tidak.

EDIT .ssh / config untuk yang gagal adalah:

Host aveta
  User rudra
  Hostname phy-aveta.physics.uu.se
  ForwardX11 yes

Tidak ada entri ssh / .config untuk rudra2, yaitu yang berfungsi.

Jawab Paulus di mesin lokal saya, saya punya:

tree .ssh/
.ssh/
├── authorized_keys
├── config
├── environment
├── id_rsa
├── id_rsa.pub
└── known_hosts

Di kedua pengguna jarak jauh, saya hanya punya authorized_keys. Dan keduanya identik.

[root@phy-aveta rudra2]# diff .ssh/authorized_keys /home/rudra/.ssh/authorized_keys 
[root@phy-aveta rudra2]# 

Sunting 2: Tanpa menggunakan ssh / .config Saya telah berkomentar di luar bagian untuk pengguna pertama di .ssh / config. http://ur1.ca/nzndx adalah ssh -vvv untuk itu. Masih meminta kata sandi

Sunting: Izin Pengguna pertama ... gagal

#ls -al /home/rudra/|grep .ssh
drwx------.  2 rudra rudra  4096 Oct 12 14:16 .ssh
$ls -alF .ssh/
total 12K
drwx------.  2 rudra rudra 4.0K Oct 12 14:16 ./
drwxrwxr-x. 36 rudra rudra 4.0K Oct 12 14:30 ../
-rw-------.  1 rudra rudra  394 Oct 10 12:01 authorized_keys

Untuk pengguna kedua

# ls -al /home/rudra2/|grep .ssh
drwx------. 2 rudra2 rudra2 4096 Oct 12 14:16 .ssh
$ ls -alF .ssh/
total 12
drwx------. 2 rudra2 rudra2 4096 Oct 12 14:16 ./
drwx------. 4 rudra2 rudra2 4096 Oct 12 14:14 ../
-rw-------. 1 rudra2 rudra2  394 Oct 11 09:57 authorized_keys
BaRud
sumber
Apa (bagian yang relevan dari) ~ ~ .ssh / config lokal Anda?
The Sidhekin
Perbedaan yang paling jelas adalah bahwa untuk pengguna pertama, ssh menerapkan opsi dari /home/rudra/.ssh/config, sedangkan untuk pengguna kedua, tidak. Jadi ... tunjukkan pilihan itu kepada kami?
The Sidhekin
2
Kemungkinan duplikat dari Bagaimana cara membuat kata sandi tanpa login berfungsi
Gilles 'SO- stop being evil'
2
Saya memberikan suara untuk menjaga pertanyaan ini terbuka, karena ia melakukan dua hal, 1) beberapa jawaban membantu pengguna membaca diagnosa yang dihasilkan oleh flag verbose, dan 2) menunjukkan bahwa izin yang salah tidak secara langsung ditampilkan dalam diagnosa , meskipun merupakan dasar dari masalah tersebut.
X Tian
1
Masalah ini berbeda dengan "Cara membuat kata sandi tanpa login berfungsi" karena sifat masalah dan gejalanya. Admin selalu mengeluarkan air liur untuk menandai barang sebagai duplikat. Memiliki sedikit kesabaran.
Br.Bill

Jawaban:

15

Itu ada. Grup memiliki akses tulis ke ~ rudra:

$ls -alF .ssh/ total 12K
drwx------.  2 rudra rudra 4.0K Oct 12 14:16 ./
drwxrwxr-x. 36 rudra rudra 4.0K Oct 12 14:30 ../
-rw-------.  1 rudra rudra  394 Oct 10 12:01 authorized_keys

Dengan demikian, sshd menolak untuk mempercayai file di ~ rudra, dan tidak menggunakan ~ rudra / .ssh / berwenang_keys, meskipun izinnya benar.

chmod g-w ~rudra harus memperbaikinya.

Sidhekin
sumber
1
Oh ... Saya selalu melakukan lluntuk memeriksa izin untuk melihat itu, karenanya tidak pernah menyadarinya. Sebenarnya saya tidak tahu mengapa ../dir muncul. Tetapi mengubah izin memperbaikinya.
BaRud
3
Itu akan menjadi -apilihan untuk ls- dan mengapa saya meminta secara ls -alFkhusus. ... oke, jadi -Fini berlebihan di sini; hanya kebiasaan lama. ;-)
The Sidhekin
5

Pengguna pertama Anda mengirimkan kunci rsa dan ditolak.

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/rudra/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password

Pengguna kedua Anda berhasil

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/rudra/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp SHA256:xT3VPQUunB3Nv/Pmi6C6Sroc0fa9SlKcQ4d0eF2vxzI
debug3: sign_and_send_pubkey: RSA SHA256:xT3VPQUunB3Nv/Pmi6C6Sroc0fa9SlKcQ4d0eF2vxzI
debug1: Authentication succeeded (publickey).

Baris perintah Anda berbeda dan .ssh / config Anda sedang diaktifkan untuk pengguna pertama untuk aveta host jarak jauh:

debug1: Reading configuration data /home/rudra/.ssh/config
debug1: /home/rudra/.ssh/config line 4: Applying options for aveta
debug1: Reading configuration data /etc/ssh/ssh_config

Opsi apa yang Anda gunakan dalam file konfigurasi?

Terakhir dua rsakeys yang digunakan tampak berbeda.

Pengguna pertama

debug2: key: /home/rudra/.ssh/id_rsa (0x562e17c87070),

Pengguna kedua

debug2: key: /home/rudra/.ssh/id_rsa (0x55c98f7eb080),
X Tian
sumber
@X Tian: Ada petunjuk mengapa puing-puing ditolak? Saya belum pernah melihat file
ecdsa