您的位置:首页 > 运维架构 > Linux

关于使用putty私钥连接linux出现失败的原因解决方案

2012-04-17 16:11 387 查看
楼主最近研究hadoop,遇到ssh私钥连接linux失败的问题,苦恼了很久,具体做法是通过puttygen.exe生成私钥和公钥文件,将公钥文件拷贝至ubuntu下hadoop用户下的.ssh文件夹下,然后用私钥文件连接,但总是出现“server refused our key“的报错,百撕不得骑姐,哦不,是百思不得其解,然后谷歌百度,找到如下文章,来源http://www.andremolnar.com/how_to_set_up_ssh_keys_with_putty_and_not_get_server_refused_our_key

文章内容

So you're trying to set up ssh keys on your windows box with putty and you keep getting "Server refused our key". Read on, I've got your solution... but first lets take a look at what you've done so far.

Chances are you have done some/none/all of the following:

opened up puttygen.exe

generated a key after wiggling your mouse
entered a strong passphrase
saved the public key to something like

pubkey


saved the private key to something like

privatekey.ppk


moved your public key up to the server
(maybe even) converted the format of the key from putty to openssh with something like

ssh-keygen -if pubkey > pubkey_openssh_format


changed some permissions like

chmod 700 .ssh


added your pubkey to the authorized_keys file with something like

cat pubkey >> .ssh/authorized_keys


changed some more permissions like

chmod 600 authorized_keys


changed your putty settings under "connection > SSH > auth" to use

privatekey.ppk


tried to connect and...

"Server refused our key"

Well - from what I have read that's supposed to work... but it didn't work for you did it?

Your problem has nothing to do with how well you followed these well documented procedures for getting ssh keys to work.

The solution to the problem is...

(brace yourself, its really simple) to try generating the keys on the server (unix, linix, bsd etc.) instead of the client (i.e. in windows).

Try the following:

ssh to your server using good old user name and password
do check permissions on your ~/.ssh folder and make sure to

chmod 700 .ssh

if they are wrong

do check permissions on your ~/.ssh/authorized_keys file and make sure to

chmod 600 authorized_keys

if they are wrong

generate the keys on the server with something like

ssh-keygen -t dsa

(or rsa -
read the man pages if your don't know how to use ssh-keygen

accept the file names it wants to use
enter a strong passphrase
add the pub key to the authorized_keys file with something like

cat id_dsa.pub >> .ssh/authorized_keys


copy the private key (id_dsa) to your local windows machine (use winscp or sftp or some such tool)
NOW open puttygen.exe
under actions select "load" and load the id_dsa file
enter the passphrase you set when you generated the key on the server. Puttygen will now convert the key to something that putty will understand
save that file to something like

pivatekey.ppk


NOW change your putty settings under "connection > SSH > auth" to use

privatekey.ppk


NOW try and connect
enter the passphrase when prompted
pat yourself on the back. You're connected to the server (I hope)

Now all you have to do is figure out a way to not have to always enter that passphrase. Well that will require setting up puttyagent. But, I'll let you figure that out for yourself.

I really hope this helped you out. I wasted too much of my life figuring this out this evening and I hope I saved you hours of aggravation.

Have comments? Want to say thanks? Leave a comment. Or if you feel really generous send me a buck or three ;-)

原来原因在于生成私钥文件的步骤是在windows下的,也就是说用puttygen这个工具生成公钥私钥,然后将公钥拷贝到linux下,再用私钥访问目前存在一些问题。解决方案就是反过来使用linux生成私钥公钥文件,然后将生成的私钥文件拷贝至window下,用puttygen.exe加载(load)它生成putty支持的私钥文件,再用该文件访问。楼主做了一次就成功了,故分享下经验。

步骤

1:使用linux密码登陆,然后键入命令ssh-keygen -t dsa生成公钥私钥文件,你会在用户目录下的.ssh隐藏文件夹下找到他们
2:修改公钥文件的名字cat id_dsa.pub >> .ssh/authorized_keys
3:将私钥文件id_dsa拷贝到你的windons下,打开puttygen,然后点击load,对话框中的文件类型选择所有,load 这个id_dsa文件后,save private key文件,以后用这个
生成的私钥就可以访问linux了
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐