解决ssh添加用户公钥到~/.ssh/authorized_keys文件后任然无法无密码登录的问题
2014-03-15 20:23
691 查看
最近一开发同事找我帮忙,说他在一台服务器上添加了自己电脑的ssh公钥,但是登录服务器的时候仍然要求输入密码。刚开始我以为是他添加ssh公钥的时候粘贴有问题,比如,ssh公钥本来应该是一行,结果粘贴成了多行,或者是粘贴出现了其他问题。经过我重新添加一次公钥后,仍然让输入密码,我就开始怀疑是~/.ssh/authorized_keys文件权限的问题。再通过/var/log/secure查看日志,提示authorized_keys的权限不是600。然后我再查看authorized_keys这个文件的权限被修改成了664,再查看/etc/ssh/sshd_config文件中设置有StrictModes yes 难怪添加了公钥仍然被要求输入密码。这里提一点,如果自己能够看懂英文说明的话,出了问题,可以首先看看相关服务的man手册,软件自身的说明文档才是最权威,最原始的,其他的资料都只是参考而已,参杂着各种片面的理解。
通过man ssh查看ssh相关的说明
The file ~/.ssh/authorized_keys lists the public keys that are permitted for logging in. When the user logs in, the ssh program tells the server which key pair it would like to use for authentication. The client proves that it has access to the private key and the server checks that the corresponding public key is authorized to accept the account.
~/.ssh/authorized_keys
Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described in the sshd(8) manual page. This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others。If this file, the ~/.ssh directory, or the user’s home directory are writable by other users,then the file could be modified or replaced by unauthorized users. In this case, sshd will not allow it to be used unless the StrictModes option has been set to “no”.
查看man sshd_config
StrictModes
Specifies whether sshd(8) should check file modes and ownership of the user’s files and home directory before accepting login. This is normally desirable because novices sometimes accidentally leave their directory or files world-writable. The default is “yes”.
通过man手册可以知道系统默认~/.ssh/authorized_keys这个文件的权限应该是owner具有读写权限,其他的都不能读写,即权限应该是600.如果在/etc/ssh/sshd_config 中设置了StrictModes yes 则sshd会去检查~/.ssh/authorized_keys这个文件的文件权限。如果~/.ssh目录和owner的home目录可以被其他用户写,那也会出现问题。
本文出自 “Linux SA John” 博客,请务必保留此出处http://john88wang.blog.51cto.com/2165294/1377306
通过man ssh查看ssh相关的说明
The file ~/.ssh/authorized_keys lists the public keys that are permitted for logging in. When the user logs in, the ssh program tells the server which key pair it would like to use for authentication. The client proves that it has access to the private key and the server checks that the corresponding public key is authorized to accept the account.
~/.ssh/authorized_keys
Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described in the sshd(8) manual page. This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others。If this file, the ~/.ssh directory, or the user’s home directory are writable by other users,then the file could be modified or replaced by unauthorized users. In this case, sshd will not allow it to be used unless the StrictModes option has been set to “no”.
查看man sshd_config
StrictModes
Specifies whether sshd(8) should check file modes and ownership of the user’s files and home directory before accepting login. This is normally desirable because novices sometimes accidentally leave their directory or files world-writable. The default is “yes”.
通过man手册可以知道系统默认~/.ssh/authorized_keys这个文件的权限应该是owner具有读写权限,其他的都不能读写,即权限应该是600.如果在/etc/ssh/sshd_config 中设置了StrictModes yes 则sshd会去检查~/.ssh/authorized_keys这个文件的文件权限。如果~/.ssh目录和owner的home目录可以被其他用户写,那也会出现问题。
本文出自 “Linux SA John” 博客,请务必保留此出处http://john88wang.blog.51cto.com/2165294/1377306
相关文章推荐
- ssh配好无密码登录(RSA公钥)后,还要密码登录的问题的解决思路
- Vagrant box ubuntu/xenial64 添加vagrant用户解决没有登录密码的问题
- OpenSuSE的ssh无法使用密码登录问题的解决办法
- 解决SUSE Linux下SSH无法使用密码登录问题
- 解决SUSE Linux下SSH无法使用密码登录问题
- 已添加另一台机器用户的ssh公钥,但登录仍需要密码---Linux报错
- 开机登录失败 提示"user profile service服务未能登录,无法加载用户配置文件" 问题解决办法
- 解决在root里添加用户后登录后出现密码错误的问题
- 添加码云上的SSH公钥以及解决使用命令git pull/push 输入密码问题
- linux虚拟机不识别用户密码,无法登录问题解决
- 解决密码中包含{},密码修改成功后, 查询分析器无法用此密码登录的问题
- 树莓派 Learning 002 装机后的必要操作 --- 04 添加软件源 之 添加公钥 --- 解决“由于没有公钥,无法验证下列签名”问题
- 解决dropbear在busybox中使用无法使用本地用户登录问题
- 利用替换SAM文件的方式破解XP登陆密码,解决无法登陆系统的问题
- centos7将pub文件加入authorized_keys以后还是要输入密码,解决方法
- 解决非root用户用SSH不能无密码登陆本机问题。
- 解决盗版VC++无法打开文件和无法向工程中添加文件的问题
- [问题排障] ssh登录,密码提示出现慢的解决方法
- sshSSH Secure Shell Client root用户无法登录解决办法
- 解决Ubuntu的root账号无法登录SSH问题-Permission denied, please try again.