não pode logar ssh sem senha

1

Eu configurei meu ssh-public-key em authorized_keys.

Nota: A mesma chave funcionou em outro servidor

e, em seguida, defina

authorized_keys 0644
.ssh 0600 

Há algo que eu precise fazer?

Estes são os log verbos ssh abaixo.

Eu atualizei o log mais detalhado use -vvv option

OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "whitebear.vs.sakura.ne.jp" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to whitebear.vs.sakura.ne.jp [153.126.185.74] port 22.
debug1: Connection established.
debug1: identity file /Users/whitebear/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/whitebear/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/whitebear/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/whitebear/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/whitebear/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/whitebear/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/whitebear/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/whitebear/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 5 setting O_NONBLOCK
debug1: Authenticating to whitebear.vs.sakura.ne.jp:22 as 'whitebear'
debug3: hostkeys_foreach: reading file "/Users/whitebear/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /Users/whitebear/.ssh/known_hosts:58
debug3: load_hostkeys: loaded 1 keys from whitebear.vs.sakura.ne.jp
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:w0dV1hhjGfRhwief8u5GxHgPw1fnUMANPA7xyjJpOvY
debug3: hostkeys_foreach: reading file "/Users/whitebear/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /Users/whitebear/.ssh/known_hosts:58
debug3: load_hostkeys: loaded 1 keys from whitebear.vs.sakura.ne.jp
debug3: hostkeys_foreach: reading file "/Users/whitebear/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /Users/whitebear/.ssh/known_hosts:58
debug3: load_hostkeys: loaded 1 keys from 153.126.185.74
debug1: Host 'whitebear.vs.sakura.ne.jp' is known and matches the ECDSA host key.
debug1: Found key in /Users/whitebear/.ssh/known_hosts:58
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /Users/whitebear/.ssh/id_rsa (0x7ffda8e01220)
debug2: key: /Users/whitebear/.ssh/id_dsa (0x0)
debug2: key: /Users/whitebear/.ssh/id_ecdsa (0x0)
debug2: key: /Users/whitebear/.ssh/id_ed25519 (0x0)
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/whitebear/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /Users/whitebear/.ssh/id_dsa
debug3: no such identity: /Users/whitebear/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /Users/whitebear/.ssh/id_ecdsa
debug3: no such identity: /Users/whitebear/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /Users/whitebear/.ssh/id_ed25519
debug3: no such identity: /Users/whitebear/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

Eu adicionei o log ls -lsa também.

8 -r--------  1 whitebear  staff  1679  7 10  2014 /Users/whitebear/.ssh/id_rsa
8 -rw-r--r--  1 whitebear  staff   424  7 10  2014 /Users/whitebear/.ssh/id_rsa.pub
8 -rw-r--r--@ 1 whitebear  staff   382  4 28 16:20 /Users/whitebear/.ssh/id_rsa.pub_mixhost

Eu também verifiquei se essas três linhas estão escritas em / etc / ssh / sshd_config

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      ~/.ssh/authorized_key
    
por whitebear 03.05.2017 / 07:38

2 respostas

1

Parece haver dois problemas aqui:

  1. Lado do cliente

Você deve colocar seu private key no host do cliente (no qual você está executando o cliente ssh):

/.ssh/id_rsa
A permissão

/.ssh/id_rsa deve ser legível apenas por você:

chmod 400 ~/.ssh/id_rsa
  1. Lado do servidor

De acordo com sua pergunta, você define a permissão de Servidor .ssh como 600, a permissão adequada deve ser 700 - que inclui executar (ou alterar dir) .

Altere a permissão .ssh da pasta para 700 , por ex. por:

chmod 700 ~/.ssh

Você pode analisar a página do Ubuntu OpenSSH , que também mencionou que a permissão ~/.ssh da pasta deve ser 700

Observe que a mesma página do OpenSSH também recomenda que a permissão authorized_keys do arquivo será 600 (leitura / gravação pelo proprietário):

chmod 600 ~/.ssh/authorized_keys

Copie a chave pública usando ssh-copy-id

Uma maneira fácil de copiar a chave pública do cliente para o servidor SSH é usar ssh-copy-id :

ssh-copy-id is a command that automates transfer of your public key to the server. To perform the transfer you will need to log in, so do not disable password authentication until after you confirm the key is working.

ssh-copy-id -i key_name user@server

ssh-copy-id -i id_rsa [email protected]
    
por 03.05.2017 / 08:38
0

Você não mencionou sua distro etc, mas eu tenho freqüentemente deparado com problemas similares em sistemas Centos 6 (corretamente configurados). A questão está no SELinux. Tente desativar temporariamente o SELinux e veja se ele resolve o problema. Em caso afirmativo, certifique-se de estar executando a versão mais recente e renomeando o sistema de arquivos para atualizar as permissões ssh.

    
por 03.05.2017 / 10:35

Tags