stackoom
  简体   繁体   中英

ssh passwordless login fails with permission denied (publickey)

 原文  2013-11-27 05:59:18       linux/ ssh

Question

I am trying to set up passwordless ssh on two fresh linux VM's from VM A to VM B but I'm having permissions issues. I installed openssh-server on both vm's and configured /etc/ssh/sshd_config as follows:

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys
PasswordAuthentication no

All other fields are their default values. On VM AI ran ssh-keygen -t rsa with the default options. I tried to use ssh-copy-id but I got a permission denied(publickey) error. I then manually copied id_rsa.pub into authorized_keys on VM B. I used chmod 700 for ~/.ssh, chmod 600 for ~/.ssh/id_rsa, and chmod 644 for ~/.ssh/id_rsa.pub, ~/.ssh/authorized_keys, and ~/.ssh/known_hosts on both VM's. After running ssh -v VM-B I get the following output:

OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to hadoop-slave-1 [192.168.86.134] port 22.
debug1: Connection established.
debug1: identity file /home/hduser/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/hduser/.ssh/id_rsa-cert type -1
debug1: identity file /home/hduser/.ssh/id_dsa type -1
debug1: identity file /home/hduser/.ssh/id_dsa-cert type -1
debug1: identity file /home/hduser/.ssh/id_ecdsa type -1
debug1: identity file /home/hduser/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 45:48:fd:f0:db:1a:2a:c0:80:17:ec:18:5a:dd:f2:a5
debug1: Host 'hadoop-slave-1' is known and matches the ECDSA host key.
debug1: Found key in /home/hduser/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/hduser/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/hduser/.ssh/id_dsa
debug1: Trying private key: /home/hduser/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).

Is there something else I need to do?

5 answers

solution1
 5  2013-11-27 06:04:57

Another cause of permission issues is the permissions set on the home directory. Check if this is 755 or less.

See http://www.openssh.org/faq.html#3.14 for more details.

solution2
 2 ACCPTED  2013-11-27 06:08:29

try to follow Password-less logins with OpenSSH

in particular this should work:

ssh-copy-id -i ~/.ssh/id_rsa.pub username@mystery

This will prompt you for the login password for the host, then copy the keyfile for you, creating the correct directory and fixing the permissions as necessary

solution3
 0  2013-11-27 06:16:20

This line in the log you posted doesn't look right:

debug1: Offering RSA public key: /home/hduser/.ssh/id_rsa

Could you try:

ssh-copy-id remotemachine_username@remotemachine

solution4
 0  2019-04-10 08:08:41

尝试将 PasswordAuthentication no 更改为 yes

solution5
 0  2020-03-14 01:51:18

After completing these steps, hduser will be able to login using ssh keys without having to use password authentication on VM B. (note: we'll enable password authentication while working, but disable it again once everything is in order)

  1. As root, open a terminal on VM B

  2. Configure sshd_config to temporarily allow password authentication and ensure that your root user can log back in if connection is lost during any part of this process.

    sudo nano /etc/ssh/sshd_config

    • Set PermitRootLogin to "yes" (we won't be leaving it this way)

    • Set PasswordAuthentication to "yes" (this is also temporary)

    • Save changes and return to terminal

    ctrl + o then Return/Enter

    ctrl + x

  3. Restart sshd services

    sudo systemctl restart sshd

  4. Become hduser

    su - hduser

  5. Remove /home/hduser/.ssh and replace it with a new (empty) ~/.ssh folder. Doing this as hduser ensures that hduser can write keys to this folder without having to specify ownership/group permissions with chmod (a common failure point in this process).

    rm -r ~/.ssh

    mkdir ~/.ssh

  6. Let's call the current terminal "VM B Terminal." Keep VM B Terminal open and spawn a new terminal on VM A; we'll call this "VM A Terminal."

  7. In VM A Terminal, we'll check for an "id_rsa.pub" file

    ls ~/.ssh

  8. If you see an "id_rsa.pub" file in here and know it to be a good key, you can safely move to the next step. Otherwise, generate a new key.

    ssh-keygen

    • Use the default options by pressing Enter/Return and typing "yes" when asked about saving the new key. You should now have a file called “id_rsa.pub” in your ~/.ssh folder.

  9. Use ssh-copy-id to copy hduser's credentials to the server. If ssh-copy-id is unavailable, scp is a good alternative.

    Option 1: ssh-copy-id hduser@<ip-address>

    Option 2: scp -r ~/.ssh hduser@<ip-address>:/home/hduser/.ssh

    • If successful, move on to the next step; otherwise, share your terminal output for further troubleshooting.

  10. Switching back to VM B Terminal

    sudo nano /etc/ssh/sshd_config

    PasswordAuthentication no

    • Save changes and return to terminal

  11. Restart sshd services

    sudo systemctl restart sshd

  12. From VM A Terminal, connect over ssh as hduser. Note: if hduser's ssh-key is password protected (this is recommended), enter the file password when prompted.

    • Congratulations on your success! You may now secure your server.

  13. Configure sshd_config with production settings

    sudo nano /etc/ssh/sshd_config

    PermitRootLogin no

    • Save and exit

    systemctl restart sshd

  14. Test hduser's connection again before closing out VM B terminal.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Ssh/scp - Permission denied (publickey,password) AWS_EC2 ssh Permission denied (publickey) SSH Login permission denied Github Permission denied (publickey) SSH keys in wrong directory? Adding SSH Key to authorized_keys: permission denied(publickey) Getting error while launching a SSH session Permission denied (publickey) Not able to connect to remote Amazon Instance via SSH (Permission denied(publickey)) “Permission denied (publickey).” while trying to SSH into Amazon EC2 Vagrant : Permission denied (publickey) Capistrano 3 deploy fails connecting to GitHub - Permission denied (publickey)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM