家里的笔记本以前设置过和阿里云的centos6.6 vps的面密码登陆,是可以正常使用的。今天想给家里的一台centos6.6设置免密码登陆的时候总是无法成功。
文件的权限已经设置好了
[root@centos65 ~]# ll -al|grep .ssh
drwx------. 2 root root 4096 6月 13 21:00 .ssh
[root@centos65 ~]# ll .ssh/authorized_keys
-rw-------. 1 root root 380 6月 13 21:00 .ssh/authorized_keys
[root@centos65 ~]# pwd
/root
对比了一下我阿里云上的/etc/ssh/sshd_config文件, 并没有发现明显的不同。
下面是/var/log/secure文件里面每次登陆时的日志
Jun 13 22:43:23 centos65 sshd[24475]: Received disconnect from
192.168.1.240: 11: disconnected by user Jun 13 22:43:23 centos65 sshd[24475]: pam_unix(sshd:session): session closed for user root Jun
13 22:43:27 centos65 sshd[26131]: Accepted password for root from
192.168.1.240 port 49893 ssh2 Jun 13 22:43:28 centos65 sshd[26131]: pam_unix(sshd:session): session opened for user root by (uid=0)
求指导一下 ,是什么原因导致我无法面密码登陆,或者指导一下如何进行调试(目前这个日志内容对我来说线索实在太少了)。
update1
刚发现-v参数可用,我怀疑是不是新的主机默认开启了两步验证。下面是ssh -v的日志
xubanditdeMBP:.ssh xubandit$ ssh -v root@192.168.1.215
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 192.168.1.215 [192.168.1.215] port 22.
debug1: Connection established.
debug1: identity file /Users/xubandit/.ssh/id_rsa type 1
debug1: identity file /Users/xubandit/.ssh/id_rsa-cert type -1
debug1: identity file /Users/xubandit/.ssh/id_dsa type -1
debug1: identity file /Users/xubandit/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 35:87:40:19:ce:78:96:97:4d:73:39:85:08:a1:2e:e3
debug1: Host '192.168.1.215' is known and matches the RSA host key.
debug1: Found key in /Users/xubandit/.ssh/known_hosts:22
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/xubandit/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /Users/xubandit/.ssh/id_dsa
debug1: Next authentication method: password
update2
不好意思,这么完打扰大家了。
最后发现是我自己把笔记本上的.ssh/id_rsa.pub文件里面最后一部分username@hostname给删掉了导致的。当时看着这么一段话感觉有点别扭就随手删掉了。然后就把自己坑了。
tips:
在ssh服务端
service sushi stop #关闭服务
/usr/sbin/sshd -d #手动启动
这样可以读到更详细的日志信息 ,我就是通过这个定位到authorized_keys文件有问题的。
update3
不知道怎么close这个问题,请有权限的同学close一下
将之前的删了,用ssh-copy-id 重新来一遍吧
ssh-copy-id remote_host
我以前记录的一篇笔记,每次换机器后我都会翻出来照着设置,都没有出现问题,希望对你有帮助。
http://www.netingcn.com/linux-no-password-login.html