Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this questionI'm trying to set-up SSH connections without password to many servers, using RSA key. It works well for most of them but one is giving me some trouble.
The most common issue I've found in the past is permissions problems on .ssh or authorized_keys on the remote host, but here they seem correct, like this:
drwx------ ~/.ssh
-rw-r--r-- ~/.ssh/authorized_keys
Here is output 开发者_运维问答of ssh -v command to this server (I just changed hostname and IP):
Sun_SSH_1.1.3, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to myhost.mydomain.com [123.123.123.123] port 22.
debug1: Connection established.
debug1: identity file /export/home/webdev1/.ssh/identity type -1
debug1: identity file /export/home/webdev1/.ssh/id_rsa type 1
debug1: identity file /export/home/webdev1/.ssh/id_dsa type -1
debug1: Remote protocol version 1.5, remote software version 1.2.31
debug1: match: 1.2.31 pat 1.2.1*,1.2.2*,1.2.3*
debug1: Local version string SSH-1.5-Sun_SSH_1.1.3
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'myhost.mydomain.com' is known and matches the RSA1 host key.
debug1: Found key in /export/home/webdev1/.ssh/known_hosts:6
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Doing password authentication.
I suspect it could be due to the SSH version. Another server which works gives me the following output (remote protocol version 2.0 instead of 1.5):
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.3
debug1: match: Sun_SSH_1.1.3 pat Sun_SSH_1.1.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1.3
Any clue? Thanks for your help.
chmod 744 ~/.ssh/authorized_keys
works for me.
Make sure your home directory(/export/home/webdev1
) too has 700
permission.
The server may be configured to refuse public-key-based, password-less authentication. I do not know about Sun_SSH, but in OpenSSH (the most prevalent SSH implementation on Linux/*BSD systems) this is a matter of changing some settings in /etc/ssh/sshd_config
(options RSAAuthentication
for v1 protocol, PubkeyAuthentication
for v2).
try just
chmod -R 600 ~/.ssh/
Maybe the group/global read permission is causing an issue.
Maybe your user was locked on the unix box. If you usually login with your own account and then "be" the functional user, if that user has "password login" functionalities enabled but you are not using it, it may be locked (password expired for example). Howerver, even if it is locket it will not prevent you from sudo it with the "be" command, but it will definitly prevent any ssh login even if the keys are trusted.
精彩评论