因為了解產生感動 wrote:
> 小弟剛好也有這個問題
> 錯誤訊息如下
> 應該檢查哪裡呢?
>
> [achen@node7 .ssh]$ ssh server.cluster -vvv ls
> OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to server.cluster [192.168.1.2] port 22.
> debug1: Connection established.
> debug1: identity file /home/achen/.ssh/identity type -1
> debug3: Not a RSA1 key file /home/achen/.ssh/id_rsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: missing keytype
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: missing keytype
> debug1: identity file /home/achen/.ssh/id_rsa type 1
> debug1: identity file /home/achen/.ssh/id_dsa type -1
> debug1: loaded 3 keys
> debug1: Remote protocol version 1.99, remote software version OpenSSH_4.3
> debug1: match: OpenSSH_4.3 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.3
> debug2: fd 3 setting O_NONBLOCK
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
> debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib@openssh.com
> debug2: kex_parse_kexinit: none,zlib@openssh.com
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug2: dh_gen_key: priv key bits set: 143/256
> debug2: bits set: 519/1024
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug3: check_host_in_hostfile: filename /home/achen/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 5
> debug3: check_host_in_hostfile: filename /home/achen/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 5
> debug1: Host 'server.cluster' is known and matches the RSA host key.
> debug1: Found key in /home/achen/.ssh/known_hosts:5
> debug2: bits set: 499/1024
> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /home/achen/.ssh/identity ((nil))
> debug2: key: /home/achen/.ssh/id_rsa (0x2ab2ca599120)
> debug2: key: /home/achen/.ssh/id_dsa ((nil))
> debug1: Authentications that can continue: publickey,gssapi-with-mic,password
> debug3: start over, passed a different list publickey,gssapi-with-mic,password
> debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
> debug3: authmethod_lookup gssapi-with-mic
> debug3: remaining preferred: publickey,keyboard-interactive,password
> debug3: authmethod_is_enabled gssapi-with-mic
> debug1: Next authentication method: gssapi-with-mic
> debug3: Trying to reverse map address 192.168.1.2.
> debug1: Unspecified GSS failure. Minor code may provide more information
> Unknown code krb5 195
>
> debug1: Unspecified GSS failure. Minor code may provide more information
> Unknown code krb5 195
>
> debug1: Unspecified GSS failure. Minor code may provide more information
> Unknown code krb5 195
>
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/achen/.ssh/identity
> debug3: no such identity: /home/achen/.ssh/identity
> debug1: Offering public key: /home/achen/.ssh/id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue: publickey,gssapi-with-mic,password
> debug1: Trying private key: /home/achen/.ssh/id_dsa
> debug3: no such identity: /home/achen/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred: ,password
> debug3: authmethod_is_enabled password
> debug1: Next authentication method: password
> achen@server.cluster's password:
>
>
> : ※ 引述《wenking (Wen)》之銘言:
> : : ssh-keygen -t rsa -b 4096
> : : 先把公鑰跟私鑰做出來
> : : ssh-copy-id -i user@server_host
> : : 然後它會要我輸入一次密碼,然後將公鑰丟到server上得authorized_keys
> : : (我也試過將id_rsa中的資料直接複製上authorized_keys)
> : : 接著我用ssh登入時,它卻還是一直要我輸入密碼...
> : : 請問我是哪個步驟有錯了? 還是出了甚麼問題?
> : : 請各位大師大哥幫忙解答...謝謝
> : 登入的時候是否有試過指定 ssh key?
> : ex: ssh ID@host -i /tmp/private-key
> : ssh daemon 是否有正確讀到你產生的 key? (AuthorizedKeysFile)
> : PubkeyAuthentication 的選項是否有打開?
> : 關於 ssh daemon 設定檔的選項,請 man sshd_config
> : 在 ssh 連線的時候可以加上 -vvv 把 verbose mode 打開,吐出訊息幫助你判斷問題
1. /home/achen/.ssh/id_rsa 的權限必須是 -rw-------
2. 你確定是 RSA 的 format??
討論串 (同標題文章)
完整討論串 (本文為第 4 之 4 篇):