发表新帖
发表新帖

Adding a public key to ~/.ssh/authorized_keys does not log me in automatically

前端 未结
关注
30 2497
爱一瞬间的悲伤
爱一瞬间的悲伤 2020-12-02 03:15

I added the public SSH key to the authorized_keys file. ssh localhost should log me in without asking for the password.

I did that and tried t

相关标签:
30条回答
  • 野的像风
    2020-12-02 03:58

    Just look in file /var/log/auth.log on the server. Setting additional verbosity with -vv on the client side won't help, because the server is unlikely to offer too much information to a possible attacker.

    0 讨论(0)
  • 南方客
    2020-12-02 03:59

    My problem was a modified AuthorizedKeysFile, when the automation to populate /etc/ssh/authorized_keys had not yet been run.

    $sudo grep AuthorizedKeysFile /etc/ssh/sshd_config
#AuthorizedKeysFile .ssh/authorized_keys
AuthorizedKeysFile  /etc/ssh/authorized_keys/%u
    0 讨论(0)
  • 独厮守ぢ
    2020-12-02 04:00

    Also be sure your home directory is not writeable by others:

    chmod g-w,o-w /home/USERNAME

    This answer is stolen from here.

    0 讨论(0)
  • 自闭症患者
    2020-12-02 04:00

    Look in file /var/log/auth.log on the server for sshd authentication errors.

    If all else fails, then run the sshd server in debug mode:

    sudo /usr/sbin/sshd -ffffd -p 2200

    Then connect from the client:

    ssh user@host -p 2200

    In my case, I found the error section at the end:

        debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:6bL+waAtghY5BOaY9i+pIX9wHJHvY4r/mOh2YaL9RvQ [preauth]
==> debug2: userauth_pubkey: disabled because of invalid user [preauth]
    debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth]
    debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth]
    debug3: send packet: type 51 [preauth]
    debug3: receive packet: type 50 [preauth]

    With this information I realized that my sshd_config file was restricting logins to members of the ssh group. The following command fixed this permission error:

    sudo usermod -a -G ssh NEW_USER
    0 讨论(0)
  • 暖寄归人
    2020-12-02 04:01

    Another issue you have to take care of: If your generated file names are not the default id_rsa and id_rsa.pub.

    You have to create the .ssh/config file and define manually which id file you are going to use with the connection.

    An example is here:

    Host remote_host_name
    HostName 172.xx.xx.xx
    User my_user
    IdentityFile /home/my_user/.ssh/my_user_custom
    0 讨论(0)
  • 萌比男神i
    2020-12-02 04:01

    I had this problem when I added the group of the login user to another user.

    Let's say there is an SSH-login user called userA and a non-SSH-login user userB. userA has the group userA as well. I modified userB to have the group userA as well. The lead to the the described behaviour, so that userA was not able to login without a prompt.

    After I removed the group userA from userB, the login without a prompt worked again.

    0 讨论(0)
 看不清?
提交回复
热议问题