Windows 10免密登录Linux服务器
SSH免密登录遇到的问题
前言
SSH登录
1. winows 下用ssh-keygen 生成公钥和秘钥(使用git Bash Here)
使用命令 ssh-keygen.exe -t rsa (可以一路Enter)
2.将公钥发送到服务器
ssh-copy-id -i .ssh/id_rsa.pub user@192.168.1.110,此时会要求输一次服务 器密码
ssh-copy-id -i id_rsa.pub root@192.168.200.134
【win10 ssh 上传密钥过程,出现 无法将“ssh-copy-id”项识别】`
function ssh-copy-id([string]$userAtMachine, $args){
$publicKey = "$ENV:USERPROFILE" + "/.ssh/id_rsa.pub"
if (!(Test-Path "$publicKey")){
Write-Error "ERROR: failed to open ID file '$publicKey': No such file"
}
else {
& cat "$publicKey" | ssh $args $userAtMachine "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys || exit 1"
}
}
3.vscode插件Remote Development如果已经配置好对应的服务器,那么下次 再ssh登陆时,就不用输密码了
另外,我vscode ssh的配置文件ssh_config路径C:\Users\Administrator.ssh,生成公钥私钥放的位置也在这儿
提示:以下是本篇文章正文内容,下面案例可供参考
一、权限(非root)
chmod 644 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 755 /home/user
二、配置
1./etc/ssh/sshd_config修改
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PermitRootLogin yes
2.记得重启服务器SSH
systemctl restart sshd.service
三、VSCODE免密配置
https://blog.csdn.net/weixin_40607008/article/details/98471293
四、问题排查
1.ssh 客户端 ssh -p portXXX -vvv 服务器IP
ssh -p 1025 -vvv 192.168.200.210
首先还是要拿到明细 debug 日志,看看卡在哪里了。
linux 下的不少命令都自带调试功能,比如 ssh 就自带 debug 功能:
ssh -p 1025 -vvv 192.168.200.210
复制代码
ssh -vvv localhost
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/work/.ssh/identity type -1
debug1: identity file /home/work/.ssh/identity-cert type -1
…
debug3: remaining preferred: keyboard-interactive,password
// 启用公钥登录
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/work/.ssh/identity
debug3: no such identity: /home/work/.ssh/identity
debug1: Offering public key: /home/work/.ssh/id_rsa
debug3: send_pubkey_test
// 发送公钥包,等待服务器认证响应
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1741
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/work/.ssh/id_dsa
debug3: no such identity: /home/work/.ssh/id_dsa
debug1: Trying private key: /home/work/.ssh/id_ecdsa
debug3: no such identity: /home/work/.ssh/id_ecdsa
// 没通过认证,禁用该认证方法
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
// 下一个认证方法:启用密码登录
debug1: Next authentication method: password
work@localhost’s password:
首先还是要拿到明细 debug 日志,看看卡在哪里了。
linux 下的不少命令都自带调试功能,比如 ssh 就自带 debug 功能:
复制代码
ssh -vvv localhost
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/work/.ssh/identity type -1
debug1: identity file /home/work/.ssh/identity-cert type -1
…
debug3: remaining preferred: keyboard-interactive,password
// 启用公钥登录
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/work/.ssh/identity
debug3: no such identity: /home/work/.ssh/identity
debug1: Offering public key: /home/work/.ssh/id_rsa
debug3: send_pubkey_test
// 发送公钥包,等待服务器认证响应
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1741
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/work/.ssh/id_dsa
debug3: no such identity: /home/work/.ssh/id_dsa
debug1: Trying private key: /home/work/.ssh/id_ecdsa
debug3: no such identity: /home/work/.ssh/id_ecdsa
// 没通过认证,禁用该认证方法
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
// 下一个认证方法:启用密码登录
debug1: Next authentication method: password
work@localhost’s password:
2.服务器端查看失败原因
tail -f /var/log/secure
如果存在:Authentication refused: bad ownership or modes for directory /root
3. 问题解决
1、chmod 700 /root
四、测试
在window10下cmd,输入ssh root@ip 地址即可