ssh信任关系失效如何排查

ssh 信任关系失效该怎么排查，这是我这两天遇到的问题。

A、B两台服务器已建立A-->B SSH信任关系，可是在登录A 无密码登录B时，提示还要输入密码，这我很纠结。本来已经建立的信任关系，为何还要输入密码。 当时由于是在凌晨，就没有继续追查问题根源。

今天，从网上找了找关于信任失效的帖子，比较少，大部分还是如何建立SSH信任关系。

回到SSH命令参数上来找寻线索。

ssh options:

-l  login_name  如:ssh -l davis  serverA

-v Verbose mode. Causes ssh to print debugging messages about its progress.  This is helpful in debugging connection, authentication, and configuration problems.  Multiple -v optionsincrease the verbosity.  The maximum is 3  （这个选项可以打印行程中的出错信息）

-p port  Port to connect to on the remote host.  This can be specified on a per-host basis in the          configuration file.

当SSH信任关系失效时，用ssh -vv localhost/serverA  查看详细的信息。

引用

....
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/felix021/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/felix021/.ssh/id_dsa
debug1: Trying private key: /home/felix021/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password

引用

2.  Debugging on the remote host by running sshd in debug mode: Run ‘/usr/sbin/sshd -d -p 2222′ on the remote host and connect to it. ’2222′ here is the port number of the sshd process you started on the remote host.

6.  Check the permissions on your home directory, .ssh directory, and the authorized_keys file: If your ssh server is running with ‘StrictModes on’, it will refuse to use your public keys in the ~/.ssh/authorized_keys file. Your home directory should be writable only by you, ~/.ssh should be 700, and authorized_keys should be 600.

通过执行 /usr/sbin/sshd -d -p 2222 （在2222端口启动一个带debug输出的sshd） ，然后 ssh -vv localhost -p 2222 或ssh -vv serverA -p 2222 ，可以看到sshd输出行  

如果SSH信任关系失效重现,找一下原因并补充相关信息。

在此感谢 http://www.felix021.com/blog/read.php?2085 

转载于:https://my.oschina.net/davisqi/blog/78536