ssh 信任关系失效该怎么排查,这是我这两天遇到的问题。
A、B两台服务器已建立A-->B SSH信任关系,可是在登录A 无密码登录B时,提示还要输入密码,这我很纠结。本来已经建立的信任关系,为何还要输入密码。 当时由于是在凌晨,就没有继续追查问题根源。
今天,从网上找了找关于信任失效的帖子,比较少,大部分还是如何建立SSH信任关系。
回到SSH命令参数上来找寻线索。
ssh options:
-l login_name 如:ssh -l davis serverA
-v Verbose mode. Causes ssh to print debugging messages about its progress. This is helpful in debugging connection, authentication, and configuration problems. Multiple -v optionsincrease the verbosity. The maximum is 3 (这个选项可以打印行程中的出错信息)
-p port Port to connect to on the remote host. This can be specified on a per-host basis in the configuration file.
当SSH信任关系失效时,用ssh -vv localhost/serverA 查看详细的信息。
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/felix021/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/felix021/.ssh/id_dsa
debug1: Trying private key: /home/felix021/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
6. Check the permissions on your home directory, .ssh directory, and the authorized_keys file: If your ssh server is running with ‘StrictModes on’, it will refuse to use your public keys in the ~/.ssh/authorized_keys file. Your home directory should be writable only by you, ~/.ssh should be 700, and authorized_keys should be 600.
通过执行 /usr/sbin/sshd -d -p 2222 (在2222端口启动一个带debug输出的sshd) ,然后 ssh -vv localhost -p 2222 或ssh -vv serverA -p 2222 ,可以看到sshd输出行
如果SSH信任关系失效重现,找一下原因并补充相关信息。