by Arit Amana
通过阿里特·阿马纳(Arit Amana)
ssh-copy-id后基于密钥的身份验证不起作用时该怎么办 (What to do when key-based authentication isn’t working after ssh-copy-id)
I recently provisioned a Ubuntu virtual private server (VPS) on Vultr. I’m partial to CentOS myself, but the task I was working on recommended Ubuntu.
我最近在Vultr上配置了Ubuntu虚拟专用服务器(VPS)。 我本人也偏爱CentOS,但我正在研究的任务推荐使用Ubuntu。
To set up key-based authentication from my laptop to the server,
要设置从笔记本电脑到服务器的基于密钥的身份验证,
I generated a new SSH keypair (named “ubuntu”) on my Mac using the command:
ssh-keygen -t rsa -b 4096
我使用以下命令在Mac上生成了一个新的SSH密钥对(名为“ ubuntu”):
ssh-keygen -t rsa -b 4096
I then used the
ssh-copy-id
utility to copy my public key over to theauthorized_keys
file on my Vultr VPS:ssh-copy-id -i .ssh/ubuntu aritdev@123.456.789.000
然后,我使用
ssh-copy-id
实用程序将我的公钥复制到Vultr VPS上的authorized_keys
文件中:ssh-copy-id -i .ssh/ubuntu aritdev@123.456.789.000
As I expected, the utility asked for my VPS password in order to complete the public key transfer. When all was done, I attempted to login to my VPS.
如我所料,该实用程序要求我提供VPS密码以完成公钥传输。 完成所有操作后,我尝试登录到VPS。
It should have let me through without requiring a password:
它应该让我通过而无需输入密码:
ssh -i .ssh/ubuntu aritdev@123.456.789.000
ssh -i .ssh/ubuntu aritdev@123.456.789.000
But I kept getting prompted for a password. ?
但是我一直提示输入密码。 ?
I checked my
authorized_keys
file over on the VPS to make sure my public key had been copied over correctly. Check. ??我在VPS上检查了我的
authorized_keys
文件,以确保正确复制了我的公钥。 检查一下 ??- I made sure that the file was read-write only for myself and none others. Check. ?? 我确保该文件仅对我本人和其他人是读写的。 检查一下 ??
I made sure that the following options were enabled in
/etc/ssh/sshd_config
:PubkeyAuthentication yes
andAuthorizedKeysFile .ssh/authorized_keys
. Check. ??我确保在
/etc/ssh/sshd_config
中启用了以下选项:PubkeyAuthentication yes
和AuthorizedKeysFile .ssh/authorized_keys
。 检查一下 ??
Still, I kept getting prompted for a password upon login from my laptop.
不过,从笔记本电脑登录后,我仍然不断提示输入密码。
After a few minutes on StackOverflow, I learned about Encrypted Home Directories, which are default in some environments, including Ubuntu.
在StackOverflow上花了几分钟之后,我了解了Encrypted Home Directories,在某些环境(包括Ubuntu)中默认使用该目录。
Encrypted home directories aren’t decrypted until the initial login is successful. However, my authorized_keys
file is stored in my home directory.
在初始登录成功之前,不会解密已加密的主目录。 但是,我的authorized_keys
文件存储在我的主目录中。
Therefore, my first connection attempt will require a password. Subsequent connections will succeed without a password, since the SSH service will then be able to read my authorized_keys
file in my decrypted home directory.
因此,我的第一次连接尝试将需要密码。 随后的连接将在没有密码的情况下成功进行,因为SSH服务将能够读取解密后的主目录中的我的authorized_keys
文件。
To get around this, I created a directory named after my username aritdev
outside of my home directory (I chose /etc/
), and gave it full permissions for myself, but read-execute permissions for everyone else. Next, I moved my authorized_keys
file into /etc/aritdev/
. Then, I updated the AuthorizedKeysFile
parameter in /etc/ssh/sshd_config
:
为了解决这个问题,我在主目录(我选择了/etc/
)之外创建了一个以用户名aritdev
命名的目录,并为其赋予了全部权限,但为其他所有人赋予了读取执行权限。 接下来,我将我的authorized_keys
文件移动到/etc/aritdev/
。 然后,我在/etc/ssh/sshd_config
更新了AuthorizedKeysFile
参数:
AuthorizedKeysFile /etc/%u/authorized_keys
AuthorizedKeysFile /etc/%u/authorized_keys
Finally, I restarted the SSH service. To test, I logged out of my VPS, then attempted to log back in. BOOM - it worked! ??
最后,我重新启动了SSH服务。 为了进行测试,我注销了VPS,然后尝试重新登录。BOOM-它起作用了! ??
What issues related to server authentication have you experienced? How did you solve them? Please share below! ??
您遇到了与服务器身份验证有关的哪些问题? 您是如何解决它们的? 请在下面分享! ??