ssh-copy-id后基于密钥的身份验证不起作用时该怎么办

by Arit Amana

通过阿里特·阿马纳(Arit Amana)

ssh-copy-id后基于密钥的身份验证不起作用时该怎么办 (What to do when key-based authentication isn’t working after ssh-copy-id)

I recently provisioned a Ubuntu virtual private server (VPS) on Vultr. I’m partial to CentOS myself, but the task I was working on recommended Ubuntu.

我最近在Vultr上配置了Ubuntu虚拟专用服务器(VPS)。 我本人也偏爱CentOS，但我正在研究的任务推荐使用Ubuntu。

To set up key-based authentication from my laptop to the server,

要设置从笔记本电脑到服务器的基于密钥的身份验证，

• I generated a new SSH keypair (named “ubuntu”) on my Mac using the command: ssh-keygen -t rsa -b 4096

  我使用以下命令在Mac上生成了一个新的SSH密钥对(名为“ ubuntu”)： ssh-keygen -t rsa -b 4096

• I then used the ssh-copy-id utility to copy my public key over to the authorized_keys file on my Vultr VPS: ssh-copy-id -i .ssh/ubuntu aritdev@123.456.789.000

  然后，我使用ssh-copy-id实用程序将我的公钥复制到Vultr VPS上的authorized_keys文件中： ssh-copy-id -i .ssh/ubuntu aritdev@123.456.789.000

As I expected, the utility asked for my VPS password in order to complete the public key transfer. When all was done, I attempted to login to my VPS.

如我所料，该实用程序要求我提供VPS密码以完成公钥传输。 完成所有操作后，我尝试登录到VPS。

It should have let me through without requiring a password:

它应该让我通过而无需输入密码：

ssh -i .ssh/ubuntu aritdev@123.456.789.000

ssh -i .ssh/ubuntu aritdev@123.456.789.000

But I kept getting prompted for a password. ?

但是我一直提示输入密码。 ？

• I checked my authorized_keys file over on the VPS to make sure my public key had been copied over correctly. Check. ??

  我在VPS上检查了我的authorized_keys文件，以确保正确复制了我的公钥。 检查一下 ??

• I made sure that the file was read-write only for myself and none others. Check. ??
  我确保该文件仅对我本人和其他人是读写的。 检查一下 ??

• I made sure that the following options were enabled in /etc/ssh/sshd_config:PubkeyAuthentication yes and AuthorizedKeysFile .ssh/authorized_keys. Check. ??

  我确保在/etc/ssh/sshd_config中启用了以下选项： PubkeyAuthentication yes和AuthorizedKeysFile .ssh/authorized_keys 。 检查一下 ??

Still, I kept getting prompted for a password upon login from my laptop.

不过，从笔记本电脑登录后，我仍然不断提示输入密码。

After a few minutes on StackOverflow, I learned about Encrypted Home Directories, which are default in some environments, including Ubuntu.

在StackOverflow上花了几分钟之后，我了解了Encrypted Home Directories，在某些环境(包括Ubuntu)中默认使用该目录。

Encrypted home directories aren’t decrypted until the initial login is successful. However, my authorized_keys file is stored in my home directory.

在初始登录成功之前，不会解密已加密的主目录。 但是，我的authorized_keys文件存储在我的主目录中。

Therefore, my first connection attempt will require a password. Subsequent connections will succeed without a password, since the SSH service will then be able to read my authorized_keys file in my decrypted home directory.

因此，我的第一次连接尝试将需要密码。 随后的连接将在没有密码的情况下成功进行，因为SSH服务将能够读取解密后的主目录中的我的authorized_keys文件。

To get around this, I created a directory named after my username aritdev outside of my home directory (I chose /etc/), and gave it full permissions for myself, but read-execute permissions for everyone else. Next, I moved my authorized_keys file into /etc/aritdev/. Then, I updated the AuthorizedKeysFile parameter in /etc/ssh/sshd_config:

为了解决这个问题，我在主目录(我选择了/etc/ )之外创建了一个以用户名aritdev命名的目录，并为其赋予了全部权限，但为其他所有人赋予了读取执行权限。 接下来，我将我的authorized_keys文件移动到/etc/aritdev/ 。 然后，我在/etc/ssh/sshd_config更新了AuthorizedKeysFile参数：

AuthorizedKeysFile /etc/%u/authorized_keys

AuthorizedKeysFile /etc/%u/authorized_keys

Finally, I restarted the SSH service. To test, I logged out of my VPS, then attempted to log back in. BOOM - it worked! ??

最后，我重新启动了SSH服务。 为了进行测试，我注销了VPS，然后尝试重新登录。BOOM-它起作用了！ ??

What issues related to server authentication have you experienced? How did you solve them? Please share below! ??

您遇到了与服务器身份验证有关的哪些问题？ 您是如何解决它们的？ 请在下面分享！ ??

翻译自: https://www.freecodecamp.org/news/key-based-authentication-not-working-after-ssh-copy-id-abef7f401d23/