用命令将公钥上传到服务器后:
ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
登录时还提示要输入密码, ssh -vvv remote-host, 显示如下详情:
debug3: load_hostkeys: loading entries for host "xxx.xxx.xxx.xxx" from file "/home/kai/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/kai/.ssh/known_hosts:7
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'xxx.xxx.xxx.xxx' is known and matches the RSA host key.
debug1: Found key in /home/kai/.ssh/known_hosts:7
debug2: bits set: 1528/3072
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/kai/.ssh/id_rsa (0x7f8a46bd30e0),
debug2: key: /home/kai/.ssh/id_dsa ((nil)),
debug2: key: /home/kai/.ssh/id_ecdsa ((nil)),
debug2: key: /home/kai/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/kai/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/kai/.ssh/id_dsa
debug3: no such identity: /home/kai/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/kai/.ssh/id_ecdsa
debug3: no such identity: /home/kai/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/kai/.ssh/id_ed25519
debug3: no such identity: /home/kai/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
xxx@xxx.xxx.xxx.xxx's password:
打开服务器的 /etc/ssh/sshd_config
确认下面几行是这样的:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
还是无效, 查看 /var/log/secure:
13:49:23 bj008 sshd[21424]: Authentication refused: bad ownership or modes for directory /home/xxx
是权限问题,用户权限和组权限都要设置对才行. 正确的权限设置如下, 权限不能过高也不能过低:
chmod g-w /home/your_user # 或 chmod 0755 /home/your_user
chmod 700 /home/your_user/.ssh
chmod 600 /home/your_user/.ssh/authorized_keys
重启sshd服务
参考:
http://www.daveperrett.com/articles/2010/09/14/ssh-authentication-refused/