linux—ssh使用ssh key登录,Permission denied (publickey,password).
参考:http://blog.csdn.net/hanhuili/article/details/11055293
1、在登录的客户端40.128配置如下
在登录的客户端40.128配置如下:
root@kali:/usr/share/pexpect-4.3.1# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0c:29:65:7c:6d
inet addr:192.168.40.128 Bcast:192.168.40.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe65:7c6d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:198268 errors:0 dropped:0 overruns:0 frame:0
TX packets:276180 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:49164151 (46.8 MiB) TX bytes:21281944 (20.2 MiB)
Interrupt:19 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:8149 errors:0 dropped:0 overruns:0 frame:0
TX packets:8149 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4799741 (4.5 MiB) TX bytes:4799741 (4.5 MiB)
root@kali:/usr/share/pexpect-4.3.1#
root@kali:~/python/anquangongji# ssh root@192.168.40.129
The authenticity of host '192.168.40.129 (192.168.40.129)' can't be established.
ECDSA key fingerprint is 82:05:83:c3:07:92:d4:d2:24:04:03:18:79:c7:77:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.40.129' (ECDSA) to the list of known hosts.
Permission denied (publickey,password).
root@kali:~/python/anquangongji# ssh root@192.168.40.129
Permission denied (publickey,password).
root@kali:~/python/anquangongji# cd ../../../
root@kali:/# cd ~/.ssh/
root@kali:~/.ssh# ls
known_hosts
root@kali:~/.ssh# sudo apt-get install openssh-server
正在读取软件包列表... 完成
正在分析软件包的依赖关系树
正在读取状态信息... 完成
下列软件包是自动安装的并且现在不需要了:
python-django
Use 'apt-get autoremove' to remove it.
将会安装下列额外的软件包:
openssh-client
建议安装的软件包:
ssh-askpass libpam-ssh keychain monkeysphere rssh molly-guard ufw
下列软件包将被升级:
openssh-client openssh-server
升级了 2 个软件包,新安装了 0 个软件包,要卸载 0 个软件包,有 390 个软件包未被升级。
需要下载 1,388 kB 的软件包。
解压缩后将会空出 160 kB 的空间。
您希望继续执行吗?[Y/n]y
获取:1 http://mirrors.163.com/debian-security/ wheezy/updates/main openssh-server i386 1:6.0p1-4+deb7u6 [343 kB]
获取:2 http://mirrors.163.com/debian-security/ wheezy/updates/main openssh-client i386 1:6.0p1-4+deb7u6 [1,044 kB]
下载 1,388 kB,耗时 2秒 (473 kB/s)
读取变更记录(changelogs)... 完成
正在预设定软件包 ...
(正在读取数据库 ... 系统当前共安装有 341075 个文件和目录。)
正预备替换 openssh-server 1:6.0p1-4+deb7u2 (使用 .../openssh-server_1%3a6.0p1-4+deb7u6_i386.deb) ...
正在解压缩将用于更替的包文件 openssh-server ...
正预备替换 openssh-client 1:6.0p1-4+deb7u2 (使用 .../openssh-client_1%3a6.0p1-4+deb7u6_i386.deb) ...
正在解压缩将用于更替的包文件 openssh-client ...
正在处理用于 man-db 的触发器...
正在设置 openssh-client (1:6.0p1-4+deb7u6) ...
正在设置 openssh-server (1:6.0p1-4+deb7u6) ...
insserv: warning: current start runlevel(s) (empty) of script `ssh' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (2 3 4 5) of script `ssh' overrides LSB defaults (empty).
insserv: warning: script 'ajaxterm' missing LSB tags and overrides
#在客户端生成shh的key(登录密码:1736*****(打码))
root@kali:~/.ssh#
root@kali:~/.ssh# ssh-keygen -t dsa -f ~/.ssh/id_dsa
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
2c:da:90:fd:b9:c1:20:1b:8b:89:f9:ba:70:ff:ae:39 root@kali
The key's randomart image is:
+--[ DSA 1024]----+
| |
| |
| |
| o . |
| = + S |
| o o O = . |
|+ + + . = |
|.o .E. o |
|oo. +=o . |
+-----------------+
root@kali:~/.ssh# ls
id_dsa id_dsa.pub known_hosts
root@kali:~/.ssh# sz -id_dsa.pub
sz: invalid option -- '_'
Try `sz --help' for more information.
#把linux 40.128客户端生成的id_dsa.pub使用sz -id_dsa.pub方法copy到windows机器上,再copy到linux 40.129的服务器上
root@kali:~/.ssh# sz --help
sz version 0.12.21rc
Usage: sz [options] file ...
or: sz [options] -{c|i} COMMAND
Send file(s) with ZMODEM/YMODEM/XMODEM protocol
(X) = option applies to XMODEM only
(Y) = option applies to YMODEM only
(Z) = option applies to ZMODEM only
-+, --append append to existing destination file (Z)
-2, --twostop use 2 stop bits
-4, --try-4k go up to 4K blocksize
--start-4k start with 4K blocksize (doesn't try 8)
-8, --try-8k go up to 8K blocksize
--start-8k start with 8K blocksize
-a, --ascii ASCII transfer (change CR/LF to LF)
-b, --binary binary transfer
-B, --bufsize N buffer N bytes (N==auto: buffer whole file)
-c, --command COMMAND execute remote command COMMAND (Z)
-C, --command-tries N try N times to execute a command (Z)
-d, --dot-to-slash change '.' to '/' in pathnames (Y/Z)
--delay-startup N sleep N seconds before doing anything
-e, --escape escape all control characters (Z)
-E, --rename force receiver to rename files it already has
-f, --full-path send full pathname (Y/Z)
-i, --immediate-command CMD send remote CMD, return immediately (Z)
-h, --help print this usage message
-k, --1k send 1024 byte packets (X)
-L, --packetlen N limit subpacket length to N bytes (Z)
-l, --framelen N limit frame length to N bytes (l>=L) (Z)
-m, --min-bps N stop transmission if BPS below N
-M, --min-bps-time N for at least N seconds (default: 120)
-n, --newer send file if source newer (Z)
-N, --newer-or-longer send file if source newer or longer (Z)
-o, --16-bit-crc use 16 bit CRC instead of 32 bit CRC (Z)
-O, --disable-timeouts disable timeout code, wait forever
-p, --protect protect existing destination file (Z)
-r, --resume resume interrupted file transfer (Z)
-R, --restricted restricted, more secure mode
-q, --quiet quiet (no progress reports)
-s, --stop-at {HH:MM|+N} stop transmission at HH:MM or in N seconds
--tcp-server open socket, wait for connection (Z)
--tcp-client ADDR:PORT open socket, connect to ... (Z)
-u, --unlink unlink file after transmission
-U, --unrestrict turn off restricted mode (if allowed to)
-v, --verbose be verbose, provide debugging information
-w, --windowsize N Window is N bytes (Z)
-X, --xmodem use XMODEM protocol
-y, --overwrite overwrite existing files
-Y, --overwrite-or-skip overwrite existing files, else skip
--ymodem use YMODEM protocol
-Z, --zmodem use ZMODEM protocol
short options use the same arguments as the long ones
root@kali:~/.ssh# sz id_dsa.pub
root@kali:~/.ssh#
^C
root@kali:~/.ssh#
2、在linux的服务器 40.129配置
在linux 40.129的服务器配置:
root@kali:~/.ssh#
root@kali:~/.ssh# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0c:29:ee:b2:1f
inet addr:192.168.40.129 Bcast:192.168.40.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feee:b21f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:917 errors:0 dropped:0 overruns:0 frame:0
TX packets:743 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:377348 (368.5 KiB) TX bytes:103578 (101.1 KiB)
Interrupt:19 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:32 errors:0 dropped:0 overruns:0 frame:0
TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1920 (1.8 KiB) TX bytes:1920 (1.8 KiB)
root@kali:~/.ssh#
root@kali:~/python# sudo apt-get install openssh-server
正在读取软件包列表... 完成
正在分析软件包的依赖关系树
正在读取状态信息... 完成
openssh-server 已经是最新的版本了。
升级了 0 个软件包,新安装了 0 个软件包,要卸载 0 个软件包,有 0 个软件包未被升级。
root@kali:~/python# cd ~/.ssh/
root@kali:~/.ssh# ls
known_hosts
root@kali:~/.ssh# rz #使用sz文件操作copy客户端40.128的id_dsa.pub公钥文件
root@kali:~/.ssh# ls
id_dsa.pub known_hosts
root@kali:~/.ssh# cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
root@kali:~/.ssh# ls
authorized_keys id_dsa.pub known_hosts
root@kali:~/.ssh# vi /etc/ssh/sshd_config
root@kali:~/.ssh#
root@kali:~/.ssh#3、再到客户端 40.128使用ssh root@192.168.40.129登录40.129服务器(登录密码:1736*****(打码))
root@kali:~/.ssh# ssh root@192.168.40.129
Enter passphrase for key '/root/.ssh/id_dsa':
Linux kali 3.18.0-kali1-686-pae #1 SMP Debian 3.18.3-1~kali4 (2015-01-22) i686
The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun Dec 24 13:21:51 2017 from 192.168.40.1
#成功登录服务器40.129
root@kali:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0c:29:ee:b2:1f
inet addr:192.168.40.129 Bcast:192.168.40.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feee:b21f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:832 errors:0 dropped:0 overruns:0 frame:0
TX packets:661 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:369544 (360.8 KiB) TX bytes:94338 (92.1 KiB)
Interrupt:19 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:24 errors:0 dropped:0 overruns:0 frame:0
TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1440 (1.4 KiB) TX bytes:1440 (1.4 KiB)
root@kali:~# ^C
root@kali:~#
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
