我需要使用 ssh tectia 设置无密码根访问。我做了以下事情:
- 像往常一样通过 ssh-keygen 创建密钥对
- 将私钥复制到
*source_host*:/etc/opt/SSHtectia/keys/root. 我还在那里创建了文件/etc/opt/SSHtectia/keys/root/identification并指定了私钥。 - 将公钥复制到
*target_host*:/etc/opt/SSHtectia/keys/root. 我还在那里创建了文件/etc/opt/SSHtectia/keys/root/authorization并指定了公钥。
尝试登录时,我看到该密钥已被接受,但登录被拒绝
Feb 25 11:52:42 targethost ssh-server-g3: 400 Connect, Policy name: connection, Src: sourcehost.my.domain,sourcehost, Src IP: x.x.7.131, Dst IFace: default, Dst IP: x.x.7.151, Src Port: 38158, Dst Port: 22, Ver: SSH-2.0-6.3.8.79 SSH Secure Shell, Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 1002 Algorithm_negotiation_success, "kex_algorithm=diffie-hellman-group1-sha1, hostkey_algorithm=ssh-rsa, cipher=aes128-cbc/aes128-cbc, mac=hmac-sha1/hmac-sha1, compression=none/none", Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 703 Auth_methods_available, Username: root, Auth methods: publickey, Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 707 Publickey_auth_success, Username: root, Algorithm: publickey, "The user's public key matched the key (/etc/opt/SSHtectia/keys/root/authorized_11.pub, fingerprint xozel-pezer-sacok-vunud-horim-ropuc-milaf-nobip-setuc-zedar-boxex/bd7afcbc846e24252f8b29181f3940ac771f49b0) in the user's authorization file (/etc/opt/SSHtectia/keys/root/authorization)", Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 700 Auth_method_success, Username: root, Auth method: publickey, Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 702 Auth_methods_completed, Username: root, Auth methods: publickey, Src IP: x.x.7.131, Src Port: 38158, Ver: SSH-2.0-6.3.8.79 SSH Secure Shell, Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 410 Login_success, Username: root, Src: sourcehost.my.domain,sourcehost, Src IP: x.x.7.131, Dst IFace: default, Dst IP: x.x.7.151, Src Port: 38158, Dst Port: 22, Ver: SSH-2.0-6.3.8.79 SSH Secure Shell, Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 420 Session_channel_open, Username: root, Error: Denied by policy, Command: shell, Sub ID: 0, Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 421 Session_channel_close, Username: root, Sub ID: 0, Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 412 Logout, Username: root, Reason: By application, Src: sourcehost.my.domain,sourcehost, Src IP: x.x.7.131, Dst IFace: default, Dst IP: x.x.7.151, Src Port: 38158, Dst Port: 22, "Connection discarded by broker, Remote Disconnect", Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 402 Disconnect, Reason: By application, Src: sourcehost.my.domain,sourcehost, Src IP: x.x.7.131, Dst IFace: default, Dst IP: x.x.7.151, Src Port: 38158, Dst Port: 22, "Connection discarded by broker, Remote Disconnect", Session-Id: 288135
非 root 无密码登录工作正常。
从您得到的错误中:
似乎身份验证有效,但随后用户被拒绝 shell 或终端访问。
这是因为在管理员的规则组中,您有:
terminal action="deny".您需要将规则更改
terminal action为“允许”in the ssh-server-config.xml for组=“管理员”`。如ssh-server-config.xml 中的配置设置中所述,当终端访问被拒绝时,用户无权访问命令 shell。