我有一个受密码保护的 SSH 密钥。仅通过 SSH 密钥对服务器进行身份验证,禁用密码身份验证。服务器和我的桌面都运行 Ubuntu 14.04,并且使用该密钥和服务器进行身份验证已经过测试并且可以正常工作。
我的目标是cron通过rsync. 我计划在服务器上创建一个新的“备份用户”(具有有限的权限),并在我的桌面上运行 cron,以将文件复制到服务器作为第二个用户。这应该可以避免必须为我的主要 SSH 密钥输入密码的问题。
我的问题是,当我尝试ssh-copy-id将第二个 SSH 密钥连接到服务器时,我不断收到“权限被拒绝(公钥)”错误。
SSH 密钥(公钥和私钥)均已创建并位于~/.ssh/我的桌面上。用户“backups-user”已在服务器上创建,但我还不能以该用户身份登录。
我是不是以错误的方式解决这个问题,还是有更好的方法来自动化我想做的事情?
这是输出ssh -v:
tom@desktop:~$ ssh -v [email protected]
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to XX.XX.XX.XX [XX.XX.XX.XX] port 22.
debug1: Connection established.
debug1: identity file /home/tom/.ssh/id_rsa type -1
debug1: identity file /home/tom/.ssh/id_rsa-cert type -1
debug1: identity file /home/tom/.ssh/id_dsa type -1
debug1: identity file /home/tom/.ssh/id_dsa-cert type -1
debug1: identity file /home/tom/.ssh/id_ecdsa type -1
debug1: identity file /home/tom/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/tom/.ssh/id_ed25519 type -1
debug1: identity file /home/tom/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA (redacted)
debug1: Host 'XX.XX.XX.XX' is known and matches the ECDSA host key.
debug1: Found key in /home/tom/.ssh/known_hosts:2
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: tom@Desktop
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: tom@Desktop
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/tom/.ssh/id_rsa
debug1: Trying private key: /home/tom/.ssh/id_dsa
debug1: Trying private key: /home/tom/.ssh/id_ecdsa
debug1: Trying private key: /home/tom/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
ssh-copy-id基本上启动 SSH 连接并复制任何丢失的密钥。然而,问题在于启动 SSH 连接。由于只允许公钥认证,服务器只能接受公钥backups-user。但是,服务器上没有相关的 SSH 密钥backup-user。因此,没有人(远程)可以以backups-user.您将需要临时允许密码身份验证或将公钥文件复制到您的主目录并
sudo cp id_rsa.pub ~backups-user/.ssh/authorized_keys在服务器上使用将公钥复制到该用户的主目录。