我正在使用这个 .ssh/config:
Host myserver
HostName 12.34.67.89
User anyuser
IdentityFile /root/.ssh/anything_rsa
但是运行ssh myserver
会返回Permission denied (publickey)
错误。
为什么不使用给定的身份文件 ( root/.ssh/anything_rsa
)?相反,它似乎使用/root/.ssh/id_rsa
OpenSSH_7.0p1, OpenSSL 1.0.1r 28 Jan 2016
debug1: Connecting to myserver [12.34.67.89] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to myserver:22 as 'admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: XXXXX
debug1: Host 'myserver' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:4
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
跑步ssh -v -i /root/.ssh/anything_rsa -l anyuser myserver
是有效的。所以似乎配置文件没有正确使用......我根本不明白......
您帖子下方的评论表明这
/root/.ssh
是指向另一个目录的符号链接。我从来没有理由使用符号链接的 .ssh 目录,但我相当肯定 ssh 将完全忽略不属于相关用户的 .ssh 目录,或者是组可读或全球可读的。IOW,它必须是所有权chown root
和chmod 0700
权限。我的预感是/etc/config/ssh
符号链接的目标目录(更新:您在这篇文章下方的评论表明,尽管您引用的
IdentityFile
是 root 的 .ssh 目录中的一个,但您实际上并没有以 root 身份运行。下面的部分已经过编辑,以反映您的用户名admin
。出于故障排除的目的,请考虑尝试:
然后再试一次。
您需要
IdentitiesOnly yes
在您的~/.ssh/config
(或全局/etc/ssh/ssh_config
)中设置,否则也会尝试所有其他可用的身份。仅使用
IdentitiesOnly yes
定义的身份IdentityFile
(和定义的证书CertificateFile
)(如果未在命令行上传递)。