主页 / unix / 问题 / 515909
Accepted
user3142695
Asked: 2019-04-28 11:45:22 +0800 CST

SSH:权限被拒绝,因为未使用给定的 IdentityFile

  • 772

我正在使用这个 .ssh/config:

Host myserver
    HostName 12.34.67.89
    User anyuser
    IdentityFile /root/.ssh/anything_rsa

但是运行ssh myserver会返回Permission denied (publickey)错误。

为什么不使用给定的身份文件 ( root/.ssh/anything_rsa)?相反,它似乎使用/root/.ssh/id_rsa

OpenSSH_7.0p1, OpenSSL 1.0.1r  28 Jan 2016
debug1: Connecting to myserver [12.34.67.89] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to myserver:22 as 'admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: XXXXX
debug1: Host 'myserver' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:4
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).

跑步ssh -v -i /root/.ssh/anything_rsa -l anyuser myserver是有效的。所以似乎配置文件没有正确使用......我根本不明白......

ssh openssh

2 个回答

  1. Best Answer

    您帖子下方的评论表明这/root/.ssh是指向另一个目录的符号链接。我从来没有理由使用符号链接的 .ssh 目录,但我相当肯定 ssh 将完全忽略不属于相关用户的 .ssh 目录,或者是组可读或全球可读的。IOW,它必须是所有权chown rootchmod 0700权限。我的预感是/etc/config/ssh符号链接的目标目录(

    更新:您在这篇文章下方的评论表明,尽管您引用的IdentityFile是 root 的 .ssh 目录中的一个,但您实际上并没有以 root 身份运行。下面的部分已经过编辑,以反映您的用户名admin

    出于故障排除的目的,请考虑尝试:

    cd ~admin
mkdir .ssh
chmod 700 .ssh
cp -RLp /etc/config/ssh/* .ssh
chown -R admin .ssh

    然后再试一次。

    • 2

  2. 您需要IdentitiesOnly yes在您的~/.ssh/config(或全局/etc/ssh/ssh_config)中设置,否则也会尝试所有其他可用的身份。

    仅使用IdentitiesOnly yes定义的身份IdentityFile(和定义的证书CertificateFile)(如果未在命令行上传递)。

    Host myserver
    HostName 12.34.67.89
    User anyuser
    IdentitiesOnly yes
    IdentityFile /root/.ssh/anything_rsa
    • 2

相关问题