标签搜索

目 录CONTENT

文章目录

记录一次SSH免密登录配置不生效的问题

沙漠渔
2022-08-08 09:47:29 / 0 评论 / 2 点赞 / 1,673 阅读 / 4,540 字 / 正在检测是否收录...
温馨提示:
本文最后更新于 2022-08-08,若内容或图片失效,请留言反馈。部分素材来自网络,若不小心影响到您的利益,请联系我们删除。

场景说明

环境:docker容器
目的:通过ssh远程免密登录一台windows服务器。
问题原因:原本容器中配置了其他一台服务器的免密登录,担心对之前功能产生影响,所以在生成id_rsa文件的时候指定了文件名,未使用默认ssh-keygen配置。

配置SSH免密登录

假设场景为,机器 ssh免密登录server,如何进行配置。
下面的操作都是在执行登录的机器上进行的操作,不会涉及登录到server进行操作的情况。

  1. 机器上,终端中打开 ~/.ssh文件夹,如果不存在就创建该文件
  2. 使用ssh-keygen命令生成公钥和私钥。
  • 默认使用id_rsa文件,如果已经存在该文件,可以键入其他文件
~# ssh-keygen                           
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
  • 也可以直接使用ssh-keygen -f filename 命令指定文件名
  1. 使用 ssh-copy-id -i filename.pub user@IP 把公钥文件拷贝到server服务器,如ssh-copy-id -i rsa_work.pub [email protected]
  2. 如果这里不能登录,需要重启重启ssh服务
  • ubuntu重启ssh服务:/etc/init.d/ssh restart 或者 service sshd restart
  • Mac下重启ssh服务:先关闭,再启动
  • Mac下关闭ssh:sudo launchctl unload -w /System/Library/LaunchDaemons/ssh.plist
  • Mac下启动ssh服务:sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist
    正常情况下,通过上面的操作就可以直接直接通过ssh user@IP 的方式登录了,如果不能登录,通过下面的方法查看原因。

问题排查

如果ssh免密登陆配置已完成,但是使用ssh user@IP无法登录,可以使用ssh user@IP -v查看详细信息,找到原因并解决。一般出现这种情况主要是配置了多个key,在没有配置的情况下,系统会优先使用默认的,导致认证失败。

~# ssh -p22 [email protected] -v
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.1.10 [192.168.1.10] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.0
debug1: match: OpenSSH_9.0 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.10:22 as 'Administrator'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:rws9Ugdz1FSuotDCPu0jDqZH9rr7gajGKw/cE0YdMew
debug1: Host '[192.168.1.10]:22' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]>
debug1: kex_input_ext_info: [email protected] (unrecognised)
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:WlP5+M0QfCJHSs6UYi4Ea3NRoRlEApuA77uAMJAFRMM /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: RSA SHA256:T792PiRFYpW3jMfyqKQdtFfutL/LJ5X64w0RxNoJNvI root@dts-virtual-machine
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password

其实可以看到并未查找自己建立的文件的,所以,直接配置config文件即可。

问题解决

解决方式就是直接配置config文件。

配置方式可以如下:

Host 192.168.1.10
IdentityFile ~/.ssh/id_rsa_10

也可以:

Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_rsa_github
  IdentityFile ~/.ssh/id_rsa_work

这样就可以扫描到对应的文件,正常免密登录了。

2
广告 广告

评论区