记录一次SSH免密登录配置不生效的问题

场景说明

环境：docker容器
目的：通过ssh远程免密登录一台windows服务器。
问题原因：原本容器中配置了其他一台服务器的免密登录，担心对之前功能产生影响，所以在生成id_rsa文件的时候指定了文件名，未使用默认ssh-keygen配置。

配置SSH免密登录

假设场景为，机器 ssh免密登录server，如何进行配置。
下面的操作都是在执行登录的机器上进行的操作，不会涉及登录到server进行操作的情况。

1. 机器上，终端中打开 ~/.ssh文件夹，如果不存在就创建该文件
2. 使用ssh-keygen命令生成公钥和私钥。

• 默认使用id_rsa文件，如果已经存在该文件，可以键入其他文件

~# ssh-keygen                           
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 

• 也可以直接使用ssh-keygen -f filename 命令指定文件名

3. 使用 ssh-copy-id -i filename.pub user@IP 把公钥文件拷贝到server服务器，如ssh-copy-id -i rsa_work.pub root@172.22.5.75
4. 如果这里不能登录，需要重启重启ssh服务

• ubuntu重启ssh服务：/etc/init.d/ssh restart 或者 service sshd restart
• Mac下重启ssh服务：先关闭，再启动
• Mac下关闭ssh：sudo launchctl unload -w /System/Library/LaunchDaemons/ssh.plist
• Mac下启动ssh服务：sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist
  正常情况下，通过上面的操作就可以直接直接通过ssh user@IP 的方式登录了，如果不能登录，通过下面的方法查看原因。

问题排查

如果ssh免密登陆配置已完成,但是使用ssh user@IP无法登录，可以使用ssh user@IP -v查看详细信息,找到原因并解决。一般出现这种情况主要是配置了多个key，在没有配置的情况下，系统会优先使用默认的，导致认证失败。

~# ssh -p22 Administrator@192.168.1.10 -v
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.1.10 [192.168.1.10] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.0
debug1: match: OpenSSH_9.0 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.10:22 as 'Administrator'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:rws9Ugdz1FSuotDCPu0jDqZH9rr7gajGKw/cE0YdMew
debug1: Host '[192.168.1.10]:22' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com (unrecognised)
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:WlP5+M0QfCJHSs6UYi4Ea3NRoRlEApuA77uAMJAFRMM /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: RSA SHA256:T792PiRFYpW3jMfyqKQdtFfutL/LJ5X64w0RxNoJNvI root@dts-virtual-machine
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password

其实可以看到并未查找自己建立的文件的，所以，直接配置config文件即可。

问题解决

解决方式就是直接配置config文件。

配置方式可以如下：

Host 192.168.1.10
IdentityFile ~/.ssh/id_rsa_10

也可以:

Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_rsa_github
  IdentityFile ~/.ssh/id_rsa_work

这样就可以扫描到对应的文件，正常免密登录了。