ssh-copy-id 명령이 성공한 후에도 비밀번호 없이 로그인할 수 없습니다.

ssh-copy-id 명령이 성공한 후에도 비밀번호 없이 로그인할 수 없습니다.

인터넷을 검색하여 왜 여전히 비밀번호 없는 원격 서버 액세스를 얻을 수 없는지에 대해 많은 해결 방법을 시도했지만 제대로 작동하지 않는 것 같습니다.

SSH 키를 생성하고 원격 서버에 복사하려면 다음 단계를 수행했습니다.

  1. 먼저, 로컬 서버와 원격 서버에 더 이상 등록 키가 없도록 authorized_key& 파일을 정리했습니다 .known_hosts
  2. 그런 다음 SSH 키를 만들기 시작하고 아래에 입력했습니다.

    ssh-keygen -t rsa -f ~/.ssh/local_key

Enter를 누른 후의 결과는 다음과 같습니다.

Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/local_key. Your public key has been saved in /home/user/.ssh/local_key.pub. The key fingerprint is: SHA256:yZ3CgQ2CtyMJHyvkGFyZNQ5U7XX1RzD8SOm9bxCbODg user@myserver The key's randomart image is: +---[RSA 2048]----+ |. o=*+o .ooo.| |oooo+..= . . =o | |++ = oo + . o =.| |o.= o + + . + +| | . . . S o. . +.| | .E o +. | | . . ..| | o| | . | +----[SHA256]-----+

  1. 그런 다음 공개 키를 원격 서버에 복사합니다.

    ssh-copy-id -i ~/.ssh/local_key.pub user@myremoteserver

  2. 그런 다음 메시지가 표시되어 비밀번호를 입력했습니다.

     /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user/.ssh/local_key.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@myremoteserver's password:

    Number of key(s) added: 1

    Now try logging into the machine, with:   "ssh 'user@myremoteserver'"
and check to make sure that only the key(s) you wanted were added.

ssh 'user@myremoteserver'파일을 실행 하거나 복사 해 보았 scp으나 여전히 비밀번호가 필요합니다.

편집하다: 명령을 실행한 후의 출력입니다.ssh -v user@myremoteserver

OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to myremoteserver [10.1.250.174] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: kex: [email protected] need=20 dh_need=20
debug1: kex: [email protected] need=20 dh_need=20
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 7c:ef:fc:81:8a:02:35:8f:c2:a6:5a:fb:af:ef:9e:95
debug1: Host 'myremoteserver' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:6
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:54339)

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:54339)

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Trying private key: /home/user/.ssh/id_ed25519
debug1: Next authentication method: password
user@myremoteserver's password:

고쳐 쓰다:

제안한대로 권한 700 .ssh과 600을 추가했습니다 authorized_keys. 이 스크립트를 실행하면 ssh-copy-id -i ~/.ssh/local_key.pub user@myremoteserver다음과 같은 결과가 나타납니다.

The authenticity of host 'myremoteserver (10.1.250.174)' can't be established.
ECDSA key fingerprint is 7c:ef:fc:81:8a:02:35:8f:c2:a6:5a:fb:af:ef:9e:95.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@myremoteserver's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'user@myremoteserver'"
and check to make sure that only the key(s) you wanted were added.

결국, 나는 여전히 비밀번호를 묻는 메시지를 받습니다. :(

답변1

ssh기본적으로 사용되는 키는 입니다 .ssh/id_rsa.pub.

ssh -i ~/.ssh/local_key.pub user@myremoteserver상황에 맞춰야 합니다.

.ssh/configssh가 특정 서버에 대해 특정 키를 사용하도록 조정할 수 있습니다 .

바라보다내 대답도착하다유제스니펫은 필요한 모든 단계를 한 번에 완료할 수 있습니다.

답변2

대상 서버에서 SELinux가 활성화되어 있는지 확인할 수 있습니다.

관련 정보