인터넷을 검색하여 왜 여전히 비밀번호 없는 원격 서버 액세스를 얻을 수 없는지에 대해 많은 해결 방법을 시도했지만 제대로 작동하지 않는 것 같습니다.
SSH 키를 생성하고 원격 서버에 복사하려면 다음 단계를 수행했습니다.
- 먼저, 로컬 서버와 원격 서버에 더 이상 등록 키가 없도록
authorized_key
& 파일을 정리했습니다 .known_hosts
그런 다음 SSH 키를 만들기 시작하고 아래에 입력했습니다.
ssh-keygen -t rsa -f ~/.ssh/local_key
Enter를 누른 후의 결과는 다음과 같습니다.
Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/local_key. Your public key has been saved in /home/user/.ssh/local_key.pub. The key fingerprint is: SHA256:yZ3CgQ2CtyMJHyvkGFyZNQ5U7XX1RzD8SOm9bxCbODg user@myserver The key's randomart image is: +---[RSA 2048]----+ |. o=*+o .ooo.| |oooo+..= . . =o | |++ = oo + . o =.| |o.= o + + . + +| | . . . S o. . +.| | .E o +. | | . . ..| | o| | . | +----[SHA256]-----+
그런 다음 공개 키를 원격 서버에 복사합니다.
ssh-copy-id -i ~/.ssh/local_key.pub user@myremoteserver
그런 다음 메시지가 표시되어 비밀번호를 입력했습니다.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user/.ssh/local_key.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@myremoteserver's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'user@myremoteserver'"
and check to make sure that only the key(s) you wanted were added.
ssh 'user@myremoteserver'
파일을 실행 하거나 복사 해 보았 scp
으나 여전히 비밀번호가 필요합니다.
편집하다: 명령을 실행한 후의 출력입니다.ssh -v user@myremoteserver
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to myremoteserver [10.1.250.174] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: kex: [email protected] need=20 dh_need=20
debug1: kex: [email protected] need=20 dh_need=20
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 7c:ef:fc:81:8a:02:35:8f:c2:a6:5a:fb:af:ef:9e:95
debug1: Host 'myremoteserver' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:6
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:54339)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:54339)
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Trying private key: /home/user/.ssh/id_ed25519
debug1: Next authentication method: password
user@myremoteserver's password:
고쳐 쓰다:
제안한대로 권한 700 .ssh
과 600을 추가했습니다 authorized_keys
. 이 스크립트를 실행하면 ssh-copy-id -i ~/.ssh/local_key.pub user@myremoteserver
다음과 같은 결과가 나타납니다.
The authenticity of host 'myremoteserver (10.1.250.174)' can't be established.
ECDSA key fingerprint is 7c:ef:fc:81:8a:02:35:8f:c2:a6:5a:fb:af:ef:9e:95.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@myremoteserver's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'user@myremoteserver'"
and check to make sure that only the key(s) you wanted were added.
결국, 나는 여전히 비밀번호를 묻는 메시지를 받습니다. :(
답변1
답변2
대상 서버에서 SELinux가 활성화되어 있는지 확인할 수 있습니다.