공개 키를 생성하고 액세스 서버를 사용하기 위해 Google에서 많은 검색을 한 후 이 질문을 게시했지만 public key다음 오류가 발생하여 여전히 문제를 해결할 수 없습니다.

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "192.168.12.2" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.12.2 [192.168.12.2] port 22.
debug1: Connection established.
debug1: identity file .ssh/authorized_keys type 1
debug1: key_load_public: No such file or directory
debug1: identity file .ssh/authorized_keys-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.12.2:22 as 'ansible'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: curve25519-sha256 need=16 dh_need=16
debug1: kex: curve25519-sha256 need=16 dh_need=16
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:YTd6SSDMsb3Qhn8EoF/otK+TY6DSAsahYvZxFErZJnQ
debug1: Host '192.168.12.2' is known and matches the ECDSA host key.
debug1: Found key in /home/ansible/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: .ssh/authorized_keys (0x560667b2de80), explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
This system is for the use of authorised users only.
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1003)

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1003)

debug2: we did not send a packet, disable method
debug1: Next authentication method: publickey
debug1: Offering RSA public key: .ssh/authorized_keys
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

server side - 192.168.12.2 - user:ansible

 chmod 700 .ssh/
 chmod 600 .ssh/*
 ssh-keygen
 ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
 /sbin/restorecon -r .ssh/

client side - 192.168.12.10 - user:ansible

chmod 700 .ssh/
chmod 600 .ssh/*
/sbin/restorecon -r .ssh/
/sbin/restorecon -r .ssh
ssh -vv -i .ssh/authorized_keys -o PasswordAuthentication=no [email protected]

sshd_config 파일에서는 PubkeyAuthentication yes클라이언트 측과 서버 측 모두에 설정됩니다.

키를 생성할 때 서버의 사용자 자격 증명이 확인되었으며 암호를 사용하거나 사용하지 않고 여러 번 시도했지만 운이 없었습니다.

발견된 문제의 대부분은 user ownership.. 두 사용자 모두 .ssh/ 디렉터리와 해당 파일에 대한 사용자 소유권(.ssh/ 디렉터리의 경우 700, .ssh/ 파일의 경우 600)을 갖고 있는지 확인했습니다.

restorecon시도했지만 운이 없었습니다.

제안한 대로 서버측 감사 로그를 확인하고 이를 발견했습니다.

type=USER_AUTH msg=audit(1593508901.404:87844): pid=26089 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="ansible" exe="/usr/sbin/sshd" hostname=? addr=192.168.12.10 terminal=ssh res=failed'

type=USER_ERR msg=audit(1593508901.408:87847): pid=26089 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:bad_ident grantors=? acct="?" exe="/usr/sbin/sshd" hostname=localhost addr=192.168.12.10 terminal=ssh res=failed'

type=USER_LOGIN msg=audit(1593508901.409:87851): pid=26089 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="ansible" exe="/usr/sbin/sshd" hostname=? addr=192.168.12.10 terminal=ssh res=failed'

journalctl _COMM=sshd서버에 다음과 같이 표시됩니다 .

Jun 30 10:21:41 localhost sshd[26089]: Connection closed by 192.168.12.10 port 47944 [preauth]