나는 두 개의 데비안(11과 12) 시스템을 가지고 있습니다. 키를 통해 서버 A에서 서버 B로의 SSH 액세스를 확인하기 위해 이 비디오를 따르려고 합니다.https://www.youtube.com/watch?v=vINn1MIrf7o. 키를 사용해 보았으나 여전히 비밀번호를 묻는 메시지가 나타납니다.
서버 A: 키 생성 및 권한 확인
$ ssh-keygen -a ed25519 -f ~/.ssh/id_ed25519 -C "email@address"
$ ssh-copy-id USERNAME-B@SERVER-B
$ cat /home/USERNAME-A/.ssh/id_ed25519.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnsoixDlpGFTrBRfoV+flboh7rIFvAphI6xRe4G+3HO email@address
$ ls -l /home/USERNAME-A/.ssh
total 16
-rw------- 1 USERNAME-A USERNAME-A 111 Sep 25 16:51 authorized_keys
-rwx------ 1 USERNAME-A USERNAME-A 411 Sep 25 00:48 id_ed25519
-rwx------ 1 USERNAME-A USERNAME-A 97 Sep 25 00:48 id_ed25519.pub
-rwx------ 1 USERNAME-A USERNAME-A 444 Sep 25 16:05 known_hosts
서버 B: 키 및 권한 확인
$ cat /home/USERNAME-B/.ssh/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnsoixDlpGFTrBRfoV+flboh7rIFvAphI6xRe4G+3HO email@address
$ ls -l /home/USERNAME-B/.ssh/
total 12
-rw------- 1 USERNAME-B USERNAME-B 214 Sep 25 16:52 authorized_keys
-rwx------ 1 USERNAME-B USERNAME-B 97 Sep 25 15:16 id_ed25519.pub
-rwx------ 1 USERNAME-B USERNAME-B 142 Sep 25 00:38 known_hosts.old
서버 A: SSH를 통해 서버 B에 연결
$ ssh -v USERNAME-B@SERVER-B
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.0.98 [192.168.0.98] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2
debug1: match: OpenSSH_9.2p1 Debian-2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.0.98:22 as 'internalrouter01'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:jsyFKXsTm5jC6GpM49Z9NdZTqaynwadcD80118n8/ck
debug1: Host '192.168.0.98' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:5
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:3fj8TFQ7RMRBsWyjPvTUYQWGvhMcmEGxM/9Bh5hCIdE
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-dss,ssh-rsa,rsa-sha2-256,rsa-sha2-512>
debug1: kex_input_ext_info: [email protected] (unrecognised)
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:3fj8TFQ7RMRBsWyjPvTUYQWGvhMcmEGxM/9Bh5hCIdE
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
이 구성이 작동하려면 어떻게 해야 하는지 모르겠습니다. 팁이 있으면 알려주시기 바랍니다. 권한 문제에 대해 조사하고 추측해 보았지만 그럴 것 같지도 않고 나에게는 특별한 것도 아니지만 다시 말하지만, 나는 여전히 일반적으로 ssh를 디버깅하는 데 익숙하지 않습니다.
편집 1: (더 이상 서버 이름을 USERNAME-B 등으로 바꾸지 않습니다.)
답장하다 엠마 루오
$ ls -ld / /home /home/USERNAME-B/ /home/USERNAME-B/.ssh
drwxr-xr-x 18 root root 4096 Sep 22 15:42 /
drwxr-xr-x 4 root root 4096 Sep 22 23:03 /home
drwx------ 4 USERNAME-B USERNAME-B 4096 Sep 24 21:54 /home/USERNAME-B/
drwx------ 2 USERNAME-B USERNAME-B 4096 Sep 25 16:32 /home/USERNAME-B/.ssh
답장하다 질 케노(Gilles Quénot)
필요에 따라 권한을 업데이트했지만 소용이 없습니다.
root@home-ok-ir01p:/home/internalrouter01# chmod 700 /home/internalrouter01/.ssh/
root@home-ok-ir01p:/home/internalrouter01# chmod 600 /home/internalrouter01/.ssh/*
root@home-ok-ir01p:/home/internalrouter01# ls -ld / /home /home/internalrouter01/ /home/internalrouter01/.ssh
drwxr-xr-x 18 root root 4096 Sep 22 15:42 /
drwxr-xr-x 4 root root 4096 Sep 22 23:03 /home
drwx------ 4 internalrouter01 internalrouter01 4096 Sep 24 21:54 /home/internalrouter01/
drwx------ 2 internalrouter01 internalrouter01 4096 Sep 25 16:32 /home/internalrouter01/.ssh
내 SSH 구성
root@HomeNAS:/home/homenas# cat /etc/ssh/sshd_config
Include /etc/ssh/sshd_config.d/*.conf
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
sshd다음은 최신 항목입니다 /var/log/auth.log.
root@home-ok-ir01p:/home/internalrouter01# tail -40 /var/log/auth.log | grep ssh
2023-09-25T17:31:38.020752-05:00 home-ok-ir01p sshd[8418]: pam_unix(sshd:session): session closed for user root
2023-09-25T18:05:45.894039-05:00 home-ok-ir01p sshd[11468]: fatal: Timeout before authentication for 192.168.0.109 port 49624
2023-09-25T19:13:37.747404-05:00 home-ok-ir01p sshd[12124]: Connection closed by authenticating user internalrouter01 192.168.0.109 port 36860 [preauth]
2023-09-25T19:26:50.115306-05:00 home-ok-ir01p sshd[12253]: Connection closed by authenticating user internalrouter01 192.168.0.109 port 33018 [preauth]
이것은 내 서버입니다 /etc/ssh/sshd_config.
Include /etc/ssh/sshd_config.d/*.conf
ListenAddress 0.0.0.0
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
chmod권한
고객 반품
root@home-ok-ir01p:/home/internalrouter01# env | grep '^SSH'
SSH_CONNECTION=10.7.0.2 35516 192.168.0.98 22
SSH_CLIENT=10.7.0.2 35516 22
SSH_TTY=/dev/pts/1
더 이상 비밀번호를 허용하지 않도록 변경한 것 외에는 현재 변경된 사항이 없습니다( ).ssh -v [email protected]PasswordAuthentication no