나는 나 자신을 숙련된 UNIX/Linux 시스템 관리자라고 생각하지만 Solaris 11에서 해결할 수 없는 어려운 SSH 문제를 겪고 있습니다. :)
root@server1:/root/.ssh/id_rsa.pub
파일을 다음 위치에 복사 했습니다 .
root@server2:/root/.ssh/authorized_keys
oracle@server2:/home/oracle/.ssh/authorized_keys
원격으로 로그인하거나 oracle@server2 명령을 실행하는 데에는 문제가 없습니다.
root@server2에 대한 비밀번호 프롬프트가 계속 나타납니다.
server2에서 "sshd -d"(디버그 모드)를 실행하고 server1에서 "ssh root@server2 uptime"을 실행하면 암호 프롬프트가 표시되고 Ctrl-C를 눌러 중단할 때까지 server2에서 다음이 표시됩니다.
server2# /usr/lib/ssh/sshd -d
debug1: sshd version Sun_SSH_2.2
debug1: key_load_private: loading /etc/ssh/ssh_host_rsa_key
debug1: ssh_kmf_check_uri: /etc/ssh/ssh_host_rsa_key
debug1: read PEM private key done: type RSA
debug1: Private host key #0 of type 1 (RSA).
debug1: key_load_private: loading /etc/ssh/ssh_host_dsa_key
debug1: ssh_kmf_check_uri: /etc/ssh/ssh_host_dsa_key
debug1: read PEM private key done: type DSA
debug1: Private host key #1 of type 2 (DSA).
debug1: Creating a global KMF session.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
Connection from 10.71.4.10 port 21911
debug1: Client protocol version 2.0; client software version Sun_SSH_2.2
debug1: match: Sun_SSH_2.2 pat Sun_SSH_2.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_2.2
monitor debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: Reloading X.509 host keys to avoid PKCS#11 fork issues.
monitor debug1: reading the context from the child
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: My KEX proposal before adding the GSS KEX algorithm:
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: My KEX proposal I sent to the peer:
debug1: KEX proposal I received from the peer:
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
debug1: Peer sent proposed langtags, ctos: en-US
debug1: Peer sent proposed langtags, stoc: en-US
debug1: We proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: We proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: Negotiated main locale: en_US.UTF-8
debug1: Negotiated messages locale: en_US.UTF-8
debug1: Host key type is 1.
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 252/512
debug1: bits set: 2051/4095
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 2036/4095
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
Failed none for root from 10.71.4.10 port 21911 ssh2
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 1 initial attempt 0 failures 0 initial failures 0
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: Test whether the public key is acceptable.
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
debug1: restore_uid: 0/0
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 2 initial attempt 0 failures 0 initial failures 0
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: We received a signature in the user auth packet.
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
debug1: restore_uid: 0/0
debug1: ssh_rsa_verify: signature correct
Failed publickey for root from 10.71.4.10 port 21911 ssh2
debug1: userauth-request for user root service ssh-connection method keyboard-interactive
debug1: attempt 3 initial attempt 0 failures 2 initial failures 0
debug1: keyboard-interactive devs
Connection closed by 10.71.4.10
debug1: Calling cleanup 0x2df78(0xec5010)
debug1: Calling cleanup 0x262a8(0xece938)
debug1: Calling cleanup 0x53590(0x0)
monitor debug1: child closed the communication pipe before user auth was finished
monitor debug1: Calling cleanup 0x53590(0x0)
monitor debug1: Calling cleanup 0x53590(0x0)
SSH 서버 구성에 대한 추가 정보:
server2# diff /root/.ssh/authorized_keys /home/oracle/.ssh/authorized_keys
server2#
server2# ls -l /root/.ssh/authorized_keys /home/oracle/.ssh/authorized_keys
-rw------- 1 oracle dba 396 Aug 29 08:53 /home/oracle/.ssh/authorized_keys
-rw------- 1 root root 396 Aug 29 08:53 /root/.ssh/authorized_keys
server2# ls -ld /root /home/oracle
drwxr-xr-x 30 oracle dba 69 Aug 20 06:13 /home/oracle
drwx------ 22 root root 43 Aug 29 08:52 /root
server2# ls -ld /root/.ssh /home/oracle/.ssh
drwx--x--x 2 root root 5 Mar 20 2014 /home/oracle/.ssh
drwx--x--x 2 root root 3 Aug 29 08:53 /root/.ssh
server2# grep Root /etc/ssh/sshd_config
PermitRootLogin yes
ssh root@server2 uptime
다음은 server1에서 시도했을 때 원격 서버 server2의 /var/log/authlog를 보여줍니다.
Aug 30 09:46:48 db01 sshd[11916]: [ID 800047 auth.debug] debug1: Forked child 13172.
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.info] Connection from 10.71.4.10 port 28154
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: Client protocol version 2.0; client software version Sun_SSH_2.2
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: match: Sun_SSH_2.2 pat Sun_SSH_2.*
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: Enabling compatibility mode for protocol 2.0
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: Local version string SSH-2.0-Sun_SSH_2.2
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: list_hostkey_types: ssh-rsa,ssh-dss
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Reloading X.509 host keys to avoid PKCS#11 fork issues.
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: reading the context from the child
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: use_engine is 'yes'
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: pkcs11 engine initialization complete
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: list_hostkey_types: ssh-rsa,ssh-dss
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: My KEX proposal before adding the GSS KEX algorithm:
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEXINIT sent
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEXINIT received
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: My KEX proposal I sent to the peer:
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: KEX proposal I received from the peer:
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: kex: client->server aes128-ctr hmac-sha2-256 none
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: kex: server->client aes128-ctr hmac-sha2-256 none
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Peer sent proposed langtags, ctos: en-US
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Peer sent proposed langtags, stoc: en-US
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: We proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: We proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Negotiated main locale: en_US.UTF-8
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Negotiated messages locale: en_US.UTF-8
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Host key type is 1.
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: dh_gen_key: priv key bits set: 267/512
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: bits set: 2056/4095
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: bits set: 2053/4095
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: set_newkeys: setting new keys for 'out' mode
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_NEWKEYS sent
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: expecting SSH2_MSG_NEWKEYS
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: set_newkeys: setting new keys for 'in' mode
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_NEWKEYS received
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: KEX done
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method none
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.info] Failed none for root from 10.71.4.10 port 28154 ssh2
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method publickey
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 1 initial attempt 0 failures 0 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Test whether the public key is acceptable.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: temporarily_use_uid: 0/0 (e=0/0)
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: trying public key file /root/.ssh/authorized_keys
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.info] Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: restore_uid: 0/0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method publickey
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 2 initial attempt 0 failures 0 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: We received a signature in the user auth packet.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: temporarily_use_uid: 0/0 (e=0/0)
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: trying public key file /root/.ssh/authorized_keys
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.info] Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: restore_uid: 0/0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_rsa_verify: signature correct
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.notice] Failed publickey for root from 10.71.4.10 port 28154 ssh2
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method keyboard-interactive
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 3 initial attempt 0 failures 2 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: keyboard-interactive devs
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.info] Connection closed by 10.71.4.10
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Calling cleanup 0x2df78(0x34f960)
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Calling cleanup 0x262a8(0x3592f8)
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Calling cleanup 0x53590(0x0)
Aug 30 09:46:51 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: child closed the communication pipe before user auth was finished
Aug 30 09:46:51 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: Calling cleanup 0x53590(0x0)
Aug 30 09:46:51 db01 last message repeated 1 time
또한 아래에서는 "ssh -v -v -v root@server2"를 사용하여 server1에서 server2에 연결할 때 server1(원래 서버)의 출력을 보여줍니다.
server1# ssh -v -v -v root@server2
Sun_SSH_2.2, SSH protocols 1.5/2.0, OpenSSL 0x1000110f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to db01 [10.65.4.139] port 22.
debug1: Connection established.
debug1: ssh_kmf_check_uri: /root/.ssh/identity
debug1: Identity file/URI '/root/.ssh/identity' pubkey type UNKNOWN
debug1: ssh_kmf_check_uri: /root/.ssh/id_rsa
debug3: Not a RSA1 key file /root/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: Identity file/URI '/root/.ssh/id_rsa' pubkey type ssh-rsa
debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa
debug1: Identity file/URI '/root/.ssh/id_dsa' pubkey type UNKNOWN
debug1: Logging to host: db01
debug1: Local user: root Remote user: root
debug1: Remote protocol version 2.0, remote software version Sun_SSH_2.2
debug1: match: Sun_SSH_2.2 pat Sun_SSH_2.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_2.2
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Creating a global KMF session.
debug1: My KEX proposal before adding the GSS KEX algorithm:
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,x509v3-sign-rsa,x509v3-sign-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
)
debug1: SSH2_MSG_KEXINIT sent
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug1: SSH2_MSG_KEXINIT received
debug1: My KEX proposal I sent to the peer:
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,x509v3-sign-rsa,x509v3-sign-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: KEX proposal I received from the peer:
debug2: kex_parse_kexinit: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug2: kex_parse_kexinit: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha2-256
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug2: mac_setup: found hmac-sha2-256
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
debug1: Peer sent proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: Peer sent proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: We proposed langtags, ctos: en-US
debug1: We proposed langtags, stoc: en-US
debug1: Negotiated lang: en-US
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: en_US.UTF-8
debug1: Remote: Negotiated messages locale: en_US.UTF-8
debug1: dh_gen_key: priv key bits set: 262/512
debug1: bits set: 2025/4095
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug3: check_host_in_hostfile: match line 17
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug3: check_host_in_hostfile: match line 17
debug1: Host 'db01' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:17
debug1: bits set: 2075/4095
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug2: set_newkeys: mode 1
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug2: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
)
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: ssh_kmf_check_uri: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: Trying public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277 lastkey 73cee8 hint 1
debug3: Pubkey type from SSH_MSG_USERAUTH_PK_OK is ssh-rsa.
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug2: input_userauth_pk_ok: fp 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
debug3: sign_and_send_pubkey
debug1: ssh_kmf_check_uri: /root/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 14 padlen 18 extra_pad 64)
Connection closed by 10.65.4.139
debug1: Calling cleanup 0x418a8(0x0)
답변1
root@server1:/root/.ssh/id_rsa.pub 파일을 다음 위치에 복사했습니다. root@server2:/root/.ssh/authorized_keys
복사하는 방법에 따라 다릅니다.
그래서 키를 복사하는 것이 중요합니다아니요로그인 세션 간에 잘라내어 붙여넣기. "scp"를 사용하여 id_rsa.pub 키를 server1에서 server2로 복사하세요.
scp 루트@서버1:/root/.ssh/id_rsa.pub 루트@서버2:/root/.ssh/authorized_keys
홈 디렉토리에 대한 권한이 너무 공개되어 있지 않은지 확인하십시오. 이는 sshd에 의해 시스템 로그에 보고됩니다.
출력과 관련하여 다음이 표시될 수 있습니다(ssh -v -v -v root@server2).
key_read: 키를 찾을 수 없습니다
id_rsa 키가 잘못된 것 같습니다. ssh-keygen을 실행하여 유효한 키를 생성하고 pub-key를 다시 추가해 보세요.
답변2
로그에 따르면 ssh-rsa를 사용하고 있습니다. ssh-keygen -t rsa
공개 키를 생성하는 데 사용되었을 수 있습니다.
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
로그에서는 DSA 알고리즘을 사용하려고 합니다.
debug1: Trying private key: /root/.ssh/id_dsa
debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
공개 키를 생성하려면 DSA 알고리즘을 사용해 보세요.
ssh-keygen -t dsa
ssh-copy-id -i /root/.ssh/id_dsa.pub server2