当前位置:  开发笔记 > 运维 > 正文

权限被拒绝(公钥,键盘交互)

如何解决《权限被拒绝(公钥,键盘交互)》经验,为你挑选了3个好方法。

我尝试使用ssh连接到planetlab节点.它会抛出像Permission denied(publickey,键盘交互式)这样的错误.这是什么意思?这是例外的冗长.

> OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL
> 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for * debug2:
> ssh_connect: needpriv 0 debug1:
> Connecting to planetlab1.csee.usf.edu
> [131.247.2.241] port 22. debug1:
> Connection established. debug1:
> permanently_set_uid: 0/0 debug3: Not a
> RSA1 key file /home/keven/.ssh/id_rsa.
> debug2: key_type_from_name: unknown
> key type '-----BEGIN' debug3:
> key_read: missing keytype debug2:
> key_type_from_name: unknown key type
> 'Proc-Type:' debug3: key_read: missing
> keytype debug2: key_type_from_name:
> unknown key type 'DEK-Info:' debug3:
> key_read: missing keytype debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug2:
> key_type_from_name: unknown key type
> '-----END' debug3: key_read: missing
> keytype debug1: identity file
> /home/keven/.ssh/id_rsa type 1 debug1:
> Checking blacklist file
> /usr/share/ssh/blacklist.RSA-2048
> debug1: Checking blacklist file
> /etc/ssh/blacklist.RSA-2048 debug1:
> Remote protocol version 2.0, remote
> software version OpenSSH_4.7 debug1:
> match: OpenSSH_4.7 pat OpenSSH_4*
> debug1: Enabling compatibility mode
> for protocol 2.0 debug1: Local version
> string SSH-2.0-OpenSSH_5.1p1
> Debian-5ubuntu1 debug2: fd 3 setting
> O_NONBLOCK debug1: SSH2_MSG_KEXINIT
> sent debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit:
> ssh-rsa,ssh-dss debug2:
> kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> none,zlib@openssh.com,zlib debug2:
> kex_parse_kexinit:
> none,zlib@openssh.com,zlib debug2:
> kex_parse_kexinit:  debug2:
> kex_parse_kexinit:  debug2:
> kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0 
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit:
> ssh-rsa,ssh-dss debug2:
> kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> none,zlib@openssh.com debug2:
> kex_parse_kexinit:
> none,zlib@openssh.com debug2:
> kex_parse_kexinit:  debug2:
> kex_parse_kexinit:  debug2:
> kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0 
> debug2: mac_setup: found hmac-md5
> debug1: kex: server->client aes128-cbc
> hmac-md5 none debug2: mac_setup: found
> hmac-md5 debug1: kex: client->server
> aes128-cbc hmac-md5 none debug1:
> SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
> sent debug1: expecting
> SSH2_MSG_KEX_DH_GEX_GROUP debug2:
> dh_gen_key: priv key bits set: 128/256
> debug2: bits set: 508/1024 debug1:
> SSH2_MSG_KEX_DH_GEX_INIT sent debug1:
> expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug3: check_host_in_hostfile:
> filename /root/.ssh/known_hosts
> debug3: check_host_in_hostfile: match
> line 1 debug3: check_host_in_hostfile:
> filename /root/.ssh/known_hosts
> debug3: check_host_in_hostfile: match
> line 2 debug1: Host
> 'planetlab1.csee.usf.edu' is known and
> matches the RSA host key. debug1:
> Found key in /root/.ssh/known_hosts:1
> debug2: bits set: 535/1024 debug1:
> ssh_rsa_verify: signature correct
> debug2: kex_derive_keys debug2:
> set_newkeys: mode 1 debug1:
> SSH2_MSG_NEWKEYS sent debug1:
> expecting SSH2_MSG_NEWKEYS debug2:
> set_newkeys: mode 0 debug1:
> SSH2_MSG_NEWKEYS received debug1:
> SSH2_MSG_SERVICE_REQUEST sent debug2:
> service_accept: ssh-userauth debug1:
> SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /home/keven/.ssh/id_rsa
> (0xb80c9878) debug1: Authentications
> that can continue:
> publickey,keyboard-interactive debug3:
> start over, passed a different list
> publickey,keyboard-interactive debug3:
> preferred
> gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred:
> keyboard-interactive,password debug3:
> authmethod_is_enabled publickey
> debug1: Next authentication method:
> publickey debug1: Offering public key:
> /home/keven/.ssh/id_rsa debug3:
> send_pubkey_test debug2: we sent a
> publickey packet, wait for reply
> debug1: Authentications that can
> continue:
> publickey,keyboard-interactive debug2:
> we did not send a packet, disable
> method debug3: authmethod_lookup
> keyboard-interactive debug3: remaining
> preferred: password debug3:
> authmethod_is_enabled
> keyboard-interactive debug1: Next
> authentication method:
> keyboard-interactive debug2:
> userauth_kbdint debug2: we sent a
> keyboard-interactive packet, wait for
> reply debug1: Authentications that can
> continue:
> publickey,keyboard-interactive debug3:
> userauth_kbdint: disable: no
> info_req_seen debug2: we did not send
> a packet, disable method debug1: No
> more authentication methods to try.
> Permission denied
> (publickey,keyboard-interactive).

小智.. 27

您可能需要仔细检查authorized_keys文件权限:

$ chmod 600 ~/.ssh/authorized_keys

较新的SSH服务器版本在这方面非常挑剔.



1> 小智..:

您可能需要仔细检查authorized_keys文件权限:

$ chmod 600 ~/.ssh/authorized_keys

较新的SSH服务器版本在这方面非常挑剔.


这个答案应该是特色.几乎关于"Permission denied(publickey)"问题的每个答案都提到了配置,而这实际上也是问题所在.
并且目标用户不能在其主目录上拥有组写权限,这在sshd的日志中显示"身份验证被拒绝:目录/ home/username的错误所有权或模式"

2> 小智..:

您需要更改sshd_config远程服务器中的文件(可能在/etc/ssh/sshd_config).

更改

PasswordAuthentication no

PasswordAuthentication yes

然后重启sshd守护进程.



3> ire_and_curs..:

服务器首先尝试通过公钥对您进行身份验证.这不起作用(我猜你没有设置一个),所以它然后回到'键盘互动'.然后它应该要求您输入密码,这可能是您没有做对的.你看到密码了吗?


我不小心设置了错误的私钥权限(`--w -------`).使用`ssh-add -L`来显示你是否设置了一个密钥,如果没有,请使用`ssh-add`来添加它.
我已经设置了公钥.另外,它根本不会提示我输入密码.
有关这方面的任何决议吗?我现在正经历着类似的痛苦,并希望这个问题可能会得出一些答案......
推荐阅读
pan2502851807
这个屌丝很懒,什么也没留下!
DevBox开发工具箱 | 专业的在线开发工具网站    京公网安备 11010802040832号  |  京ICP备19059560号-6
Copyright © 1998 - 2020 DevBox.CN. All Rights Reserved devBox.cn 开发工具箱 版权所有