ssh-copy-idコマンドが成功した後もパスワードなしでログインできません。

ssh-copy-idコマンドが成功した後もパスワードなしでログインできません。

インターネットを検索して、なぜまだパスワードのないリモートサーバーアクセスを取得できないのかについて多くの解決策を試しましたが、うまく機能しないようです。

SSHキーを生成してリモートサーバーにコピーするには、次の手順を実行しました。

  1. まず、ローカルサーバーとリモートサーバーに登録キーがなくなるようにauthorized_key&ファイルを整理しました。known_hosts
  2. その後、SSHキーの作成を開始し、以下に入力しました。

    ssh-keygen -t rsa -f ~/.ssh/local_key

Enterを押した後の結果は次のとおりです。

Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/local_key. Your public key has been saved in /home/user/.ssh/local_key.pub. The key fingerprint is: SHA256:yZ3CgQ2CtyMJHyvkGFyZNQ5U7XX1RzD8SOm9bxCbODg user@myserver The key's randomart image is: +---[RSA 2048]----+ |. o=*+o .ooo.| |oooo+..= . . =o | |++ = oo + . o =.| |o.= o + + . + +| | . . . S o. . +.| | .E o +. | | . . ..| | o| | . | +----[SHA256]-----+

  1. 次に公開鍵をリモートサーバーにコピーします。

    ssh-copy-id -i ~/.ssh/local_key.pub user@myremoteserver

  2. その後、メッセージが表示され、パスワードを入力しました。

     /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user/.ssh/local_key.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@myremoteserver's password:

    Number of key(s) added: 1

    Now try logging into the machine, with:   "ssh 'user@myremoteserver'"
and check to make sure that only the key(s) you wanted were added.

ssh 'user@myremoteserver'ファイルを実行またはコピーしてみましたscpが、まだパスワードが必要です。

編集する:コマンド実行後の出力です。ssh -v user@myremoteserver

OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to myremoteserver [10.1.250.174] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: kex: [email protected] need=20 dh_need=20
debug1: kex: [email protected] need=20 dh_need=20
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 7c:ef:fc:81:8a:02:35:8f:c2:a6:5a:fb:af:ef:9e:95
debug1: Host 'myremoteserver' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:6
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:54339)

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:54339)

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Trying private key: /home/user/.ssh/id_ed25519
debug1: Next authentication method: password
user@myremoteserver's password:

修正する:

提案したように、権限700.sshと600を追加しましたauthorized_keys。このスクリプトを実行すると、ssh-copy-id -i ~/.ssh/local_key.pub user@myremoteserver次の結果が表示されます。

The authenticity of host 'myremoteserver (10.1.250.174)' can't be established.
ECDSA key fingerprint is 7c:ef:fc:81:8a:02:35:8f:c2:a6:5a:fb:af:ef:9e:95.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@myremoteserver's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'user@myremoteserver'"
and check to make sure that only the key(s) you wanted were added.

結局のところ、私はまだパスワードの入力を求められます。 :(

答え1

sshデフォルトで使用されるキーはです.ssh/id_rsa.pub

ssh -i ~/.ssh/local_key.pub user@myremoteserver状況に合わせてください。

.ssh/configsshが特定のサーバーに特定のキーを使用するように調整できます。

バラより私の答え到着エマルジョンスニペットは必要なすべてのステップを一度に完了できます。

答え2

ターゲットサーバーでSELinuxが有効になっていることを確認できます。

関連情報