SSH密钥认证看错了地方?
我对Linux世界很新,我正在建立一个Ubuntu服务器16.04。
我能够使用ssh-keygen生成密钥并将密钥保存在/home/ther4nd0moo/.ssh/id_rsa
然后我使用ssh-copy-id ther4nd0moo@my_ip并确保authorized_keys文件位于正确的位置。
当我在另一台计算机上使用ssh -v ther4nd0moo@my_ip时,会弹出一些奇怪的东西(至少对我来说)
OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.0.0.189 [10.0.0.189] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/edgar/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/edgar/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/edgar/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/edgar/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/edgar/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/edgar/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/edgar/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/edgar/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 10.0.0.189:22 as 'need206' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:YzQwUoOherHwxOOhzEhue7ecx+OMi0FpmIcSONi8X1o debug1: Host '10.0.0.189' is known and matches the ECDSA host key. debug1: Found key in /home/edgar/.ssh/known_hosts:3 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/edgar/.ssh/id_rsa debug1: Trying private key: /home/edgar/.ssh/id_dsa debug1: Trying private key: /home/edgar/.ssh/id_ecdsa debug1: Trying private key: /home/edgar/.ssh/id_ed25519 debug1: No more authentication methods to try. Permission denied (publickey).
让我烦恼的是它是如何在/home/edgar/寻找身份文件和私钥的(edgar是我在安装服务器时输入的名字)。 为了解决这个问题,从/home/ther4nd0mmoo/.ssh复制了密钥内容并创建了文件夹/home/edgar/.ssh ,这可能是为什么它Found key in /home/edgar/.ssh/known_hosts:3有消息Found key in /home/edgar/.ssh/known_hosts:3但我仍然无法访问服务器。
我试过ssh -i /home/ther4nd0moo/.ssh/id_rsa ther4nd0moo@my_ip ,我的终端说它not accessible: No such file or directory
难道我做错了什么?
SSH密钥的工作方式是在本地计算机上使用私钥,并在远程计算机上使用相应的公钥。
所以 – 当你运行ssh-keygen时,你创建了2个键:Private( ~/.ssh/id_rsa )和Public( ~/.ssh/id_rsa.pub )。
您需要将Pubic密钥文件( ~/.ssh/id_rsa.pub )的内容从本地计算机~/.ssh/id_rsa.pub到远程计算机上的~/.ssh/authorizedkeys文件中。 只需将其添加到新行。
如果您从不同的本地计算机登录到远程计算机,则需要将id_rsa文件从原始计算机复制到第二台本地计算机,或者(更好)为第二台计算机创建另一个私钥/公钥对本地计算机,然后将第二台计算机的公钥复制到远程服务器。
远程服务器可以在~/.ssh/authorizedkeys拥有任意数量的~/.ssh/authorizedkeys ,并且(我相信)为每台本地计算机设置不同的密钥对是一种很好的做法。
如果您需要从REMOTE机器ssh到另一台机器(例如,如果您必须从远程机器ssh回到您的笔记本电脑),那么您将使用它自己的私钥/公钥对设置REMOTE机器,并复制远程机器的笔记本电脑~/.ssh/authorizedkeys文件的~/.ssh/authorizedkeys 。
可以这样想:每台机器都有一把门钥匙(私钥),每台其他机器都有一个钥匙孔(authorizedkeys文件) – 如果另一台机器有钥匙孔设置,你可以获得访问权限。 要反向工作,您需要设置另一个键和锁孔设置。 (可能没有很好解释 – 但我希望它有所帮助!)。
ssh-copy-id命令基本上只是一个快捷命令,可以手动保存。
我个人更喜欢手动复制公钥,因为我喜欢用艰难的方式做事。 ;)