前景
看到这里肯定已经知道如何设置免密登陆。本文主要用于解决免密登陆设置失效问题。
ssh调试
目的
ssh设置了公钥仍然无法免密登陆; 需要调试
解决
通过systemctl status sshd的日志输出查看原因
步骤
打开调试
systemctl status sshd查看所在服务文件
$ sudo systemctl status sshd
● sshd.service - OpenSSH DaemonLoaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: disabled)Active: active (running) since Sun 2023-12-24 20:00:51 CST; 4s agoMain PID: 2565 (sshd)Tasks: 2 (limit: 9374)Memory: 2.4M (peak: 2.7M)CPU: 8msCGroup: /system.slice/sshd.service├─2522 "sshd: ch [net]"└─2565 "sshd: /usr/bin/sshd -D -d [listener] 0 of 10-100 startups"
- 修改
/usr/lib/systemd/system/sshd.service为debug模式
[Service]
# -d 调试
ExecStart=/usr/bin/sshd -D -d
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always
-
重新加载配置
sudo systemctl daemon-reload并执行sudo systemctl restart sshd重启; -
开始查看调试信息
$ sudo systemctl status sshd
● sshd.service - OpenSSH DaemonLoaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: disabled)Active: active (running) since Sun 2023-12-24 19:58:34 CST; 10s agoMain PID: 2516 (sshd)Tasks: 2 (limit: 9374)Memory: 2.0M (peak: 2.7M)CPU: 47msCGroup: /system.slice/sshd.service├─2516 "sshd: ch [priv]"└─2522 "sshd: ch [net]"Dec 24 19:58:44 ch sshd[2516]: debug1: PAM: setting PAM_RHOST to "192.168.1.15"
Dec 24 19:58:44 ch sshd[2516]: debug1: PAM: setting PAM_TTY to "ssh"
Dec 24 19:58:44 ch sshd[2516]: debug1: userauth-request for user ch service ssh-connection method publickey [preauth]
Dec 24 19:58:44 ch sshd[2516]: debug1: attempt 1 failures 0 [preauth]
Dec 24 19:58:44 ch sshd[2516]: debug1: userauth_pubkey: publickey test pkalg rsa-sha2-512 pkblob RSA SHA256:* [preauth]
Dec 24 19:58:44 ch sshd[2516]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
Dec 24 19:58:44 ch sshd[2516]: debug1: trying public key file /home/ch/.ssh/authorized_keys
Dec 24 19:58:44 ch sshd[2516]: Could not open user 'ch' authorized keys '/home/ch/.ssh/authorized_keys': Permission denied
最终方案
通过添加字段和修改权限;
$ sudo ls -la .ssh/
total 20
drwx------ 2 ch ch 4096 Dec 24 19:14 .
drwx------ 9 ch ch 4096 Dec 24 19:44 ..
-rw------- 1 ch ch 578 Dec 24 20:03 authorized_keys
-rwxrwxrwx 1 ch ch 2590 Dec 24 12:34 id_rsa
-rwxrwxrwx 1 ch ch 559 Dec 24 12:34 id_rsa.pub
.为0700, 即chmod 0700 .ssh, authorized_keys需要为0600;
和写锁writeLock())
)
