Vous avez essayé de configurer la connexion SSH transparente sur plusieurs serveurs, mais vous rencontrez des problèmes car, après avoir copié la clé publique, le SSH de l'hôte demande toujours le mot de passe. Voici ce que je faisaisLa connexion transparente openssh ne fonctionne pas
[[email protected] .ssh]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
e9:e9:b4:e5:50:7b:9b:f6:3f:d5:65:52:39:9c:ba:38 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| . o|
| =.|
| ...|
| . .. o|
| S . . .oo|
| . o E . o|
| = o o .|
| o = ..o . |
| o ..o...o|
+-----------------+
Et puis recopié l'identifiant à l'hôte
[[email protected] .ssh]# ssh-copy-id app3
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
\S
Kernel \r on an \m
Password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'app3'"
and check to make sure that only the key(s) you wanted were added.
Mais quand j'essaie de me connecter alors il ne fonctionne pas (demande de mot de passe) -
[[email protected] .ssh]# ssh 'app3'
\S
Kernel \r on an \m
Password:
Je ne devrais pas voir l'invite 'Mot de passe:'. Apparemment, quelque chose ne va pas.
Voici la version de ssh qui est en cours d'exécution:
[[email protected] ~]# ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013
Ajout de la sortie de ssh -vvv app3
ci-dessous:
debug3: load_hostkeys: loading entries for host "172.27.36.104" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1 keys
debug1: Host '172.27.36.104' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:5
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa (0x7f471042f250),
debug2: key: /root/.ssh/id_dsa ((nil)),
debug2: key: /root/.ssh/id_ecdsa (0x7f4710433730),
debug2: key: /root/.ssh/id_ed25519 ((nil)),
debug3: input_userauth_banner
\S
Kernel \r on an \m
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
debug1: Offering ECDSA public key: /root/.ssh/id_ecdsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_ed25519
debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
J'ai vérifié 1. et 2. et ils étaient conformes à ce que vous aviez suggéré. La sortie verbeuse a été ajoutée ci-dessus à la question. – rks
Apparemment, il est lié à l'utilisateur 'root' essayant de faire une connexion transparente. – rks
Je pense, si c'est un problème avec l'autorisation de root pour le message de connexion, il est autre. Message c'est "pas une telle identité: /root/.ssh/XXXXX: Aucun fichier ou répertoire". Je regarde sur le serveur distant si /root/.ssh/authorized_keys a un id_rsa.pub sur le serveur local. – abkrim