linux – 不允许用户通过SSH登录(Bash,OpenSSH,CentOS 6.5)
发布时间:2020-12-13 17:13:33 所属栏目:Linux 来源:网络整理
导读:我通过SSH远程运行CentOS 6.5计算机.我使用RSA密钥并禁用密码验证.我遇到的问题是,每当我添加一个新用户并希望他/她通过SSH登录时,他们就会被拒绝访问. 起初这似乎是一个简单的问题.这些是我已经尝试过的: 检查pub键是否有明显错误 确保authorized_keys和?/
|
我通过SSH远程运行CentOS 6.5计算机.我使用RSA密钥并禁用密码验证.我遇到的问题是,每当我添加一个新用户并希望他/她通过SSH登录时,他们就会被拒绝访问.
起初这似乎是一个简单的问题.这些是我已经尝试过的: >检查pub键是否有明显错误 这是我在sshd_config中设置的内容: PermitRootLogin no AllowUsers keving moman muser 这就是我的日志告诉我的: Login attempted when not in AllowUsers list:
muser : 3 Time(s)
root : 127 Time(s)
为什么SSH不允许登录,而AllowUsers列表显然列出了muser?还有另一个地方可以设置吗? 更新:我在使用详细标志-v将pub键添加到用户的authorized_keys文件后尝试在我的机器上登录该帐户.这些是结果(出于安全原因,使用虚假的IP和服务器主机密钥): $ssh -v mattm@111.111.111.111 OpenSSH_6.6.1,OpenSSL 1.0.1i 6 Aug 2014 debug1: Reading configuration data /c/Users/[user]/.ssh/config debug1: Connecting to 111.111.111.111 [111.111.111.111] port 22. debug1: Connection established. debug1: identity file /c/Users/[user]/.ssh/id_rsa type 1 debug1: identity file /c/Users/[user]/.ssh/id_rsa-cert type -1 debug1: identity file /c/Users/[user]/.ssh/id_dsa type -1 debug1: identity file /c/Users/[user]/.ssh/id_dsa-cert type -1 debug1: identity file /c/Users/[user]/.ssh/id_ecdsa type -1 debug1: identity file /c/Users/[user]/.ssh/id_ecdsa-cert type -1 debug1: identity file /c/Users/[user]/.ssh/id_ed25519 type -1 debug1: identity file /c/Users/[user]/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1 debug1: Remote protocol version 2.0,remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA [censored] debug1: Host '111.111.111.111' is known and matches the RSA host key. debug1: Found key in /c/Users/[user]/.ssh/known_hosts:4 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: Next authentication method: publickey debug1: Offering RSA public key: /c/Users/[user]/.ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-with-mic debug1: Trying private key: /c/Users/[user]/.ssh/id_dsa debug1: Trying private key: /c/Users/[user]/.ssh/id_ecdsa debug1: Trying private key: /c/Users/[user]/.ssh/id_ed25519 debug1: No more authentication methods to try. Permission denied (publickey,gssapi-with-mic). 解决方法
正如toppledwagon在我的问题的评论中建议的那样,我检查了/ var / log / security,并确定在homedir / .ssh / authorized_keys树上有一个错误权限的条目.
进行这些编辑后,我可以通过带有RSA密钥的ssh登录用户的帐户: $chmod g-w /home/your_user $chmod 700 /home/your_user/.ssh $chmod 600 /home/your_user/.ssh/authorized_keys 参考:http://www.daveperrett.com/articles/2010/09/14/ssh-authentication-refused/ 调整这些权限后,我能够登录.有趣的是,我已经将.ssh dir和authkey文件分别设置为700和600.由于某种原因,homedir没有正确设置. 感谢所有在评论中提供帮助的人. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |