SSH免密登入配置成功後不生效問題
阿新 • • 發佈:2021-12-08
問題
已經將主機的公鑰id_rsa.pub
追加到了遠端主機的authorized_keys
檔案中,且檔案許可權均為 600
但是仍然無法免密登入,只能使用密碼登入
日誌
# tail /var/log/secure Dec 7 15:54:17 image sshd[5558]: Disconnected from 10.171.122.85 port 38000 Dec 7 15:54:17 image sshd[5558]: pam_unix(sshd:session): session closed for user root Dec 7 15:54:20 image sshd[5579]: reprocess config line 50: Deprecated option RSAAuthentication Dec 7 15:54:20 image sshd[5579]: Authentication refused: bad ownership or modes for directory /root Dec 7 15:54:36 image sshd[5579]: Accepted password for root from 10.171.122.85 port 38006 ssh2 Dec 7 15:54:36 image sshd[5579]: pam_unix(sshd:session): session opened for user root by (uid=0) Dec 7 15:54:37 image sshd[5579]: Received disconnect from 10.171.122.85 port 38006:11: disconnected by user Dec 7 15:54:37 image sshd[5579]: Disconnected from 10.171.122.85 port 38006 Dec 7 15:54:37 image sshd[5579]: pam_unix(sshd:session): session closed for user root Dec 7 15:57:01 image sshd[5905]: reprocess config line 50: Deprecated option RSAAuthentication Dec 7 15:57:01 image sshd[5905]: Accepted publickey for root from 10.171.122.85 port 38106 ssh2: RSA SHA256:1A8dDgEnM7OQxIySYUWzipuF6boKrYlT2zjYFjyA1sE Dec 7 15:57:01 image sshd[5905]: pam_unix(sshd:session): session opened for user root by (uid=0)
解決
使用者家目錄許可權被篡改為非使用者屬組,需要更改為指定的使用者許可權,且使用者目錄組許可權不能有 W 許可權
chmod g-w /home/user
chmod 700 ./.ssh
chmod 600 ~/.ssh/authorized_keys