SSH困惑

wenshal

A机、B机均为linux
A机root用户执行 ssh-keygen -t rsa 生成一对密钥 把公钥存放到B机root用户目录的.ssh下面、user1用户目录下建立.ssh目录把公钥也存放到目录下
A机执行ssh root@B机 可以顺利进入B机
A机执行ssh user1@B机 却还是提示输入密码 键盘输入密码后才可以进入B机user1目录下
为什么user1@B机不能像root@B机那样直接进去呢

ssh -v user1@B  调试信息如下
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: Connecting to ip of B机 [ip of B机] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ip of B机' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password

root用户和user1用户主要区别
ssh root@B机
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 149 lastkey 0x808a7e0 hint 1
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).


ssh user1@B机
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
...
user1非要输入密码才能登录

困惑

wenshal

望大侠指点迷津 多谢

enjoy

check the permission and owner

dajun

你的private key在root目录下啊

wenshal

嗯 私钥放在A机/root/.ssh下
也是在A机root下ssh user1@B机的
公钥分别在B机/root/.ssh和/home/user1/.ssh下所有者分别为root和user1 权限755

在任何一台机器上执行
# ssh user1@B机
user1@B机's password:
-bash: ulimit: max user processes: cannot modify limit: Operation not permitted
报这个错，但输入密码后还是可以登录B机的 不知道是不是这个错误导致密钥认证失败

eTony

在B上,user1/.ssh目录下的公钥 的宿主应该是user1 并且权限为0644

wenshal

drw-r--r--    2 oracle   oinstall     4096 Jul  6 16:29 .ssh
oracle即为user1
可还是不行 其他地方有什么需要配置吗

brian

出于安全考虑，建立无密码连接时，最好两边都用普通用户身份，你一定是用root身份建立的连接，所以会出现这种问题。

cyrus

在/etc/ssh/sshd_config中有一项
#PermitRootLogin no
有没有改成
PermitRootLogin yes
呀？？

eTony

Post by wenshal
drw-r--r--    2 oracle   oinstall     4096 Jul  6 16:29 .ssh
oracle即为user1
可还是不行 其他地方有什么需要配置吗

我说的是文件 而非 目录

[HTML]-rw-r--r-- 1 tony tony 602 2006-07-14 17:24 authorized_keys[/HTML]