【发布时间】:2018-05-19 21:36:01
【问题描述】:
关于 Stack Overflow 本身有几个类似的问题,但没有一个有效。
我有一个名为remote 的服务器,我正在尝试从我的local 机器上复制一些文件。两者都是 Ubuntu 机器:local 是 Ubuntu 16,remote 是 Ubuntu 14。
我已将我的local 公钥添加到remote 服务器~/.ssh/authorized_keys。在添加密钥之前,系统提示我输入远程计算机的密码,但现在系统提示我输入密钥密码。
远程机器上有我的权限:
drwx------ 2 ops ops 4096 Dec 5 07:38 .
drwxr-xr-x 5 ops ops 4096 Dec 6 02:06 ..
-rwx------ 1 ops ops 743 Dec 5 03:56 authorized_keys
-rw------- 1 ops ops 3326 Dec 5 04:04 id_rsa
-rw-r--r-- 1 ops ops 751 Dec 5 04:04 id_rsa.pub
-rwx------ 1 ops ops 444 Dec 5 06:55 known_hosts
这是我详细的 ssh 日志:
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to gateway [172.16.24.1] port 22.
debug1: Connection established.
debug1: identity file /home/ops/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ops/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ops/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ops/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ops/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ops/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ops/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ops/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to gateway:22 as 'ops'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:TgaQlbi1L+JBQBbqhJZHIpDnXtJGZtw5y3r2fj7qFAM
debug1: Host 'gateway' is known and matches the ECDSA host key.
debug1: Found key in /home/ops/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/ops/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 535
Enter passphrase for key '/home/ops/.ssh/id_rsa':
有人可以帮忙吗?
【问题讨论】:
-
我认为这个提示是针对 local 私钥的密码。需要解密密钥并启动 SSH 连接的握手过程。您可能在本地计算机上生成密钥时已设置。
-
是的,我在为
local创建密钥时确实设置了密码。要我再次生成没有密码吗?我认为这不是问题,因为它适用于以类似方式设置的另一对机器。 -
我在没有密码的情况下再次生成了我的密钥,现在可以使用了。谢谢。
-
这是安全性和便利性之间的权衡。如果您这样做,那么任何对
~/.ssh/id_rsa具有读取权限或对您的机器具有物理访问权限的人都可以看到您未加密的私钥。他们可以在不知道任何密码短语的情况下使用它来冒充您。如果您想自动连接到其他机器,您可能必须做出此选择。 -
@pii_ke :是的,安全性现在将是一个大问题。有什么方法可以让我使用密码作为我的密钥,但仍然没有提示为这些特定的机器输入密码,也许是某种异常。但同样,这毫无意义,因为这将是黑客的安全通道。