問題排查
權限問題
chmod 700 /home/skyler/.ssh
chmod 600 /home/skyler/.ssh/authorized_keys
端口安全問題
可能PAM安全控制的原因導致uid<1000的用戶禁止登陸(非root用戶),通過
tail /var/log/secure -n 20查看發現以下提示
pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
修改登陸用戶的uid,
usermod -u 端口號 用戶名
修改登陸用戶的gid,usermod -g 端口號 用戶組
!!!注意
# 如果該用戶已經有文件,需要批量修改文件的uid和gid
find / -user 用戶端口號 -exec chown -h foo {} \;
find / -group 用戶組端口號 -exec chgrp -h foo {} \;
好像可以通過修改
/etc/ssh/sshd_config的UsePAM yes爲UsePAM no解決,但是不建議這麼做,降低了服務器安全性
密鑰生成強度問題
未證實,但是如果還是登陸不上,可以嘗試
ssh-keygen -b 4096 -t rsa
然後不停回車,輸出如下
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
............
The key's randomart image is:
+--[ RSA 4096]----+
| . |
| o = . . |
| B = + E |
| @ + o |
| . S . |
| * = |
| = o |
| . |
| |
+-----------------+
拷貝公鑰到遠程服務器
ssh-copy-id '-p ssh端口號 root@遠程服務器IP地址'
輸入root密碼
[email protected]'s password:
Now try logging into the machine, with "ssh ...", and check in:
.ssh/authorized_keys
to make sure we haven\'t added extra keys that you weren't expecting.
嘗試登陸
ssh root@遠程服務器IP地址 -p ssh端口號