问题排查
权限问题
chmod 700 /home/skyler/.ssh
chmod 600 /home/skyler/.ssh/authorized_keys
端口安全问题
可能PAM安全控制的原因导致uid<1000的用户禁止登陆(非root用户),通过
tail /var/log/secure -n 20查看发现以下提示
pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
修改登陆用户的uid,
usermod -u 端口号 用户名
修改登陆用户的gid,usermod -g 端口号 用户组
!!!注意
# 如果该用户已经有文件,需要批量修改文件的uid和gid
find / -user 用户端口号 -exec chown -h foo {} \;
find / -group 用户组端口号 -exec chgrp -h foo {} \;
好像可以通过修改
/etc/ssh/sshd_config的UsePAM yes为UsePAM no解决,但是不建议这么做,降低了服务器安全性
密钥生成强度问题
未证实,但是如果还是登陆不上,可以尝试
ssh-keygen -b 4096 -t rsa
然后不停回车,输出如下
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
............
The key's randomart image is:
+--[ RSA 4096]----+
| . |
| o = . . |
| B = + E |
| @ + o |
| . S . |
| * = |
| = o |
| . |
| |
+-----------------+
拷贝公钥到远程服务器
ssh-copy-id '-p ssh端口号 root@远程服务器IP地址'
输入root密码
[email protected]'s password:
Now try logging into the machine, with "ssh ...", and check in:
.ssh/authorized_keys
to make sure we haven\'t added extra keys that you weren't expecting.
尝试登陆
ssh root@远程服务器IP地址 -p ssh端口号