SSH public/private 密钥验证失败
SSH public/private key authentication is failing
我在 Google 计算引擎上有两个 Ubuntu 14.04 LTS 运行 的实例(主机名是 namenode 和 datanode1 )。
我正在努力设置它们之间的 ssh root 访问权限。
我正在提供一些信息,以便您帮助我解决这个问题
我在名称节点上生成了密钥对(名称节点,namenode.pub)。 namenode 上的 public 键看起来像这样
root@namenode:~# cat .ssh/namenode.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsxYETzfP3Kv9QgRZ5AnJGu6LNTuAJj67DhUzJVad1Cis7qQ7X7GSv1S+HQESiK/H1u3duVunMB+eiV1ktF/V42r5o3HCTTckiChSuu4B+wkHCqaHFYtGJZIMncPb4CvuyhzPz+Zb
mlV7YRGqw5lO+cQLSxCQpmBkIR1iQHRbtLIRenUTI3cXnJ22OhRea63R1/d+LspJreI8lnfmVLMr3MLUfi/U2vX3kR2EaH1QAoO1+dnRzuqsZE/ehbzT/DfBifRdoRCzhXuWgNKNxc/O0V3MwflnvPaWxxDC7FNQ7//nFg4gl8j4yV8
XFvuCyzJTQ9nS3wN+6Dms7MfDQtl4v root@namenode
我将这个 public 密钥添加到 datanode1 的授权密钥中。
root@datanode1:~# cat .ssh/authorized_keys
# namenode
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsxYETzfP3Kv9QgRZ5AnJGu6LNTuAJj67DhUzJVad1Cis7qQ7X7GSv1S+HQESiK/H1u3duVunMB
+eiV1ktF/V42r5o3HCTTckiChSuu4B+wkHCqaHFYtGJZIMncPb4CvuyhzPz+ZbmlV7YRGqw5lO+cQLSxCQpmBkIR1iQHRbtLIRenUTI3cXnJ22OhR
ea63R1/d+LspJreI8lnfmVLMr3MLUfi/U2vX3kR2EaH1QAoO1+dnRzuqsZE/ehbzT/DfBifRdoRCzhXuWgNKNxc/O0V3MwflnvPaWxxDC7FNQ7//n
Fg4gl8j4yV8XFvuCyzJTQ9nS3wN+6Dms7MfDQtl4v root@namenode
我是这样添加身份的
root@namenode:~# eval `ssh-agent -s`
Agent pid 4030
root@namenode:~# ssh-add .ssh/namenode
Identity added: .ssh/namenode (.ssh/namenode)
这是详细的输出
root@namenode:~# ssh -v -i .ssh/namenode.pub root@datanode1
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to datanode1 [10.240.218.126] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file .ssh/namenode.pub type 1
debug1: identity file .ssh/namenode.pub-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA b8:70:6e:f6:8c:4e:8e:ed:2b:46:d6:d4:d9:4d:ec:bb
debug1: Host 'datanode1' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:4
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: .ssh/namenode.pub
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
请帮我解决这个问题。两天以来我一直在挣扎。
ssh -v -i .ssh/namenode.pub root@datanode1
在命令行指定ssh密钥时,应该是私钥文件,而不是public文件。所以你应该在这里引用 .ssh/namenode,而不是 .ssh/namenode.pub。
您似乎已将私钥添加到 ssh-add,但 ssh 调试跟踪中没有任何迹象表明它与 ssh 代理通信或向远程服务器提供了私钥。也许您 运行 在与 ssh-add 命令不同的会话(终端 window)中使用 ssh,因此 ssh 无法访问告诉它如何访问代理的环境变量。
最后,namenode.pub行的内容是一长行。确保将其作为一长行而不是三行复制到远程 authorized_keys 文件中。
我在 Google 计算引擎上有两个 Ubuntu 14.04 LTS 运行 的实例(主机名是 namenode 和 datanode1 )。 我正在努力设置它们之间的 ssh root 访问权限。
我正在提供一些信息,以便您帮助我解决这个问题
我在名称节点上生成了密钥对(名称节点,namenode.pub)。 namenode 上的 public 键看起来像这样
root@namenode:~# cat .ssh/namenode.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsxYETzfP3Kv9QgRZ5AnJGu6LNTuAJj67DhUzJVad1Cis7qQ7X7GSv1S+HQESiK/H1u3duVunMB+eiV1ktF/V42r5o3HCTTckiChSuu4B+wkHCqaHFYtGJZIMncPb4CvuyhzPz+Zb
mlV7YRGqw5lO+cQLSxCQpmBkIR1iQHRbtLIRenUTI3cXnJ22OhRea63R1/d+LspJreI8lnfmVLMr3MLUfi/U2vX3kR2EaH1QAoO1+dnRzuqsZE/ehbzT/DfBifRdoRCzhXuWgNKNxc/O0V3MwflnvPaWxxDC7FNQ7//nFg4gl8j4yV8
XFvuCyzJTQ9nS3wN+6Dms7MfDQtl4v root@namenode
我将这个 public 密钥添加到 datanode1 的授权密钥中。
root@datanode1:~# cat .ssh/authorized_keys
# namenode
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsxYETzfP3Kv9QgRZ5AnJGu6LNTuAJj67DhUzJVad1Cis7qQ7X7GSv1S+HQESiK/H1u3duVunMB
+eiV1ktF/V42r5o3HCTTckiChSuu4B+wkHCqaHFYtGJZIMncPb4CvuyhzPz+ZbmlV7YRGqw5lO+cQLSxCQpmBkIR1iQHRbtLIRenUTI3cXnJ22OhR
ea63R1/d+LspJreI8lnfmVLMr3MLUfi/U2vX3kR2EaH1QAoO1+dnRzuqsZE/ehbzT/DfBifRdoRCzhXuWgNKNxc/O0V3MwflnvPaWxxDC7FNQ7//n
Fg4gl8j4yV8XFvuCyzJTQ9nS3wN+6Dms7MfDQtl4v root@namenode
我是这样添加身份的
root@namenode:~# eval `ssh-agent -s`
Agent pid 4030
root@namenode:~# ssh-add .ssh/namenode
Identity added: .ssh/namenode (.ssh/namenode)
这是详细的输出
root@namenode:~# ssh -v -i .ssh/namenode.pub root@datanode1
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to datanode1 [10.240.218.126] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file .ssh/namenode.pub type 1
debug1: identity file .ssh/namenode.pub-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA b8:70:6e:f6:8c:4e:8e:ed:2b:46:d6:d4:d9:4d:ec:bb
debug1: Host 'datanode1' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:4
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: .ssh/namenode.pub
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
请帮我解决这个问题。两天以来我一直在挣扎。
ssh -v -i .ssh/namenode.pub root@datanode1
在命令行指定ssh密钥时,应该是私钥文件,而不是public文件。所以你应该在这里引用 .ssh/namenode,而不是 .ssh/namenode.pub。
您似乎已将私钥添加到 ssh-add,但 ssh 调试跟踪中没有任何迹象表明它与 ssh 代理通信或向远程服务器提供了私钥。也许您 运行 在与 ssh-add 命令不同的会话(终端 window)中使用 ssh,因此 ssh 无法访问告诉它如何访问代理的环境变量。
最后,namenode.pub行的内容是一长行。确保将其作为一长行而不是三行复制到远程 authorized_keys 文件中。