为什么密钥认证不适合 openssh?

分享于 

11分钟阅读

电脑

  繁體 雙語

问题:

我正在设置一个hadoop集群,按照以下教程: http://www.michael-noll.com/tutorials/running-hadoop-on-ubuntu-linux-single-node-cluster/#sun-java-6

当我尝试设置ssh密钥时,我的问题出现了。 通过使用ssh生成一个密钥,然后我将密钥复制到 authorized_keys。 我已经尝试使用 cat 复制密钥,就像建议的那样,也使用


cp id_rsa.pub authorized_keys




ssh-copy-id -i $HOME/.ssh/id_rsa.pub localhost



这些尝试都不适用。 我总是得到以下输出:


$ ssh -vvv localhost


OpenSSH_5.5p1, OpenSSL 1.0.0a-fips 1 Jun 2010


debug1: Reading configuration data/etc/ssh/ssh_config


debug1: Applying options for *


debug2: ssh_connect: needpriv 0


debug1: Connecting to localhost [127.0.0.1] port 22.


debug1: Connection established.


debug3: Not a RSA1 key file/home/hadoop/.ssh/id_rsa.


debug2: key_type_from_name: unknown key type '-----BEGIN'


debug3: key_read: missing keytype


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug3: key_read: missing whitespace


debug2: key_type_from_name: unknown key type '-----END'


debug3: key_read: missing keytype


debug1: identity file/home/hadoop/.ssh/id_rsa type 1


debug1: identity file/home/hadoop/.ssh/id_rsa-cert type -1


debug1: identity file/home/hadoop/.ssh/id_dsa type -1


debug1: identity file/home/hadoop/.ssh/id_dsa-cert type -1


debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5


debug1: match: OpenSSH_5.5 pat OpenSSH*


debug1: Enabling compatibility mode for protocol 2.0


debug1: Local version string SSH-2.0-OpenSSH_5.5


debug2: fd 3 setting O_NONBLOCK


debug1: SSH2_MSG_KEXINIT sent


debug1: SSH2_MSG_KEXINIT received


debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1


debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss


debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se


debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se


debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96


debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96


debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib


debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib


debug2: kex_parse_kexinit: 


debug2: kex_parse_kexinit: 


debug2: kex_parse_kexinit: first_kex_follows 0 


debug2: kex_parse_kexinit: reserved 0 


debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1


debug2: kex_parse_kexinit: ssh-rsa,ssh-dss


debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se


debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se


debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96


debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96


debug2: kex_parse_kexinit: none,zlib@openssh.com


debug2: kex_parse_kexinit: none,zlib@openssh.com


debug2: kex_parse_kexinit: 


debug2: kex_parse_kexinit: 


debug2: kex_parse_kexinit: first_kex_follows 0 


debug2: kex_parse_kexinit: reserved 0 


debug2: mac_setup: found hmac-md5


debug1: kex: server->client aes128-ctr hmac-md5 none


debug2: mac_setup: found hmac-md5


debug1: kex: client->server aes128-ctr hmac-md5 none


debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent


debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP


debug2: dh_gen_key: priv key bits set: 128/256


debug2: bits set: 482/1024


debug1: SSH2_MSG_KEX_DH_GEX_INIT sent


debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY


debug3: check_host_in_hostfile: host localhost filename/home/hadoop/.ssh/known_hosts


debug3: check_host_in_hostfile: host localhost filename/home/hadoop/.ssh/known_hosts


debug3: check_host_in_hostfile: match line 1


debug1: Host 'localhost' is known and matches the RSA host key.


debug1: Found key in/home/hadoop/.ssh/known_hosts:1


debug2: bits set: 523/1024


debug1: ssh_rsa_verify: signature correct


debug2: kex_derive_keys


debug2: set_newkeys: mode 1


debug1: SSH2_MSG_NEWKEYS sent


debug1: expecting SSH2_MSG_NEWKEYS


debug2: set_newkeys: mode 0


debug1: SSH2_MSG_NEWKEYS received


debug1: Roaming not allowed by server


debug1: SSH2_MSG_SERVICE_REQUEST sent


debug2: service_accept: ssh-userauth


debug1: SSH2_MSG_SERVICE_ACCEPT received


debug2: key:/home/hadoop/.ssh/id_rsa (0x7fe53c972650)


debug2: key:/home/hadoop/.ssh/id_dsa ((nil))


debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password


debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password


debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password


debug3: authmethod_lookup gssapi-with-mic


debug3: remaining preferred: publickey,keyboard-interactive,password


debug3: authmethod_is_enabled gssapi-with-mic


debug1: Next authentication method: gssapi-with-mic


debug3: Trying to reverse map address 127.0.0.1.


debug1: Unspecified GSS failure. Minor code may provide more information


Credentials cache file '/tmp/krb5cc_500' not found



debug1: Unspecified GSS failure. Minor code may provide more information


Credentials cache file '/tmp/krb5cc_500' not found



debug1: Unspecified GSS failure. Minor code may provide more information



debug2: we did not send a packet, disable method


debug3: authmethod_lookup publickey


debug3: remaining preferred: keyboard-interactive,password


debug3: authmethod_is_enabled publickey


debug1: Next authentication method: publickey


debug1: Offering public key:/home/hadoop/.ssh/id_rsa


debug3: send_pubkey_test


debug2: we sent a publickey packet, wait for reply


debug1: Server accepts key: pkalg ssh-rsa blen 279


debug2: input_userauth_pk_ok: SHA1 fp 99:fb:15:b2:2f:44:3f:bc:9a:b4:fe:a8:9b:61:c7:b0:23:c5:4c:0d


debug3: sign_and_send_pubkey


Agent admitted failure to sign using the key.


debug1: Trying private key:/home/hadoop/.ssh/id_dsa


debug3: no such identity:/home/hadoop/.ssh/id_dsa


debug2: we did not send a packet, disable method


debug3: authmethod_lookup password


debug3: remaining preferred:, password


debug3: authmethod_is_enabled password


debug1: Next authentication method: password



这使我的项目 screeching。 任何帮助都将非常有用。


回答 1:

EDIT这只是暂时解决我的问题。 短暂的时间之后,连接又开始失败了。

使用 ssh-copy-id,确保包含要为它的复制标识的用户的NAME:


ssh-copy-id -i $HOME/.ssh/id_rsa.pub user@localhost




回答 2:

你的ssh代理是否确定?

请尝试以下操作:


kill $SSH_AGENT_PID


eval `ssh-agent`


ssh-add



请注意,必须将ssh添加到正确的用户。 我想是现在的那个。 如果生成的密钥有效,应该将它们放在授权列表中,服务器应该停止请求密码。 只是提到了,我只使用了ssh+cat方法。 ssh-copy-id会搞乱认证文件。



KEY  auth  Openssh  
相关文章