IT分销/经销
ssh配置双机信任后,为何任然要输入密码?
执行 ssh-keygen -t dsassh-keygen -t rsa生成公鈅、私鈅后,将公鈅上传到对端服务器,并追加到authorized_keys 中。用ssh远程登陆对端机器时,仍然提示要输入密码。 实验环境是aix 5.3 + openssh 4.7 。 同样的操作,同样的sshd_config配置,在hp-unix + openssh 4.1上执行成...显示全部
执行
ssh-keygen -t dsa
ssh-keygen -t rsa
生成公鈅、私鈅后,将公鈅上传到对端服务器,并追加到authorized_keys 中。用ssh远程登陆对端机器时,仍然提示要输入密码。
实验环境是aix 5.3 + openssh 4.7 。 同样的操作,同样的sshd_config配置,在hp-unix + openssh 4.1上执行成功。 请问这会跟系统平台有关吗?
以下附上两种环境的debug结果。在aix上调试时,提示Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 请问这是什么意思?
========================================hp-unix+openssh 4.1==================================
$ ssh -v 3410b
OpenSSH_4.1, OpenSSL 0.9.7e 25 Oct 2004
HP-UX Secure Shell-A.04.00.000, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to 3410b [132.97.32.225] port 22.
debug1: Connection established.
debug1: identity file /export/home/tomcat/.ssh/id_rsa type -1
debug1: identity file /export/home/tomcat/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.1
debug1: match: OpenSSH_4.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '3410b' is known and matches the RSA host key.
debug1: Found key in /export/home/tomcat/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/tomcat/.ssh/id_rsa
debug1: Offering public key: /export/home/tomcat/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 434
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
===============================================AIX + openssh 4.7===============================
ssh -v gz_bstDB2
OpenSSH_4.7p1, OpenSSL 0.9.8f 11 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling Kerberos auth.
debug1: Connecting to gz_bstDB2 [132.97.183.99] port 22.
debug1: Connection established.
debug1: identity file /oracle/.ssh/identity type -1
debug1: identity file /oracle/.ssh/id_rsa type 1
debug1: identity file /oracle/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7
debug1: match: OpenSSH_4.7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: ENC->NAME:aes128-cbc
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: ENC->NAME:aes128-cbc
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: TYPE :31,Expected Type:0
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: TYPE :33,Expected Type:0
debug1: Host 'gz_bstdb2' is known and matches the RSA host key.
debug1: Found key in /oracle/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: TYPE :21,Expected Type:0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /oracle/.ssh/identity
debug1: Offering public key: /oracle/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: /oracle/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password收起
ssh-keygen -t dsa
ssh-keygen -t rsa
生成公鈅、私鈅后,将公鈅上传到对端服务器,并追加到authorized_keys 中。用ssh远程登陆对端机器时,仍然提示要输入密码。
实验环境是aix 5.3 + openssh 4.7 。 同样的操作,同样的sshd_config配置,在hp-unix + openssh 4.1上执行成功。 请问这会跟系统平台有关吗?
以下附上两种环境的debug结果。在aix上调试时,提示Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 请问这是什么意思?
========================================hp-unix+openssh 4.1==================================
$ ssh -v 3410b
OpenSSH_4.1, OpenSSL 0.9.7e 25 Oct 2004
HP-UX Secure Shell-A.04.00.000, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to 3410b [132.97.32.225] port 22.
debug1: Connection established.
debug1: identity file /export/home/tomcat/.ssh/id_rsa type -1
debug1: identity file /export/home/tomcat/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.1
debug1: match: OpenSSH_4.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '3410b' is known and matches the RSA host key.
debug1: Found key in /export/home/tomcat/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/tomcat/.ssh/id_rsa
debug1: Offering public key: /export/home/tomcat/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 434
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
===============================================AIX + openssh 4.7===============================
ssh -v gz_bstDB2
OpenSSH_4.7p1, OpenSSL 0.9.8f 11 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling Kerberos auth.
debug1: Connecting to gz_bstDB2 [132.97.183.99] port 22.
debug1: Connection established.
debug1: identity file /oracle/.ssh/identity type -1
debug1: identity file /oracle/.ssh/id_rsa type 1
debug1: identity file /oracle/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7
debug1: match: OpenSSH_4.7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: ENC->NAME:aes128-cbc
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: ENC->NAME:aes128-cbc
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: TYPE :31,Expected Type:0
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: TYPE :33,Expected Type:0
debug1: Host 'gz_bstdb2' is known and matches the RSA host key.
debug1: Found key in /oracle/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: TYPE :21,Expected Type:0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /oracle/.ssh/identity
debug1: Offering public key: /oracle/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: /oracle/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password收起
