我用ssh-copy-id [host]成功添加公钥到远程主机后,ssh [host]依旧需要输入密码,ssh -vvv,发现
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
公钥确实发出去了,但是服务器拒绝了。现在来debug sshd
首先将sshd的log改为DEBUG模式:
#SyslogFacility AUTHPRIV
LogLevel DEBUG
然后重启sshdsystemctl restart sshd
网上说的什/var/log/secure /var/log/auth.log都没有。
最后用journalctl -u sshd |tail -300 看到了日志:
Nov 07 06:49:39 7b145539c77d sshd[4726]: debug1: fd 5 clearing O_NONBLOCK
Nov 07 06:49:39 7b145539c77d sshd[4726]: Authentication refused: bad ownership or modes for directory /root
Nov 07 06:49:39 7b145539c77d sshd[4726]: debug1: restore_uid: 0/0
Nov 07 06:49:39 7b145539c77d sshd[4726]: Failed publickey for root from 127.0.0.1 port 44590 ssh2: RSA SHA256:ARFVQJxh4pxPs/gExtP6zH4tChIgwi++uTK2mZzmZY0
显然 /root的权限不对,改成700成功解决。
网友评论