解决Linux下添加RSA公钥,登录依旧需要密码的问题

为了安全,我们通常将服务器密码设置的非常复杂,这确实保证了安全,但是也为我们对服务器的管理带来困扰,每次输入密码都是一个很艰难的过程,因此将自己主机的RSA公钥注册到服务器上实现免密码登录是一个非常好的方法。
然而,有的情况下,注册到服务器上之后发现登录依旧需要输入密码,这篇博文便来讲解其原因,以及如何解决该问题。

0

首先需要确认自己的RSA密钥是否被正确注册到目标服务器的/root/.ssh/authorized_keys文件,很多情况下,问题出在复制粘贴的时候没有复制完全。

1

如果确认已经正确注册后,依旧需要密码,就需要检查该文件的权限,正确的权限如下:
/root/.ssh/文件夹权限应为700
/root/.ssh/authorized_keys文件权限应为600

执行如下命令以正确修改权限:

chmod 700 /root/.ssh/
chmod 600 /root/.ssh/authorized_keys

2

如果还是需要密码,问题就变得比较复杂了,这时候最好的方式是查看日志:

[root@1989 ~]# tail /var/log/secure -n 20
May 14 00:03:12 1989 sshd[11432]: Failed password for root from 58.218.198.150 port 55758 ssh2
May 14 00:03:14 1989 sshd[11432]: Failed password for root from 58.218.198.150 port 55758 ssh2
May 14 00:03:17 1989 sshd[11432]: Failed password for root from 58.218.198.150 port 55758 ssh2
May 14 00:03:17 1989 sshd[11432]: Received disconnect from 58.218.198.150 port 55758:11:  [preauth]
May 14 00:03:17 1989 sshd[11432]: Disconnected from 58.218.198.150 port 55758 [preauth]
May 14 00:03:17 1989 sshd[11432]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.198.150  user=root
May 14 00:03:59 1989 sshd[11397]: Received disconnect from 103.238.225.240 port 49874:11: disconnected by user
May 14 00:03:59 1989 sshd[11397]: Disconnected from 103.238.225.240 port 49874
May 14 00:03:59 1989 sshd[11397]: pam_unix(sshd:session): session closed for user root
May 14 00:04:03 1989 sshd[11461]: Authentication refused: bad ownership or modes for directory /root
May 14 00:04:05 1989 sshd[11461]: Connection closed by 103.238.225.240 port 49922 [preauth]
May 14 00:05:39 1989 sshd[11495]: Authentication refused: bad ownership or modes for directory /root
May 14 00:05:43 1989 sshd[11495]: Accepted password for root from 103.238.225.240 port 49972 ssh2
May 14 00:05:44 1989 sshd[11495]: pam_unix(sshd:session): session opened for user root by (uid=0)
May 14 00:05:55 1989 sshd[11495]: Received disconnect from 103.238.225.240 port 49972:11: disconnected by user
May 14 00:05:55 1989 sshd[11495]: Disconnected from 103.238.225.240 port 49972
May 14 00:05:55 1989 sshd[11495]: pam_unix(sshd:session): session closed for user root
May 14 00:05:59 1989 sshd[11529]: Authentication refused: bad ownership or modes for directory /root
May 14 00:06:04 1989 sshd[11529]: Accepted password for root from 103.238.225.240 port 49986 ssh2
May 14 00:06:04 1989 sshd[11529]: pam_unix(sshd:session): session opened for user root by (uid=0)

如日志所示,May 14 00:05:59 1989 sshd[11529]: Authentication refused: bad ownership or modes for directory /root提示了/root目录的权限归属有误。
经过查询,/root目录权限应为700,而这台服务器上面的权限为755,修改权限,即可解决问题!

发表评论

电子邮件地址不会被公开。 必填项已用*标注