linux---ssh使用ssh key登录，Permission denied (publickey,password).

linux—ssh使用ssh key登录，Permission denied (publickey,password).

参考：http://blog.csdn.net/hanhuili/article/details/11055293
1、在登录的客户端40.128配置如下

在登录的客户端40.128配置如下：
root@kali:/usr/share/pexpect-4.3.1# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0c:29:65:7c:6d  
          inet addr:192.168.40.128  Bcast:192.168.40.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe65:7c6d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:198268 errors:0 dropped:0 overruns:0 frame:0
          TX packets:276180 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:49164151 (46.8 MiB)  TX bytes:21281944 (20.2 MiB)
          Interrupt:19 Base address:0x2000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:8149 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8149 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:4799741 (4.5 MiB)  TX bytes:4799741 (4.5 MiB)


root@kali:/usr/share/pexpect-4.3.1# 
root@kali:~/python/anquangongji# ssh [email protected]
The authenticity of host '192.168.40.129 (192.168.40.129)' can't be established.
ECDSA key fingerprint is 82:05:83:c3:07:92:d4:d2:24:04:03:18:79:c7:77:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.40.129' (ECDSA) to the list of known hosts.
Permission denied (publickey,password).
root@kali:~/python/anquangongji# ssh [email protected]
Permission denied (publickey,password).
root@kali:~/python/anquangongji# cd ../../../
root@kali:/# cd ~/.ssh/
root@kali:~/.ssh# ls
known_hosts


root@kali:~/.ssh# sudo apt-get install openssh-server
正在读取软件包列表... 完成
正在分析软件包的依赖关系树       
正在读取状态信息... 完成       
下列软件包是自动安装的并且现在不需要了：
  python-django
Use 'apt-get autoremove' to remove it.
将会安装下列额外的软件包：
  openssh-client
建议安装的软件包：
  ssh-askpass libpam-ssh keychain monkeysphere rssh molly-guard ufw
下列软件包将被升级：
  openssh-client openssh-server
升级了 2 个软件包，新安装了 0 个软件包，要卸载 0 个软件包，有 390 个软件包未被升级。
需要下载 1,388 kB 的软件包。
解压缩后将会空出 160 kB 的空间。
您希望继续执行吗？[Y/n]y
获取：1 http://mirrors.163.com/debian-security/ wheezy/updates/main openssh-server i386 1:6.0p1-4+deb7u6 [343 kB]
获取：2 http://mirrors.163.com/debian-security/ wheezy/updates/main openssh-client i386 1:6.0p1-4+deb7u6 [1,044 kB]
下载 1,388 kB，耗时 2秒 (473 kB/s)        
读取变更记录(changelogs)... 完成      
正在预设定软件包 ...
(正在读取数据库 ... 系统当前共安装有 341075 个文件和目录。)
正预备替换 openssh-server 1:6.0p1-4+deb7u2 (使用 .../openssh-server_1%3a6.0p1-4+deb7u6_i386.deb) ...
正在解压缩将用于更替的包文件 openssh-server ...
正预备替换 openssh-client 1:6.0p1-4+deb7u2 (使用 .../openssh-client_1%3a6.0p1-4+deb7u6_i386.deb) ...
正在解压缩将用于更替的包文件 openssh-client ...
正在处理用于 man-db 的触发器...
正在设置 openssh-client (1:6.0p1-4+deb7u6) ...
正在设置 openssh-server (1:6.0p1-4+deb7u6) ...
insserv: warning: current start runlevel(s) (empty) of script `ssh' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (2 3 4 5) of script `ssh' overrides LSB defaults (empty).
insserv: warning: script 'ajaxterm' missing LSB tags and overrides


#在客户端生成shh的key（登录密码：1736*****(打码)）
root@kali:~/.ssh# 
root@kali:~/.ssh# ssh-keygen -t dsa -f ~/.ssh/id_dsa
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
2c:da:90:fd:b9:c1:20:1b:8b:89:f9:ba:70:ff:ae:39 root@kali
The key's randomart image is:
+--[ DSA 1024]----+
|                 |
|                 |
|                 |
|     o .         |
|    = + S        |
| o o O = .       |
|+ + + . =        |
|.o .E.   o       |
|oo. +=o .        |
+-----------------+
root@kali:~/.ssh# ls
id_dsa  id_dsa.pub  known_hosts
root@kali:~/.ssh# sz -id_dsa.pub
sz: invalid option -- '_'
Try `sz --help' for more information.


#把linux 40.128客户端生成的id_dsa.pub使用sz -id_dsa.pub方法copy到windows机器上，再copy到linux 40.129的服务器上
root@kali:~/.ssh# sz --help
sz version 0.12.21rc
Usage: sz [options] file ...
   or: sz [options] -{c|i} COMMAND
Send file(s) with ZMODEM/YMODEM/XMODEM protocol
    (X) = option applies to XMODEM only
    (Y) = option applies to YMODEM only
    (Z) = option applies to ZMODEM only
  -+, --append                append to existing destination file (Z)
  -2, --twostop               use 2 stop bits
  -4, --try-4k                go up to 4K blocksize
      --start-4k              start with 4K blocksize (doesn't try 8)
  -8, --try-8k                go up to 8K blocksize
      --start-8k              start with 8K blocksize
  -a, --ascii                 ASCII transfer (change CR/LF to LF)
  -b, --binary                binary transfer
  -B, --bufsize N             buffer N bytes (N==auto: buffer whole file)
  -c, --command COMMAND       execute remote command COMMAND (Z)
  -C, --command-tries N       try N times to execute a command (Z)
  -d, --dot-to-slash          change '.' to '/' in pathnames (Y/Z)
      --delay-startup N       sleep N seconds before doing anything
  -e, --escape                escape all control characters (Z)
  -E, --rename                force receiver to rename files it already has
  -f, --full-path             send full pathname (Y/Z)
  -i, --immediate-command CMD send remote CMD, return immediately (Z)
  -h, --help                  print this usage message
  -k, --1k                    send 1024 byte packets (X)
  -L, --packetlen N           limit subpacket length to N bytes (Z)
  -l, --framelen N            limit frame length to N bytes (l>=L) (Z)
  -m, --min-bps N             stop transmission if BPS below N
  -M, --min-bps-time N          for at least N seconds (default: 120)
  -n, --newer                 send file if source newer (Z)
  -N, --newer-or-longer       send file if source newer or longer (Z)
  -o, --16-bit-crc            use 16 bit CRC instead of 32 bit CRC (Z)
  -O, --disable-timeouts      disable timeout code, wait forever
  -p, --protect               protect existing destination file (Z)
  -r, --resume                resume interrupted file transfer (Z)
  -R, --restricted            restricted, more secure mode
  -q, --quiet                 quiet (no progress reports)
  -s, --stop-at {HH:MM|+N}    stop transmission at HH:MM or in N seconds
      --tcp-server            open socket, wait for connection (Z)
      --tcp-client ADDR:PORT  open socket, connect to ... (Z)
  -u, --unlink                unlink file after transmission
  -U, --unrestrict            turn off restricted mode (if allowed to)
  -v, --verbose               be verbose, provide debugging information
  -w, --windowsize N          Window is N bytes (Z)
  -X, --xmodem                use XMODEM protocol
  -y, --overwrite             overwrite existing files
  -Y, --overwrite-or-skip     overwrite existing files, else skip
      --ymodem                use YMODEM protocol
  -Z, --zmodem                use ZMODEM protocol

short options use the same arguments as the long ones
root@kali:~/.ssh# sz id_dsa.pub
root@kali:~/.ssh# 
^C
root@kali:~/.ssh#

2、在linux的服务器 40.129配置

在linux 40.129的服务器配置：
root@kali:~/.ssh# 
root@kali:~/.ssh# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0c:29:ee:b2:1f  
          inet addr:192.168.40.129  Bcast:192.168.40.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:feee:b21f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:917 errors:0 dropped:0 overruns:0 frame:0
          TX packets:743 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:377348 (368.5 KiB)  TX bytes:103578 (101.1 KiB)
          Interrupt:19 Base address:0x2000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:32 errors:0 dropped:0 overruns:0 frame:0
          TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1920 (1.8 KiB)  TX bytes:1920 (1.8 KiB)

root@kali:~/.ssh# 


root@kali:~/python# sudo apt-get install openssh-server
正在读取软件包列表... 完成
正在分析软件包的依赖关系树       
正在读取状态信息... 完成       
openssh-server 已经是最新的版本了。
升级了 0 个软件包，新安装了 0 个软件包，要卸载 0 个软件包，有 0 个软件包未被升级。
root@kali:~/python# cd ~/.ssh/
root@kali:~/.ssh# ls
known_hosts
root@kali:~/.ssh# rz #使用sz文件操作copy客户端40.128的id_dsa.pub公钥文件

root@kali:~/.ssh# ls
id_dsa.pub  known_hosts
root@kali:~/.ssh#  cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
root@kali:~/.ssh# ls
authorized_keys  id_dsa.pub  known_hosts
root@kali:~/.ssh# vi /etc/ssh/sshd_config 
root@kali:~/.ssh# 
root@kali:~/.ssh#

3、再到客户端 40.128使用ssh [email protected]登录40.129服务器（登录密码：1736*****(打码)）

root@kali:~/.ssh# ssh [email protected]
Enter passphrase for key '/root/.ssh/id_dsa': 
Linux kali 3.18.0-kali1-686-pae #1 SMP Debian 3.18.3-1~kali4 (2015-01-22) i686

The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun Dec 24 13:21:51 2017 from 192.168.40.1

#成功登录服务器40.129
root@kali:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0c:29:ee:b2:1f  
          inet addr:192.168.40.129  Bcast:192.168.40.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:feee:b21f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:832 errors:0 dropped:0 overruns:0 frame:0
          TX packets:661 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:369544 (360.8 KiB)  TX bytes:94338 (92.1 KiB)
          Interrupt:19 Base address:0x2000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:24 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1440 (1.4 KiB)  TX bytes:1440 (1.4 KiB)

root@kali:~# ^C
root@kali:~#