CentOS 7 免密登录异常 -- we did not send a packet, disable method
文章目录
-
-
- 服务器信息
- 背景描述
- 复现错误
-
-
- 创建普通用户
- 普通账号密码配置
- 秘钥生成 && 配置
- 重启 sshd 服务 -- ROOT 账户
- dev 账户免密登录配置
-
- 总结
-
-
- authorized_keys
- id_rsa
- id_rsa.pub
- known_hosts
-
- 参考
-
服务器信息
| 主机名 | IP | CPU | 内存 | 磁盘 | 部署 |
|---|---|---|---|---|---|
| node1 | 10.10.200.211 | 2核 | 4GB | 50GB | — |
| node2 | 10.10.200.212 | 2核 | 4GB | 50GB | — |
| node3 | 10.10.200.213 | 2核 | 4GB | 50GB | — |
背景描述
三台服务器中,创建普通账户,使用 ssh-keygen 创建秘钥,配置好免密登录后无效,排查发现错误 "we did not send a packet, disable method"。
复现错误
创建普通用户
[root@node1 ~]# useradd dev
普通账号密码配置
[root@node1 ~]# echo "123456" | passwd --stdin dev
Changing password for user dev.
passwd: all authentication tokens updated successfully.
秘钥生成 && 配置
[root@node1 ~]# su - dev
[dev@node1 ~]$ ssh-keygen -t rsa
[root@node1 ~]# cat ~/.ssh/id_rsa.pub
[dev@node1 ~]$ touch ~/.ssh/authorized_keys
[dev@node1 ~]$ cat ~/.ssh/authorized_keys
重启 sshd 服务 – ROOT 账户
[root@node1 ~]# systemctl restart sshd
dev 账户免密登录配置
- 无法实现 “免密登录配置”
[dev@node1 ~]$ ssh -vvv [email protected]
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
- 文件权限查看
[dev@node1 ~]$ ls -la ~
total 20
drwx------. 3 dev dev 111 Aug 26 18:53 .
drwxr-xr-x. 3 root root 17 Aug 26 18:43 ..
-rw-------. 1 dev dev 185 Aug 26 18:53 .bash_history
-rw-r--r--. 1 dev dev 18 Aug 3 2016 .bash_logout
-rw-r--r--. 1 dev dev 193 Aug 3 2016 .bash_profile
-rw-r--r--. 1 dev dev 231 Aug 3 2016 .bashrc
drwx------. 2 dev dev 80 Aug 26 19:00 .ssh
-rw-------. 1 dev dev 678 Aug 26 18:52 .viminfo
[dev@node1 ~]$ ls -la ~/.ssh/
total 16
drwx------. 2 dev dev 80 Aug 26 19:00 .
drwx------. 3 dev dev 111 Aug 26 18:53 ..
-rw-rw-r--. 1 dev dev 1173 Aug 26 18:52 authorized_keys
-rw-------. 1 dev dev 1679 Aug 26 18:49 id_rsa
-rw-r--r--. 1 dev dev 391 Aug 26 18:49 id_rsa.pub
-rw-r--r--. 1 dev dev 175 Aug 26 19:00 known_hosts
[dev@node1 ~]$ cat ~/.ssh/known_hosts
10.10.200.211 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOScSoZznOz0Q3qpG8ShLUWAu2523dANKL9Xnr4vM3ljzR+gberesxB+UK+nuEvak/ufCpsMWrprmgLG9POGB/Y=
- 配置文件权限
[dev@node1 ~]$ chmod 0755 ~
[dev@node1 ~]$ chmod 700 ~/.ssh
[dev@node1 ~]$ chmod 600 ~/.ssh/authorized_keys
[dev@node1 ~]$ ls -la ~
total 20
drwxr-xr-x. 3 dev dev 111 Aug 26 18:53 .
drwxr-xr-x. 3 root root 17 Aug 26 18:43 ..
-rw-------. 1 dev dev 185 Aug 26 18:53 .bash_history
-rw-r--r--. 1 dev dev 18 Aug 3 2016 .bash_logout
-rw-r--r--. 1 dev dev 193 Aug 3 2016 .bash_profile
-rw-r--r--. 1 dev dev 231 Aug 3 2016 .bashrc
drwx------. 2 dev dev 80 Aug 26 19:09 .ssh
-rw-------. 1 dev dev 678 Aug 26 18:52 .viminfo
[dev@node1 ~]$ ls -la ~/.ssh/
total 16
drwx------. 2 dev dev 80 Aug 26 19:09 .
drwxr-xr-x. 3 dev dev 111 Aug 26 18:53 ..
-rw-------. 1 dev dev 1173 Aug 26 18:52 authorized_keys
-rw-------. 1 dev dev 1679 Aug 26 18:49 id_rsa
-rw-r--r--. 1 dev dev 391 Aug 26 18:49 id_rsa.pub
-rw-r--r--. 1 dev dev 543 Aug 26 19:09 known_hosts
[dev@node1 ~]$ cat ~/.ssh/known_hosts
node1,10.10.200.211 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOScSoZznOz0Q3qpG8ShLUWAu2523dANKL9Xnr4vM3ljzR+gberesxB+UK+nuEvak/ufCpsMWrprmgLG9POGB/Y=
node2,10.10.200.212 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOScSoZznOz0Q3qpG8ShLUWAu2523dANKL9Xnr4vM3ljzR+gberesxB+UK+nuEvak/ufCpsMWrprmgLG9POGB/Y=
node3,10.10.200.213 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOScSoZznOz0Q3qpG8ShLUWAu2523dANKL9Xnr4vM3ljzR+gberesxB+UK+nuEvak/ufCpsMWrprmgLG9POGB/Y=
总结
.ssh 目录的权限必须是 700
.ssh/authorized_keys 文件权限必须是 600
authorized_keys
存放远程免密登录的公钥,主要通过这个文件记录多台机器的公钥。
[dev@node1 ~]$ cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD8BjRJKEPYgJsJ1AFei8tflMgTXs6I/BNMuWjIq6WuWGxSbnkoR7TFwnd0E8rY1JvAhS8g6Nkbd4ObIeQNCIVGH8VHjirABRha3T0IAA3zMvF1touaLicUe1ntM4M/aE96B+4sGleWK2AxbKtvmuNU3Q+WAsAaEuvLlIoa1rHeQxCYhmuTA8Jx5UTe0+ozHivMmYHbPGd6SBwYIU4/s7pUTRkjX77tJes0XPvyp13p+uawhFXJCd0AFdGKY7DF47mtr4gu8Pw+s5SZOn11XIsZ+cVq02gzUgjCgU/1FphV6uzhAy7qgqQ7oJGF7D5QlisaBifY1ypQBJU9ROtsIclD dev@node1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEQOrCDXpPB7HNnQWgIs213FmgqLMJUNylsHw0fNTfRDHE+GTex0vaBJGCvTq72Reia2PbA8ZkXgls+BH4KEk4p/9VoStbmbOY9Q/43OK6b33uyFPI2ilhlnYmwgW8l3btJPlzB1Mo0Vw+xRFr5K8uGPWEw8re3LQklGgu4BdHcKbxRQrNj/EzyzFVJiqNWNDLmJWjmgeGDEpr+cCVfuK/ie9v3mn7Eak1dM/cmqAYtsKOGRIf4gIUDFJJhElfq0rOlkLpubn1iGwaccaduxk54tjOuLYwQpdm29cg0f5RMmHZgZA8L7R4exaYXrRyY+0aUyY4vKinMYLCalcuBGEd dev@node2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9TJFt+x/csYlyrNxqG35Zh5XpWsxSwDUv6878RYh3imswT0vpLrq0u2JaT7/SWbn4sPF/FKXftNZK+t+ZvdIikdu4SyEb8SQOlVAJ43bMNh4NXylIXw7JdkHivNpk+aWlqyR5hKFdWYZg3q3i2+ohOzbRoFlew7qig8BggMflMKQ8oPH/4DgCVQ23N7ukZ+HubFOIB8y/wiRVmk8WsLTDvKHTp9IDWTpiobPmNLd3t+vVubULmAc39SJNWOTNJC/y6WhoHEGTvoGQy8tD2qVBmKRNt3dbMT/UEkx8cI4aEl0jBkT6jhyCZEKpvxXnfsCkHWAlO4ZWOi5oFnZjmrQN dev@node3
id_rsa
生成的私钥文件
[dev@node1 ~]$ cat ~/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA/AY0SShD2ICbCdQBXovLX5TIE17OiPwTTLloyKulrlhsUm55
KEe0xcJ3dBPK2NSbwIUvIOjZG3eDmyHkDQiFRh/FR44qwAUYWt09CAAN8zLxdbaL
mi4nFHtZ7TODP2hPegfuLBpXlitgMWyrb5rjVN0PlgLAGhLry5SKGtax3kMQmIZr
kwPCceVE3tPqMx4rzJmB2zxnekgcGCFOP7O6VE0ZI1++7SXrNFz78qdd6frmsIRV
yQndABXRimOwxeO5ra+ILvD8PrOUmTp9dVyLGfnFatNoM1IIwoFP9RaYVers4QMu
6oKkO6CRhew+UJYrGgYn2NcqUASVPUTrbCHJQwIDAQABAoIBAHRsXU0KZ8UlK/nv
US6e/7VI4uBn5JtNb5D6+dfxy1juCiROWnPsJCtTOaGK3yMpnEXkgLAAQQM6Q7av
gk0vCXoqhRUYLNGFyQl4uI/wjoExoG/Tg0wXVABXN2SnblMlWcmyzijbhmid4xMR
82RcNfZnJKMU5C9nXDwwg1gApCxa/iqAEWOpOunIqGaR9IWCU3WER2CTXubAuKxP
87+1GHAuVMCxDwKCixO/EvGQKdfaBuJAt9nTt6Qze1YeuA9qeuaCe1nIfR88lMCr
0Z8ZIL9weyof7N3v+DpExBhU3fwo1tBgCss6h05kLWVWi4NURCOx1dswqO9kn1rE
DSWDlpkCgYEA/p5z/Uq0edyhRVggrEhGL4XtRJfhLIaRbFme+rmdZ/jf3+7EhtsT
wh6uL9bVeXNj7EbY+M4lwFdpmusUcsWe1insjyIpS2QrZ1Yyfn9mh4v6sooT09gj
MYDi0jc49GU6QBg1ZdcpPvdeM9rgH6G/EckDdAr/TOVLiFRj+iHUZ38CgYEA/WQl
9vTJS9JP04dSqKA7FoQMIRTCKtwKXsMyYD6EuD0uoCV/U2dItmVcWOJewSj5kRws
1n55yv5FG2O0OFfMl/HyOaRGoWPoYPeRD/UrE1HqdA45FvlztCMk9gZf8SIXLTfS
UPvUsZ+WI7dPDIeFxE92nln3/vgZd0FZOAkK4D0CgYEA5jJ1pTOMNXyeJWaGq5vw
MHkByXkS8EF9apsgG4gC4oRkSz3AWjfpBiDc1I2DlPkZBv4Kne8qvFmLNa+BXj6C
2xcuMz3sXafjgdqxbiJanQOWFSK2yFlpgBEJgIrCqFp4rof0hu1e8fmNJo6lAJQo
fbjhsWFb7baEcm3xsawyL5sCgYEAvwy0hzfXUkC3CVEdpKBzDK3xCzxAjdosQ3i/
Ucuxe8w9jGfZUYQtUcCo2SeMs+z2BlANCoh/wernJhiNuHGSg/nbXVScIHFYs0vV
5wc+PCnmMSzMJKNedrKM2qbBzeibOu+8tmy52Fbv9+vtQRApbnNPh2NkVaywXrc5
0sMWnS0CgYEAsfhrEj7NEBd/c6mMKUmP7/NxvVajQPY2AbwflFncsf06VoEihA1R
KrhvlUOVvfgWw5ItdFS1G0SXHPbPhf0PFSB58tT0fXvcpVl1czRF+Tt+h4eySNrG
P2l+CRe+XzC+1/dvVS/sGlRPUUgldeyIBPi3/KkJZ+rbUcOgwAzf46U=
-----END RSA PRIVATE KEY-----
id_rsa.pub
生成的公钥文件
[dev@node1 ~]$ cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD8BjRJKEPYgJsJ1AFei8tflMgTXs6I/BNMuWjIq6WuWGxSbnkoR7TFwnd0E8rY1JvAhS8g6Nkbd4ObIeQNCIVGH8VHjirABRha3T0IAA3zMvF1touaLicUe1ntM4M/aE96B+4sGleWK2AxbKtvmuNU3Q+WAsAaEuvLlIoa1rHeQxCYhmuTA8Jx5UTe0+ozHivMmYHbPGd6SBwYIU4/s7pUTRkjX77tJes0XPvyp13p+uawhFXJCd0AFdGKY7DF47mtr4gu8Pw+s5SZOn11XIsZ+cVq02gzUgjCgU/1FphV6uzhAy7qgqQ7oJGF7D5QlisaBifY1ypQBJU9ROtsIclD dev@node1
known_hosts
已知的主机公钥清单
[dev@node1 ~]$ cat ~/.ssh/known_hosts
node1,10.10.200.211 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOScSoZznOz0Q3qpG8ShLUWAu2523dANKL9Xnr4vM3ljzR+gberesxB+UK+nuEvak/ufCpsMWrprmgLG9POGB/Y=
node2,10.10.200.212 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOScSoZznOz0Q3qpG8ShLUWAu2523dANKL9Xnr4vM3ljzR+gberesxB+UK+nuEvak/ufCpsMWrprmgLG9POGB/Y=
node3,10.10.200.213 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOScSoZznOz0Q3qpG8ShLUWAu2523dANKL9Xnr4vM3ljzR+gberesxB+UK+nuEvak/ufCpsMWrprmgLG9POGB/Y=
参考
- Linux ssh密钥自动登录 专题
- Linux下实现免密登录
- CentOS7 配置密钥免密码登录