SSH 免密登录:普通用户免密配置登录仍需输入密码

一、服务器信息

服务器 系统 IP
A centos7 192.168.0.100
B centos7 192.168.0.101
C centos7 192.168.0.102

二、免密配置

1.1 A 服务器操作

(1)生成密钥文件

[test@localhost ~]$ ssh-keygen -t rsa
[test@localhost ~]$ ll .ssh/
total 8
-rw-------. 1 test test 1679 Sep  1 07:40 id_rsa
-rw-r--r--. 1 test test  408 Sep  1 07:40 id_rsa.pub

 (2)复制密钥文件到 B 服务器

[test@localhost ~]$ ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/test/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Authorized users only. All activities may be monitored and reported.
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

(3)查看 B 服务器写入信息

[test@localhost ~]$ ll -a
总用量 24
drwxrwxrwx  8 test test  182  8月 31 17:34 .
drwxr-xr-x  6 root root  103  6月 27 11:57 ..
-rw-------  1 test test   70  8月 31 17:34 .bash_history
-rwxr-xr-x  1 test test   75  1月 10  2020 .bash_logout
-rwxr-xr-x  1 test test   71  3月 19  2020 .bash_profile
-rwxr-xr-x  1 test test  138  1月 10  2020 .bashrc
drwxr-x---  3 test test   17  6月 27 15:22 .cache
drwx------  3 test test   20  6月 27 14:39 .config
drwx------  2 test test   29  9月  1 16:19 .ssh
[test@localhost ~]$ ll .ssh/
总用量 4
-rw------- 1 test test 592  9月  1 16:19 authorized_keys
[test@localhost ~]$ cat .ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuj0mF2RWCQ8oLCN7qNAJUMRw8e4k8Hrv2xcjSB182EYBJ60EOjOk2W6RCwpupjZRl2wMY8cYyPY2Q7m4YHRJY99kpve9Xq2rdvbDH/MifblEAZIfo4rmi4Od34qhHB30i1X5iMl/58wVoe/VooQqa0iZIK+j6AgmiSJSOsdT3yhHeHYnMc0pecZzhCF3v+hDQPxI0JxVwLJZLlBIeFRa7+mpxOmEollZUzVYwdy9CfYpAgdyPyeWo2pU0me0GhvTT6vuqU9ttdwCK5jIRhOH71croaAwY6p0tQcVeK89Z4YMxZith3lEiMY3HuEX2B6bL0naZH50o8VERB0pCx6JkNR1TwNNKc59gFzFLMMw/xXCJICGEU9LGQPQMvV8k4SNm7UNmESXjUoPcea0z/NusPjYuOoE42LcJWxcVSfg7kB0YTQoLX4IWuHAbAZkRjhmw50VIgvfb1PxXwlRpLW9sjOq/68zIr+/n6clMpZR5d+qV1CmnnQ8EgOwmNYgz7z8= [email protected]

(4)A 服务器尝试登录 B 服务器(这里还是提示需要输入密码,正常情况下是不需要的)


[test@localhost ~]$ ssh [email protected]

Authorized users only. All activities may be monitored and reported.
[email protected]'s password: 

(5)正常与异常情况对比

正常情况:

[test@localhost .ssh]$ ssh -vvv '[email protected]'
OpenSSH_8.2p1, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host 192.168.0.102 originally 192.168.0.102
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-]
debug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
debug1: configuration requests final Match pass
debug2: resolve_canonicalize: hostname 192.168.0.102 is address
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host 192.168.0.102 originally 192.168.0.102
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-]
debug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug2: ssh_connect_direct
debug1: Connecting to 192.168.0.102 [192.168.0.102] port 22.
debug1: Connection established.
debug1: identity file /home/test/.ssh/id_rsa type 0
debug1: identity file /home/test/.ssh/id_rsa-cert type -1
debug1: identity file /home/test/.ssh/id_dsa type -1
debug1: identity file /home/test/.ssh/id_dsa-cert type -1
debug1: identity file /home/test/.ssh/id_ecdsa type -1
debug1: identity file /home/test/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/test/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/test/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/test/.ssh/id_ed25519 type -1
debug1: identity file /home/test/.ssh/id_ed25519-cert type -1
debug1: identity file /home/test/.ssh/id_ed25519_sk type -1
debug1: identity file /home/test/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/test/.ssh/id_xmss type -1
debug1: identity file /home/test/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2
debug1: match: OpenSSH_8.2 pat OpenSSH* compat 0x04000000
debug2: fd 5 setting O_NONBLOCK
debug1: Authenticating to 192.168.0.102:22 as 'test'
debug3: hostkeys_foreach: reading file "/home/test/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/test/.ssh/known_hosts:6
debug3: load_hostkeys: loaded 1 keys from 192.168.0.102
debug3: order_hostkeyalgs: have matching best-preference key type [email protected], using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],[email protected],aes256-ctr,aes256-cbc,[email protected],aes128-ctr,aes128-cbc
debug2: ciphers stoc: [email protected],[email protected],aes256-ctr,aes256-cbc,[email protected],aes128-ctr,aes128-cbc
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],diffie-hellman-group-exchange-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
debug2: MACs ctos: hmac-sha2-512,[email protected],hmac-sha2-256,[email protected]
debug2: MACs stoc: hmac-sha2-512,[email protected],hmac-sha2-256,[email protected]
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC:  compression: none
debug1: kex: client->server cipher: [email protected] MAC:  compression: none
debug1: kex: curve25519-sha256 need=32 dh_need=32
debug1: kex: curve25519-sha256 need=32 dh_need=32
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:xZRYT7h3RsY4d0oJEcOJ6fVcR1dPkXL4y6N+CQ2v9R8
debug3: hostkeys_foreach: reading file "/home/test/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/test/.ssh/known_hosts:6
debug3: load_hostkeys: loaded 1 keys from 192.168.0.102
debug1: Host '192.168.0.102' is known and matches the ECDSA host key.
debug1: Found key in /home/test/.ssh/known_hosts:6
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/test/.ssh/id_rsa RSA SHA256:tCwCdkILafCNjTDeB5Ci/XNv1d2XF5UGtlHXYM8Frtg
debug1: Will attempt key: /home/test/.ssh/id_dsa 
debug1: Will attempt key: /home/test/.ssh/id_ecdsa 
debug1: Will attempt key: /home/test/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/test/.ssh/id_ed25519 
debug1: Will attempt key: /home/test/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/test/.ssh/id_xmss 
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 53
debug3: input_userauth_banner

Authorized users only. All activities may be monitored and reported.
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available: No KCM server found


debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available: No KCM server found


debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/test/.ssh/id_rsa RSA SHA256:tCwCdkILafCNjTDeB5Ci/XNv1d2XF5UGtlHXYM8Frtg
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /home/test/.ssh/id_rsa RSA SHA256:tCwCdkILafCNjTDeB5Ci/XNv1d2XF5UGtlHXYM8Frtg
debug3: sign_and_send_pubkey: RSA SHA256:tCwCdkILafCNjTDeB5Ci/XNv1d2XF5UGtlHXYM8Frtg
debug3: sign_and_send_pubkey: signing using rsa-sha2-256 SHA256:tCwCdkILafCNjTDeB5Ci/XNv1d2XF5UGtlHXYM8Frtg
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.0.102 ([192.168.0.102]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting [email protected]
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug3: receive packet: type 4
debug1: Remote: /home/test/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 4
debug1: Remote: /home/test/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 5 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x48
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env SHELL
debug3: Ignored env HISTCONTROL
debug3: Ignored env HISTSIZE
debug3: Ignored env HOSTNAME
debug3: Ignored env JAVA_HOME
debug3: Ignored env JRE_HOME
debug3: Ignored env PWD
debug3: Ignored env LOGNAME
debug3: Ignored env HOME
debug1: Sending env LANG = zh_CN.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env LS_COLORS
debug3: Ignored env TERM
debug3: Ignored env USER
debug3: Ignored env ZOOKEEPER_HOME
debug3: Ignored env SHLVL
debug3: Ignored env ZIPINFO
debug3: Ignored env UNZIP
debug3: Ignored env TMOUT
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env PATH
debug3: Ignored env CLASS_PATH
debug3: Ignored env MAIL
debug3: Ignored env _
debug3: Ignored env OLDPWD
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0

Authorized users only. All activities may be monitored and reported.
Web console: https://localhost:9090/

Last login: Fri Sep  1 11:11:55 2023
[test@localhost ~]$ 

异常情况:

[test@localhost .ssh]$ ssh -vvv '[email protected]'
OpenSSH_8.2p1, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host 192.168.0.101 originally 192.168.0.101
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-]
debug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
debug1: configuration requests final Match pass
debug2: resolve_canonicalize: hostname 192.168.0.101 is address
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host 192.168.0.101 originally 192.168.0.101
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-]
debug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug2: ssh_connect_direct
debug1: Connecting to 192.168.0.101 [192.168.0.101] port 22.
debug1: Connection established.
debug1: identity file /home/test/.ssh/id_rsa type 0
debug1: identity file /home/test/.ssh/id_rsa-cert type -1
debug1: identity file /home/test/.ssh/id_dsa type -1
debug1: identity file /home/test/.ssh/id_dsa-cert type -1
debug1: identity file /home/test/.ssh/id_ecdsa type -1
debug1: identity file /home/test/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/test/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/test/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/test/.ssh/id_ed25519 type -1
debug1: identity file /home/test/.ssh/id_ed25519-cert type -1
debug1: identity file /home/test/.ssh/id_ed25519_sk type -1
debug1: identity file /home/test/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/test/.ssh/id_xmss type -1
debug1: identity file /home/test/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2
debug1: match: OpenSSH_8.2 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to 192.168.0.101:22 as 'test'
debug3: hostkeys_foreach: reading file "/home/test/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/test/.ssh/known_hosts:9
debug3: load_hostkeys: loaded 1 keys from 192.168.0.101
debug3: order_hostkeyalgs: have matching best-preference key type [email protected], using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],[email protected],aes256-ctr,aes256-cbc,[email protected],aes128-ctr,aes128-cbc
debug2: ciphers stoc: [email protected],[email protected],aes256-ctr,aes256-cbc,[email protected],aes128-ctr,aes128-cbc
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],diffie-hellman-group-exchange-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
debug2: MACs ctos: hmac-sha2-512,[email protected],hmac-sha2-256,[email protected]
debug2: MACs stoc: hmac-sha2-512,[email protected],hmac-sha2-256,[email protected]
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC:  compression: none
debug1: kex: client->server cipher: [email protected] MAC:  compression: none
debug1: kex: curve25519-sha256 need=32 dh_need=32
debug1: kex: curve25519-sha256 need=32 dh_need=32
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:xZRYT7h3RsY4d0oJEcOJ6fVcR1dPkXL4y6N+CQ2v9R8
debug3: hostkeys_foreach: reading file "/home/test/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/test/.ssh/known_hosts:9
debug3: load_hostkeys: loaded 1 keys from 192.168.0.101
debug1: Host '192.168.0.101' is known and matches the ECDSA host key.
debug1: Found key in /home/test/.ssh/known_hosts:9
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/test/.ssh/id_rsa RSA SHA256:tCwCdkILafCNjTDeB5Ci/XNv1d2XF5UGtlHXYM8Frtg
debug1: Will attempt key: /home/test/.ssh/id_dsa 
debug1: Will attempt key: /home/test/.ssh/id_ecdsa 
debug1: Will attempt key: /home/test/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/test/.ssh/id_ed25519 
debug1: Will attempt key: /home/test/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/test/.ssh/id_xmss 
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 53
debug3: input_userauth_banner

Authorized users only. All activities may be monitored and reported.
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available: No KCM server found


debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available: No KCM server found


debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/test/.ssh/id_rsa RSA SHA256:tCwCdkILafCNjTDeB5Ci/XNv1d2XF5UGtlHXYM8Frtg
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/test/.ssh/id_dsa
debug3: no such identity: /home/test/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/test/.ssh/id_ecdsa
debug3: no such identity: /home/test/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/test/.ssh/id_ecdsa_sk
debug3: no such identity: /home/test/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /home/test/.ssh/id_ed25519
debug3: no such identity: /home/test/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/test/.ssh/id_ed25519_sk
debug3: no such identity: /home/test/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /home/test/.ssh/id_xmss
debug3: no such identity: /home/test/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
[email protected]'s password: 

 (6)最后排查是普通用户的家目录权限不对导致

[root@localhost ~]# ll /home
总用量 56
drwxr-xr-x   6 root               103  6月 27 11:57 .
dr-xr-xr-x. 21 root              4096  8月 31 14:27 ..
drwxrwxrwx   8 test   182  9月  1 16:36 test

(7)修改权限后解决

[root@localhost ~]# chmod 700 /home/test

你可能感兴趣的:(linux,ssh,服务器,运维)