我正在尝试使用用户名和密码登录我的ssh服务器,但输入正确的密码后出现此错误:
Permission denied,please try again.
我可以在另一台机器上使用pubkey登录,但我没有禁用常规密码验证.我禁用的唯一东西是root登录.
这是我的sshd_config文件:
# Package generated configuration file # See the sshd_config(5) manpage for details # What ports,IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords,change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords PasswordAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server # Set this to 'yes' to enable PAM authentication,account processing,# and session processing. If this is enabled,PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration,# PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication,then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes IgnoreUserKnownHosts no PasswordAuthentication yes
我最近尝试使用最后两行来添加它. (我把它们放在我的其他vps上,他们在那里工作)
这是我的用户的〜/ .ssh /目录的列表:
ls -la /home/skerit/.ssh total 16 drwx------ 2 skerit skerit 4096 2011-06-25 15:11 . drwxr-xr-x 4 skerit skerit 4096 2011-07-07 21:05 .. -rw-r--r-- 1 skerit skerit 1882 2011-06-25 15:15 authorized_keys -rw-r--r-- 1 skerit skerit 884 2011-06-23 22:59 known_hosts
这是/usr/sbin / sshd -d的输出:
debug1: userauth-request for user skerit service ssh-connection method none debug1: attempt 0 failures 0 debug1: PAM: initializing for "skerit" debug1: PAM: setting PAM_RHOST to "82.197.70.70" debug1: PAM: setting PAM_TTY to "ssh" debug1: userauth-request for user skerit service ssh-connection method publickey debug1: attempt 1 failures 0 debug1: test whether pkalg/pkblob are acceptable debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /home/skerit/.ssh/authorized_keys debug1: fd 4 clearing O_NONBLOCK debug1: restore_uid: 0/0 debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /home/skerit/.ssh/authorized_keys2 debug1: Could not open authorized keys '/home/skerit/.ssh/authorized_keys2': No such file or directory debug1: restore_uid: 0/0 Failed publickey for skerit from 82.197.70.70 port 57154 ssh2 debug1: userauth-request for user skerit service ssh-connection method password debug1: attempt 2 failures 1 debug1: PAM: password authentication Failed for skerit: Authentication failure Failed password for skerit from 82.197.70.70 port 57154 ssh2
然后我尝试使用THE SAME用户名和密码从ssh服务器(本地)登录ssh服务器,并且它有效.这是在auth.log文件中:
Jul 8 12:21:50 vpsnl1 sshd[27298]: debug1: could not open key file '/etc/ssh/ssh_host_ecdsa_key': No such file or directory Jul 8 12:21:50 vpsnl1 sshd[27298]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key Jul 8 12:22:16 vpsnl1 sshd[27298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.197.70.70 user= skerit Jul 8 12:23:50 vpsnl1 sshd[27439]: Server listening on 0.0.0.0 port 22. Jul 8 12:23:50 vpsnl1 sshd[27439]: Server listening on :: port 22. Jul 8 12:24:07 vpsnl1 sshd[27458]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key Jul 8 12:24:14 vpsnl1 sshd[27458]: Accepted password for skerit from 127.0.0.1 port 57667 ssh2 Jul 8 12:24:14 vpsnl1 sshd[27458]: pam_unix(sshd:session): session opened for user skerit by (uid=0) Jul 8 12:24:25 vpsnl1 sshd[27471]: Received disconnect from 127.0.0.1: 11: disconnected by user Jul 8 12:24:25 vpsnl1 sshd[27458]: pam_unix(sshd:session): session closed for user skerit
您确定您尝试访问的用户帐户是否已正确配置?如果您以root用户身份登录系统,是否可以转到用户帐户?
原文链接:https://www.f2er.com/ubuntu/348735.html# su - username
连接尝试失败后,您在日志中看到了什么?在许多系统上,sshd将记录到/ var / log / secure或/var/log/auth.log.此外,我注意到您已启用PasswordAuthentication但禁用了ChallengeResponseAuthentication.如果启用ChallengeResponseAuthentication,您是否看到相同的行为?
以下是在遇到ssh问题时要使用的一些常规诊断步骤:
>在ssh中启用详细诊断:
ssh -v host.example.com
这将导致客户端在协商连接时输出各种诊断消息.这通常会为问题提供线索.
>以调试模式运行服务器.
在您的服务器上,停止sshd,然后从命令行运行它,如下所示:
/usr/sbin/sshd -d
这将在stderr上生成详细的调试日志记录,这些日志记录通常包含有用的信息.
