Tôi đã được cung cấp một máy chủ để sử dụng cho một số tính toán. Tôi đã được cung cấp mật khẩu root và họ bảo tôi tạo một tài khoản cho chính mình.
Tôi đã truy cập máy chủ bằng cách sử dụng ssh root@host
và nhập mật khẩu gốc. Sau đó tôi đã tạo một người dùng sudo useradd -m myname
và đặt mật khẩu. Sau đó, tôi đăng xuất và cố gắng làmssh myname@host
Ngay sau khi tôi nhập mật khẩu, các kết nối của tôi đã bị đóng:
Connection to host closed by remote host.
Connection to host closed.
Tôi đã thử xem xét các tệp host.deny và host.allow, nhưng chúng dường như không được sửa đổi (chúng được nhận xét bằng #)
Sau đó, tôi đã cố gắng nhìn vào etc/ssh/sshd_config
, nhưng tôi không biết chính xác những gì cần tìm kiếm. Đây là một số tham số có vẻ phù hợp:
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
Điều gì có thể là vấn đề? Lưu ý rằng tôi không cố gắng đăng nhập bằng ssh-key, chèn mật khẩu là ổn. Làm thế nào tôi có thể làm cho công việc đó?
Chỉnh sửa Đây là nội dung của toàn bộ tệp sshd_config:
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
Chỉnh sửa 2
Đây là đầu ra của nỗ lực kết nối vớissh -vv username@host
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "host_name" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to host_name [ip_address] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /localhome/username/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /localhome/username/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /localhome/username/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /localhome/username/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /localhome/username/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /localhome/username/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /localhome/username/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /localhome/username/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug2: fd 5 setting O_NONBLOCK
debug1: Authenticating to host_name:22 as ‘username_on_server’
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
[…]
debug1: Server host key: [serverkey]
debug1: Host 'host_name' is known and matches the ECDSA host key.
debug1: Found key in /localhome/username/.ssh/known_hosts:5
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug2: key: /localhome/username/.ssh/id_rsa ((nil))
debug2: key: /localhome/username/.ssh/id_dsa ((nil))
debug2: key: /localhome/username/.ssh/id_ecdsa ((nil))
debug2: key: /localhome/username/.ssh/id_ed25519 ((nil))
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /localhome/username/.ssh/id_rsa
debug1: Trying private key: /localhome/username/.ssh/id_dsa
debug1: Trying private key: /localhome/username/.ssh/id_ecdsa
debug1: Trying private key: /localhome/username/.ssh/id_ed25519
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
username_on_server@host_name's password: <——- Here I inserted my password
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
Authenticated to host_name ([ip_address]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: channel 0: free: client-session, nchannels 1
Connection to host_name closed by remote host.
Connection to host_name closed.
Transferred: sent 1736, received 1388 bytes, in 0.0 seconds
Bytes per second: sent 9760471.5, received 7803879.3
debug1: Exit status -1
Chỉnh sửa 3 .profile của người dùng mới trên máy chủ
# if running bash
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin directories
PATH="$HOME/bin:$HOME/.local/bin:$PATH"
PasswordAuthentication
được nhận xét ra?
ssh -vv myname@host
và nếu bạn không thể thấy vấn đề ở đầu ra, hãy thêm đầu ra (được định dạng) vào câu hỏi của bạn.