BASH Script - SCP -权限被拒绝(公开密钥，gssapi-keyex，gssapi-with-mic，密码)

Question

我被要求工作，有一个服务器，有点像对特定文件的备份，主要是30 (不能将它们绑定到一个文件夹)，它们分散在服务器上，需要单独到达它们。在我插入生产环境之前，我决定在家里尝试一下

我已经生成并复制了两个服务器之间的密钥。我已将文件夹和文件权限更改为所需的最大权限--甚至为了测试目的，我已经将chmod 0770转到了all .ssh文件夹，但是，对于这两个服务器，我还是会得到这个恼人的错误。

我不使用Kerberos方法或其他编程接口--这需要GSSAPI --只是一个简单的SCP

当我从测试服务器到linuxproject服务器执行手动SCP时，它在没有中断的情况下成功，所以我认为它与SCP产生的第二个SSH进程有关，例如，当我访问测试服务器时，我能够在SCP之前执行命令，比如创建一个文件(所以我相信，当测试服务器试图与linuxproject服务器连接时，问题就会发生)。

下面是我要犯的错误

命令：

[linuxproject@sysadmin ~]$ sshpass -p "abc12345" ssh test-server@192.168.1.26 " touch longlist.txt && scp longlist.txt linuxproject@192.168.1.18:/home/linuxproject"

错误：

Permission denied, please try again.
    Permission denied, please try again.
    linuxproject@192.168.1.18: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
    lost connection

SCP命令中的一些详细日志

debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)


debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)


debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/oren/.ssh/id_rsa RSA SHA256:tguZWskKp6IFsqdZ5cb/AqzFBd7hzsMXRhjd02wGqko
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/oren/.ssh/id_dsa
debug3: no such identity: /home/oren/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/oren/.ssh/id_ecdsa
debug3: no such identity: /home/oren/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/oren/.ssh/id_ed25519
debug3: no such identity: /home/oren/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/oren/.ssh/id_xmss
debug3: no such identity: /home/oren/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
linuxproject@192.168.1.18: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

请帮帮我--我被这个(100个坏话)困了4天--你知道吗？--而且也解决不了

Answer 1

根据我的经验，0770是错误的权限。SSH对权限有些挑剔。你应该这样用它

user@server:~$ ls -la .ssh
total 28
drwx------  2 user group 4096 Nov 30 17:34 .
drwxr-xr-x 59 user group 4096 Jan  8 08:00 ..
-rw-r--r--  1 user group  394 May  5  2016 authorized_keys
-rw-------  1 user group 1675 May 10  2016 id_rsa
-rw-r--r--  1 user group  390 May 10  2016 id_rsa.pub

这一点在SSH文档中也有说明。

~/.ssh/这个目录是所有特定于用户的配置和身份验证信息的默认位置。不需要对此目录的整个内容保密，但推荐的权限是用户的读/写/执行，其他人不能访问。~/.ssh/id_rsa包含用于身份验证的私钥。这些文件包含敏感数据，用户应该可以读取，但其他人不能访问(读/写/执行)。如果其他人可以访问一个私钥文件，ssh将简单地忽略它。