服务器在SSH配置后仍然提示输入密码，Ubuntu17.10 x64

Question

EDIT:按照建议，在查阅详细日志之后，我自己发现了错误。答案在底部。

我有一个DigitalOcean液滴，我想用它作为开发环境。我创建了一个具有sudo权限的非根用户来完成所有实际工作，并通过ssh-copy-id设置了这个用户在我的对子中的公钥。试图再次复制密钥时，可以确认密钥已存在并已被识别：

/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.

这是在尝试了以下建议之后：

• 清空两台机器上的.ssh内容，生成并复制一个新密钥
• 使用chmod确保.ssh设置为700，而authorized_keys设置为VPS上的600。
• 取消etc/ssh/sshd_config中声明PubkeyAuthentication yes和AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2的行，然后在VPS上重新启动ssh守护进程。
• 重建水滴，从头再试
• 使用cat手动复制密钥
• 尝试使用根用户设置密钥，然后切换到非根用户。

在此阶段，任何通过SSH进行连接的尝试仍然提示输入用户的密码，即使我显式地将密钥设置为无密码，并且未能提供此密码将导致此错误:如果我提供密码，则仍然能够以用户的身份直接登录。

下面是密码提示出现之前的详细日志：

OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "138.197.31.224" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 138.197.31.224 [138.197.31.224] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5p1 Ubuntu-10
debug1: match: OpenSSH_7.5p1 Ubuntu-10 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 138.197.31.224:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC:  compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC:  compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:cAw/cF/p37TL25mwRKivxJpMCPyrCMFo5YaeTYQ2Wvo
debug1: Host '138.197.31.224' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug2: key: /home/user/.ssh/id_rsa ((nil))
debug2: key: /home/user/.ssh/id_dsa ((nil))
debug2: key: /home/user/.ssh/id_ecdsa ((nil))
debug2: key: /home/user/.ssh/id_ed25519 ((nil))
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/id_rsa
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Trying private key: /home/user/.ssh/id_ed25519
debug2: we did not send a packet, disable method
debug1: Next authentication method: password

如果我们查看上面的日志，这些是最相关的行：

debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/id_rsa
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Trying private key: /home/user/.ssh/id_ed25519
debug2: we did not send a packet, disable method
debug1: Next authentication method: password

我们可以看到，ssh有四个它将检查的默认文件，假设在生成过程中允许ssh-keygen提供默认名称，这是很好的。但是，if给您的密钥指定了一个特殊的名称，您必须将ssh指向私钥的位置& ，因为它不知道如何查找它。注意到这一点后，我尝试使用以下命令登录：

ssh user@xxx.xxx.xx.xxx -i .ssh/custom_named_rsa

。。。而且很成功。请注意，上面恰好是我所在目录中键的相对路径，这是pathing通常需要考虑的事项。感谢这两种处理日志的建议，特别是用于客户端详细日志记录的建议。

Answer 1

您需要查看服务器上的日志，以找出它拒绝密钥的原因。通常从日志消息中可以清楚地看出问题的所在。

Answer 2

为了确保这个问题能够正确地解决，我将在这里自我回答我上面说的话：

尝试使用ssh -vv user@xxx.xxx.xx.xxx连接到远程服务器。这将显示尝试的详细日志，在密码提示前的最底部将产生以下重要行：

debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/id_rsa
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Trying private key: /home/user/.ssh/id_ed25519
debug2: we did not send a packet, disable method
debug1: Next authentication method: password

我们可以看到，ssh有四个它将检查的默认文件，假设在生成过程中允许ssh-keygen提供默认名称，这是很好的。但是，if给您的密钥指定了一个特殊的名称，您必须将ssh指向私钥的位置，因为它不知道如何查找它。在我注意到这一点之后，我尝试使用以下命令登录：

ssh user@xxx.xxx.xx.xxx -i .ssh/custom_named_rsa

。。。而且很成功。请注意，上面恰好是我所在目录中键的相对路径，这是pathing通常需要考虑的事项。

Answer 3

您可以在用户的. .ssh/config文件中设置自定义密钥。https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/