我已将Ubuntu 10.04LTS桌面安装配置为仅允许公钥验证.
结果:公钥认证工作完美!
问题:问题是,尽管配置为仅接受公钥认证,客户端仍然接受密码认证 – 为什么?
当然可以使用我看到的一些建议,并遵循这里的建议:ssh: can still use password after setting the key
遵循这些建议后没有成功:
> chmod 700 /home//.ssh
> chmod 600 /home//.ssh/authorized_keys
>添加到/ etc / ssh / ssh_config:
> PasswordAuthentication没有
> ChallengeResponseAuthentication no
> restarted sshd(命令:/usr/sbin / service ssh restart).
客户端的/ etc / ssh / ssh_config读取:
- # This is the ssh client system-wide configuration file. See
- # ssh_config(5) for more information. This file provides defaults for
- # users,and the values can be changed in per-user configuration files
- # or on the command line.
- # Configuration data is parsed as follows:
- # 1. command line options
- # 2. user-specific file
- # 3. system-wide file
- # Any configuration value is only changed the first time it is set.
- # Thus,host-specific definitions should be at the beginning of the
- # configuration file,and defaults at the end.
- # Site-wide defaults for some commonly used options. For a comprehensive
- # list of available options,their meanings and defaults,please see the
- # ssh_config(5) man page.
- Host *
- # ForwardAgent no
- # ForwardX11 no
- # ForwardX11Trusted yes
- # RhostsRSAAuthentication no
- RSAAuthentication yes
- PasswordAuthentication no
- PermitRootLogin no
- PubKeyAuthentication yes
- ChallengeResponseAuthentication no
- # HostbasedAuthentication no
- # GSSAPIAuthentication no
- # GSSAPIDelegateCredentials no
- # GSSAPIKeyExchange no
- # GSSAPITrustDNS no
- # BatchMode no
- # CheckHostIP yes
- # AddressFamily any
- # ConnectTimeout 0
- # StrictHostKeyChecking ask
- # IdentityFile ~/.ssh/identity
- # IdentityFile ~/.ssh/id_rsa
- # IdentityFile ~/.ssh/id_dsa
- # Port 22
- # Protocol 2,1
- # Cipher 3des
- # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-c bc,3des-cbc
- # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
- # EscapeChar ~
- # Tunnel no
- # TunnelDevice any:any
- # PermitLocalCommand no
- # VisualHostKey no
- SendEnv LANG LC_*
- HashKnownHosts yes
- GSSAPIAuthentication yes
- GSSAPIDelegateCredentials no
我错过了另一种选择吗?也许匹配(虽然这似乎不太可能对我有帮助)?
谢谢.
解决方法
/ etc / ssh / ssh_config用于客户端.您想在服务器配置文件中设置这些选项,即/ etc / ssh / sshd_config.
