服务器运维 SSH 免密登录：普通用户免密配置登录仍需输入密码

一、服务器信息

服务器系统IPAcentos7192.168.0.100Bcentos7192.168.0.101Ccentos7192.168.0.102

二、免密配置

1.1 A 服务器操作

（1）生成密钥文件

[test@localhost ~]$ ssh-keygen -t rsa

[test@localhost ~]$ ll .ssh/

total 8

-rw-------. 1 test test 1679 Sep 1 07:40 id_rsa

-rw-r--r--. 1 test test 408 Sep 1 07:40 id_rsa.pub

（2）复制密钥文件到 B 服务器

[test@localhost ~]$ ssh-copy-id test@192.168.0.101

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/test/.ssh/id_rsa.pub"

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Authorized users only. All activities may be monitored and reported.

test@192.168.0.101's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'test@192.168.0.101'"

and check to make sure that only the key(s) you wanted were added.

（3）查看 B 服务器写入信息

[test@localhost ~]$ ll -a

总用量 24

drwxrwxrwx 8 test test 182 8月 31 17:34 .

drwxr-xr-x 6 root root 103 6月 27 11:57 ..

-rw------- 1 test test 70 8月 31 17:34 .bash_history

-rwxr-xr-x 1 test test 75 1月 10 2020 .bash_logout

-rwxr-xr-x 1 test test 71 3月 19 2020 .bash_profile

-rwxr-xr-x 1 test test 138 1月 10 2020 .bashrc

drwxr-x--- 3 test test 17 6月 27 15:22 .cache

drwx------ 3 test test 20 6月 27 14:39 .config

drwx------ 2 test test 29 9月 1 16:19 .ssh

[test@localhost ~]$ ll .ssh/

总用量 4

-rw------- 1 test test 592 9月 1 16:19 authorized_keys

[test@localhost ~]$ cat .ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuj0mF2RWCQ8oLCN7qNAJUMRw8e4k8Hrv2xcjSB182EYBJ60EOjOk2W6RCwpupjZRl2wMY8cYyPY2Q7m4YHRJY99kpve9Xq2rdvbDH/MifblEAZIfo4rmi4Od34qhHB30i1X5iMl/58wVoe/VooQqa0iZIK+j6AgmiSJSOsdT3yhHeHYnMc0pecZzhCF3v+hDQPxI0JxVwLJZLlBIeFRa7+mpxOmEollZUzVYwdy9CfYpAgdyPyeWo2pU0me0GhvTT6vuqU9ttdwCK5jIRhOH71croaAwY6p0tQcVeK89Z4YMxZith3lEiMY3HuEX2B6bL0naZH50o8VERB0pCx6JkNR1TwNNKc59gFzFLMMw/xXCJICGEU9LGQPQMvV8k4SNm7UNmESXjUoPcea0z/NusPjYuOoE42LcJWxcVSfg7kB0YTQoLX4IWuHAbAZkRjhmw50VIgvfb1PxXwlRpLW9sjOq/68zIr+/n6clMpZR5d+qV1CmnnQ8EgOwmNYgz7z8= test@localhost.localdomain

（4）A 服务器尝试登录 B 服务器（这里还是提示需要输入密码，正常情况下是不需要的）

[test@localhost ~]$ ssh test@192.168.0.101

Authorized users only. All activities may be monitored and reported.

test@192.168.0.101's password:

（5）正常与异常情况对比

正常情况：

[test@localhost .ssh]$ ssh -vvv 'test@192.168.0.102'

OpenSSH_8.2p1, OpenSSL 1.1.1f 31 Mar 2020

debug1: Reading configuration data /etc/ssh/ssh_config

debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0

debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf

debug2: checking match for 'final all' host 192.168.0.102 originally 192.168.0.102

debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final'

debug2: match not found

debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)

debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config

debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-]

debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]

debug1: configuration requests final Match pass

debug2: resolve_canonicalize: hostname 192.168.0.102 is address

debug1: re-parsing configuration

debug1: Reading configuration data /etc/ssh/ssh_config

debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0

debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf

debug2: checking match for 'final all' host 192.168.0.102 originally 192.168.0.102

debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final'

debug2: match found

debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1

debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config

debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-]

debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling

debug2: ssh_connect_direct

debug1: Connecting to 192.168.0.102 [192.168.0.102] port 22.

debug1: Connection established.

debug1: identity file /home/test/.ssh/id_rsa type 0

debug1: identity file /home/test/.ssh/id_rsa-cert type -1

debug1: identity file /home/test/.ssh/id_dsa type -1

debug1: identity file /home/test/.ssh/id_dsa-cert type -1

debug1: identity file /home/test/.ssh/id_ecdsa type -1

debug1: identity file /home/test/.ssh/id_ecdsa-cert type -1

debug1: identity file /home/test/.ssh/id_ecdsa_sk type -1

debug1: identity file /home/test/.ssh/id_ecdsa_sk-cert type -1

debug1: identity file /home/test/.ssh/id_ed25519 type -1

debug1: identity file /home/test/.ssh/id_ed25519-cert type -1

debug1: identity file /home/test/.ssh/id_ed25519_sk type -1

debug1: identity file /home/test/.ssh/id_ed25519_sk-cert type -1

debug1: identity file /home/test/.ssh/id_xmss type -1

debug1: identity file /home/test/.ssh/id_xmss-cert type -1

debug1: Local version string SSH-2.0-OpenSSH_8.2

debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2

debug1: match: OpenSSH_8.2 pat OpenSSH* compat 0x04000000

debug2: fd 5 setting O_NONBLOCK

debug1: Authenticating to 192.168.0.102:22 as 'test'

debug3: hostkeys_foreach: reading file "/home/test/.ssh/known_hosts"

debug3: record_hostkey: found key type ECDSA in file /home/test/.ssh/known_hosts:6

debug3: load_hostkeys: loaded 1 keys from 192.168.0.102

debug3: order_hostkeyalgs: have matching best-preference key type ecdsa-sha2-nistp256-cert-v01@openssh.com, using HostkeyAlgorithms verbatim

debug3: send packet: type 20

debug1: SSH2_MSG_KEXINIT sent

debug3: receive packet: type 20

debug1: SSH2_MSG_KEXINIT received

debug2: local client KEXINIT proposal

debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c

debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa

debug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc

debug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc

debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512

debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512

debug2: compression ctos: none,zlib@openssh.com,zlib

debug2: compression stoc: none,zlib@openssh.com,zlib

debug2: languages ctos:

debug2: languages stoc:

debug2: first_kex_follows 0

debug2: reserved 0

debug2: peer server KEXINIT proposal

debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519

debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com

debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com

debug2: MACs ctos: hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com

debug2: MACs stoc: hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com

debug2: compression ctos: none,zlib@openssh.com

debug2: compression stoc: none,zlib@openssh.com

debug2: languages ctos:

debug2: languages stoc:

debug2: first_kex_follows 0

debug2: reserved 0

debug1: kex: algorithm: curve25519-sha256

debug1: kex: host key algorithm: ecdsa-sha2-nistp256

debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: compression: none

debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: compression: none

debug1: kex: curve25519-sha256 need=32 dh_need=32

debug3: send packet: type 30

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug3: receive packet: type 31

debug1: Server host key: ecdsa-sha2-nistp256 SHA256:xZRYT7h3RsY4d0oJEcOJ6fVcR1dPkXL4y6N+CQ2v9R8

debug3: hostkeys_foreach: reading file "/home/test/.ssh/known_hosts"

debug3: record_hostkey: found key type ECDSA in file /home/test/.ssh/known_hosts:6

debug3: load_hostkeys: loaded 1 keys from 192.168.0.102

debug1: Host '192.168.0.102' is known and matches the ECDSA host key.

debug1: Found key in /home/test/.ssh/known_hosts:6

debug3: send packet: type 21

debug2: set_newkeys: mode 1

debug1: rekey out after 4294967296 blocks

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug3: receive packet: type 21

debug1: SSH2_MSG_NEWKEYS received

debug2: set_newkeys: mode 0

debug1: rekey in after 4294967296 blocks

debug1: Will attempt key: /home/test/.ssh/id_rsa RSA SHA256:tCwCdkILafCNjTDeB5Ci/XNv1d2XF5UGtlHXYM8Frtg

debug1: Will attempt key: /home/test/.ssh/id_dsa

debug1: Will attempt key: /home/test/.ssh/id_ecdsa

debug1: Will attempt key: /home/test/.ssh/id_ecdsa_sk

debug1: Will attempt key: /home/test/.ssh/id_ed25519

debug1: Will attempt key: /home/test/.ssh/id_ed25519_sk

debug1: Will attempt key: /home/test/.ssh/id_xmss

debug2: pubkey_prepare: done

debug3: send packet: type 5

debug3: receive packet: type 7

debug1: SSH2_MSG_EXT_INFO received

debug1: kex_input_ext_info: server-sig-algs=

debug3: receive packet: type 6

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug3: send packet: type 50

debug3: receive packet: type 53

debug3: input_userauth_banner

Authorized users only. All activities may be monitored and reported.

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password

debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password

debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password

debug3: authmethod_lookup gssapi-with-mic

debug3: remaining preferred: publickey,keyboard-interactive,password

debug3: authmethod_is_enabled gssapi-with-mic

debug1: Next authentication method: gssapi-with-mic

debug1: Unspecified GSS failure. Minor code may provide more information

No Kerberos credentials available: No KCM server found

debug1: Unspecified GSS failure. Minor code may provide more information

No Kerberos credentials available: No KCM server found

debug2: we did not send a packet, disable method

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Offering public key: /home/test/.ssh/id_rsa RSA SHA256:tCwCdkILafCNjTDeB5Ci/XNv1d2XF5UGtlHXYM8Frtg

debug3: send packet: type 50

debug2: we sent a publickey packet, wait for reply

debug3: receive packet: type 60

debug1: Server accepts key: /home/test/.ssh/id_rsa RSA SHA256:tCwCdkILafCNjTDeB5Ci/XNv1d2XF5UGtlHXYM8Frtg

debug3: sign_and_send_pubkey: RSA SHA256:tCwCdkILafCNjTDeB5Ci/XNv1d2XF5UGtlHXYM8Frtg

debug3: sign_and_send_pubkey: signing using rsa-sha2-256 SHA256:tCwCdkILafCNjTDeB5Ci/XNv1d2XF5UGtlHXYM8Frtg

debug3: send packet: type 50

debug3: receive packet: type 52

debug1: Authentication succeeded (publickey).

Authenticated to 192.168.0.102 ([192.168.0.102]:22).

debug1: channel 0: new [client-session]

debug3: ssh_session2_open: channel_new: 0

debug2: channel 0: send open

debug3: send packet: type 90

debug1: Requesting no-more-sessions@openssh.com

debug3: send packet: type 80

debug1: Entering interactive session.

debug1: pledge: network

debug3: receive packet: type 80

debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0

debug3: receive packet: type 4

debug1: Remote: /home/test/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding

debug3: receive packet: type 4

debug1: Remote: /home/test/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding

debug3: receive packet: type 91

debug2: channel_input_open_confirmation: channel 0: callback start

debug2: fd 5 setting TCP_NODELAY

debug3: ssh_packet_set_tos: set IP_TOS 0x48

debug2: client_session2_setup: id 0

debug2: channel 0: request pty-req confirm 1

debug3: send packet: type 98

debug1: Sending environment.

debug3: Ignored env SHELL

debug3: Ignored env HISTCONTROL

debug3: Ignored env HISTSIZE

debug3: Ignored env HOSTNAME

debug3: Ignored env JAVA_HOME

debug3: Ignored env JRE_HOME

debug3: Ignored env PWD

debug3: Ignored env LOGNAME

debug3: Ignored env HOME

debug1: Sending env LANG = zh_CN.UTF-8

debug2: channel 0: request env confirm 0

debug3: send packet: type 98

debug3: Ignored env LS_COLORS

debug3: Ignored env TERM

debug3: Ignored env USER

debug3: Ignored env ZOOKEEPER_HOME

debug3: Ignored env SHLVL

debug3: Ignored env ZIPINFO

debug3: Ignored env UNZIP

debug3: Ignored env TMOUT

debug3: Ignored env XDG_DATA_DIRS

debug3: Ignored env PATH

debug3: Ignored env CLASS_PATH

debug3: Ignored env MAIL

debug3: Ignored env _

debug3: Ignored env OLDPWD

debug2: channel 0: request shell confirm 1

debug3: send packet: type 98

debug2: channel_input_open_confirmation: channel 0: callback done

debug2: channel 0: open confirm rwindow 0 rmax 32768

debug3: receive packet: type 99

debug2: channel_input_status_confirm: type 99 id 0

debug2: PTY allocation request accepted on channel 0

debug2: channel 0: rcvd adjust 2097152

debug3: receive packet: type 99

debug2: channel_input_status_confirm: type 99 id 0

debug2: shell request accepted on channel 0

Authorized users only. All activities may be monitored and reported.

Web console: https://localhost:9090/

Last login: Fri Sep 1 11:11:55 2023

[test@localhost ~]$

异常情况：

[test@localhost .ssh]$ ssh -vvv 'test@192.168.0.101'

OpenSSH_8.2p1, OpenSSL 1.1.1f 31 Mar 2020

debug1: Reading configuration data /etc/ssh/ssh_config

debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0

debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf

debug2: checking match for 'final all' host 192.168.0.101 originally 192.168.0.101

debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final'

debug2: match not found

debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)

debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config

debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-]

debug1: configuration requests final Match pass

debug2: resolve_canonicalize: hostname 192.168.0.101 is address

debug1: re-parsing configuration

debug1: Reading configuration data /etc/ssh/ssh_config

debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0

debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf

debug2: checking match for 'final all' host 192.168.0.101 originally 192.168.0.101

debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final'

debug2: match found

debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1

debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config

debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-]

debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling

debug2: ssh_connect_direct

debug1: Connecting to 192.168.0.101 [192.168.0.101] port 22.

debug1: Connection established.

debug1: identity file /home/test/.ssh/id_rsa type 0

debug1: identity file /home/test/.ssh/id_rsa-cert type -1

debug1: identity file /home/test/.ssh/id_dsa type -1

debug1: identity file /home/test/.ssh/id_dsa-cert type -1

debug1: identity file /home/test/.ssh/id_ecdsa type -1

debug1: identity file /home/test/.ssh/id_ecdsa-cert type -1

debug1: identity file /home/test/.ssh/id_ecdsa_sk type -1

debug1: identity file /home/test/.ssh/id_ecdsa_sk-cert type -1

debug1: identity file /home/test/.ssh/id_ed25519 type -1

debug1: identity file /home/test/.ssh/id_ed25519-cert type -1

debug1: identity file /home/test/.ssh/id_ed25519_sk type -1

debug1: identity file /home/test/.ssh/id_ed25519_sk-cert type -1

debug1: identity file /home/test/.ssh/id_xmss type -1

debug1: identity file /home/test/.ssh/id_xmss-cert type -1

debug1: Local version string SSH-2.0-OpenSSH_8.2

debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2

debug1: match: OpenSSH_8.2 pat OpenSSH* compat 0x04000000

debug2: fd 4 setting O_NONBLOCK

debug1: Authenticating to 192.168.0.101:22 as 'test'

debug3: hostkeys_foreach: reading file "/home/test/.ssh/known_hosts"

debug3: record_hostkey: found key type ECDSA in file /home/test/.ssh/known_hosts:9

debug3: load_hostkeys: loaded 1 keys from 192.168.0.101

debug3: order_hostkeyalgs: have matching best-preference key type ecdsa-sha2-nistp256-cert-v01@openssh.com, using HostkeyAlgorithms verbatim

debug3: send packet: type 20

debug1: SSH2_MSG_KEXINIT sent

debug3: receive packet: type 20

debug1: SSH2_MSG_KEXINIT received

debug2: local client KEXINIT proposal

debug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc

debug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc

debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512

debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512

debug2: compression ctos: none,zlib@openssh.com,zlib

debug2: compression stoc: none,zlib@openssh.com,zlib

debug2: languages ctos:

debug2: languages stoc:

debug2: first_kex_follows 0

debug2: reserved 0

debug2: peer server KEXINIT proposal

debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519

debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com

debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com

debug2: MACs ctos: hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com

debug2: MACs stoc: hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com

debug2: compression ctos: none,zlib@openssh.com

debug2: compression stoc: none,zlib@openssh.com

debug2: languages ctos:

debug2: languages stoc:

debug2: first_kex_follows 0

debug2: reserved 0

debug1: kex: algorithm: curve25519-sha256

debug1: kex: host key algorithm: ecdsa-sha2-nistp256

debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: compression: none

debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: compression: none

debug1: kex: curve25519-sha256 need=32 dh_need=32

debug3: send packet: type 30

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug3: receive packet: type 31

debug1: Server host key: ecdsa-sha2-nistp256 SHA256:xZRYT7h3RsY4d0oJEcOJ6fVcR1dPkXL4y6N+CQ2v9R8

debug3: hostkeys_foreach: reading file "/home/test/.ssh/known_hosts"

debug3: record_hostkey: found key type ECDSA in file /home/test/.ssh/known_hosts:9

debug3: load_hostkeys: loaded 1 keys from 192.168.0.101

debug1: Host '192.168.0.101' is known and matches the ECDSA host key.

debug1: Found key in /home/test/.ssh/known_hosts:9

debug3: send packet: type 21

debug2: set_newkeys: mode 1

debug1: rekey out after 4294967296 blocks

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug3: receive packet: type 21

debug1: SSH2_MSG_NEWKEYS received

debug2: set_newkeys: mode 0

debug1: rekey in after 4294967296 blocks

debug1: Will attempt key: /home/test/.ssh/id_rsa RSA SHA256:tCwCdkILafCNjTDeB5Ci/XNv1d2XF5UGtlHXYM8Frtg

debug1: Will attempt key: /home/test/.ssh/id_dsa

debug1: Will attempt key: /home/test/.ssh/id_ecdsa

debug1: Will attempt key: /home/test/.ssh/id_ecdsa_sk

debug1: Will attempt key: /home/test/.ssh/id_ed25519

debug1: Will attempt key: /home/test/.ssh/id_ed25519_sk

debug1: Will attempt key: /home/test/.ssh/id_xmss

debug2: pubkey_prepare: done

debug3: send packet: type 5

debug3: receive packet: type 7

debug1: SSH2_MSG_EXT_INFO received

debug1: kex_input_ext_info: server-sig-algs=

debug3: receive packet: type 6

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug3: send packet: type 50

debug3: receive packet: type 53

debug3: input_userauth_banner

Authorized users only. All activities may be monitored and reported.

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password

debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password

debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password

debug3: authmethod_lookup gssapi-with-mic

debug3: remaining preferred: publickey,keyboard-interactive,password

debug3: authmethod_is_enabled gssapi-with-mic

debug1: Next authentication method: gssapi-with-mic

debug1: Unspecified GSS failure. Minor code may provide more information

No Kerberos credentials available: No KCM server found

debug1: Unspecified GSS failure. Minor code may provide more information

No Kerberos credentials available: No KCM server found

debug2: we did not send a packet, disable method

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Offering public key: /home/test/.ssh/id_rsa RSA SHA256:tCwCdkILafCNjTDeB5Ci/XNv1d2XF5UGtlHXYM8Frtg

debug3: send packet: type 50

debug2: we sent a publickey packet, wait for reply

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password

debug1: Trying private key: /home/test/.ssh/id_dsa

debug3: no such identity: /home/test/.ssh/id_dsa: No such file or directory

debug1: Trying private key: /home/test/.ssh/id_ecdsa

debug3: no such identity: /home/test/.ssh/id_ecdsa: No such file or directory

debug1: Trying private key: /home/test/.ssh/id_ecdsa_sk

debug3: no such identity: /home/test/.ssh/id_ecdsa_sk: No such file or directory

debug1: Trying private key: /home/test/.ssh/id_ed25519

debug3: no such identity: /home/test/.ssh/id_ed25519: No such file or directory

debug1: Trying private key: /home/test/.ssh/id_ed25519_sk

debug3: no such identity: /home/test/.ssh/id_ed25519_sk: No such file or directory

debug1: Trying private key: /home/test/.ssh/id_xmss

debug3: no such identity: /home/test/.ssh/id_xmss: No such file or directory

debug2: we did not send a packet, disable method

debug3: authmethod_lookup password

debug3: remaining preferred: ,password

debug3: authmethod_is_enabled password

debug1: Next authentication method: password

test@192.168.0.101's password:

（6）最后排查是普通用户的家目录权限不对导致

[root@localhost ~]# ll /home

总用量 56

drwxr-xr-x 6 root 103 6月 27 11:57 .

dr-xr-xr-x. 21 root 4096 8月 31 14:27 ..

drwxrwxrwx 8 test 182 9月 1 16:36 test

（7）修改权限后解决

[root@localhost ~]# chmod 700 /home/test

参考链接

评论可见，请评论后查看内容，谢谢！！！评论后请刷新页面。

夸智网

服务器运维 SSH 免密登录：普通用户免密配置登录仍需输入密码

开发 SSH 连接工具-Tabby（使用教程）

大数据的五大创新能力（从数据看中国的创新能力）

发表评论取消回复

夸智网

服务器 运维 SSH 免密登录：普通用户免密配置登录仍需输入密码

开发 SSH 连接工具-Tabby（使用教程）

大数据的五大创新能力（从数据看中国的创新能力）

相关文章

发表评论取消回复

服务器运维 SSH 免密登录：普通用户免密配置登录仍需输入密码