远程登陆主机每次输入密码是一个繁琐的事情,但我们可以通过将公钥放到远程主机上进行授权实现无密码登陆。
然而有时候出现这种情况,我们已经合理地配置好了,但登陆时仍然需要密码。这主要是远程主机的目录或文件权限上出现了问题,Linux防止篡改,当ssh相关目录或文件允许除本人以外的人有写入权限时,就必须使用密码。
我今天就出了这个幺蛾子,百度和谷歌了一大推,但是没有解决问题。中文博文主要讨论2个关键点,~/.ssh目录只允许自己可写入,以及authorized_keys文件也只允许自己可写入。
stackexange上的一个回答让我第一时间发现问题所在:
- Your home directory
~, your~/.sshdirectory and the~/.ssh/authorized_keysfile on the remote machine must be writable only by you:rwx------andrwxr-xr-xare fine, butrwxrwx---is no good¹, even if you are the only user in your group (if you prefer numeric modes:700or755, not775).
If~/.sshorauthorized_keysis a symbolic link, the canonical path (with symbolic links expanded) is checked. - Your
~/.ssh/authorized_keysfile (on the remote machine) must be readable (at least 400), but you'll need it to be also writable (600) if you will add any more keys to it. - Your private key file (on the local machine) must be readable and writable only by you:
rw-------, i.e.600.
我的家目录给了同组的人写权限,就是该问题导致ssh认证失败!
