I am ssh-ing from server1 to server2. I generated the id_rsa & id_rsa.pub files. If I ssh to mike@server2 it works fine, but ssh to john@server2 does not work without password. Both mike & john home directories contain ".ssh" which is chmod 700 and that folder contains "authorized_keys" containing only the contents of the id_rsa.pub file generated previously (and is chmod 600). Contents of both are the same.
Server 1: Linux x86_64 x86_64 x86_64 GNU/Linux
Server 2: AIX 5.3.0.0 64-bit
Command 1, User Mike (works with no password):
ssh -v -n -o StrictHostKeychecking=no -o NumberOfPasswordPrompts=0 mike@server2 echo Hello
~ drwx------ 7 mike mike 4096 Jan 19 2011 .
~/.ssh drwx------ 2 mike mike 256 Nov 28 16:39 .ssh
~/.ssh/authorized_keys -rw------- 1 mike mike 823 Apr 06 11:56 .ssh/authorized_keys
Command 2, User John (needs a password)
ssh -v -n -o StrictHostKeychecking=no -o NumberOfPasswordPrompts=0 john@server2 echo Hello
~ drwx------ 12 john jgroup 4096 Apr 06 23:13 .
~/.ssh drwx------ 2 john jgroup 256 Apr 06 23:56 .ssh
~/.ssh/authorized_keys -rw------- 1 john jgroup 414 Apr 06 11:55 .ssh/authorized_keys
ssh -v output from above Command 2:
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server2 [X.X.X.X] port 22.
debug1: Connection established.
debug1: identity file /home/will/.ssh/identity type -1
debug1: identity file /home/will/.ssh/id_rsa type 1
debug1: identity file /home/will/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.0
debug1: match: OpenSSH_5.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server2' is known and matches the RSA host key.
debug1: Found key in /home/will/.ssh/known_hosts:838
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
This network/computer system is for the use of authori...
.........................................................
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/will/.ssh/identity
debug1: Offering public key: /home/will/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/will/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Next authentication method: password
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).
Anyone have ideas of why it would work with one user and not another (with both being on the same server)?
Common causes of failure to authenticate with keys:
- permissions or ownership on ~/.ssh are not set properly (I see you've checked those)
- the public key is corrupt
- the public key is for a different key than the private key
Check also the server's auth.log.
That you're able to log in as Mike is a real stumper. You might try making an authorized_keys2 file. authorized_keys doesn't work on all versions of OpenSSH.
ln -s authorized_keys authorized_keys2
来源:https://stackoverflow.com/questions/10051846/having-trouble-with-ssh-and-authorized-keys