- iOS/Objective-C 元类和类别
- objective-c - -1001 错误,当 NSURLSession 通过 httpproxy 和/etc/hosts
- java - 使用网络类获取 url 地址
- ios - 推送通知中不播放声音
我正在尝试在 Microsoft Azure 上运行的 Linux VM 中以 root 身份启用 SSH 登录。该 VM 基于 Azure Marketplace 中的 Oracle Linux 6.4 镜像。
我希望能够使用公共(public)证书身份验证以 root 用户身份通过 SSH 访问虚拟机。我需要直接 root 登录(而不是使用 sudo),因为我正在尝试使用 rsync 以 root 身份连接到目标,将软件自动部署到 Azure VM。
这是我尝试过的:
我已经设置了
PermitRootLogin yes
在/etc/ssh/sshd_config 中,然后重新启动 sshd(并重新启动虚拟机)。
以 root 身份连接时,我收到“服务器拒绝我们的 key ”消息。我成功启用了使用密码身份验证以 root 身份登录 SSH,并且能够使用密码以 root 身份登录:
Using username "root".
Server refused our key
Using keyboard-interactive authentication.
Password:
[root@myazureserver ~]#
我已在 Debug模式下在不同的端口上启动了 sshd 的第二个实例:
[root@myazureserver ~]# /usr/sbin/sshd -Dd -p 2020
debug1: sshd version OpenSSH_5.3p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-Dd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2020'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 2020 on 0.0.0.0.
Server listening on 0.0.0.0 port 2020.
debug1: Bind to port 2020 on ::.
Server listening on :: port 2020.
当我连接到 sshd 的调试实例(在端口 2020 上)时,我能够以 root 身份登录而无需密码 - 它接受公钥!
我没有在 Windows 上使用 PuTTY 作为 SSH 客户端,而是尝试在同一虚拟机上使用 ssh 命令(以普通用户身份登录时)。我可以通过 SSH 从一个普通用户帐户登录到另一个帐户而无需密码,但无法从普通帐户登录 root 帐户。以下是在 Debug模式下运行的 ssh 的输出,以 root 身份连接:
[oracle@myazureserver ~]$ ssh -vvv root@myazureserver
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to myazureserver [10.0.0.4] port 22.
debug1: Connection established.
debug1: identity file /home/oracle/.ssh/identity type -1
debug3: Not a RSA1 key file /home/oracle/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
...
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/oracle/.ssh/id_rsa type 1
debug1: identity file /home/oracle/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 813
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="acdec5c6c2c8cdc9c081cfcecfecc0d5dfcdd8c3de82c0c5d982dfc9" rel="noreferrer noopener nofollow">[email protected]</a>
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e6948f8c888287838acb858485a68a9f9587928994c88a8f93c89583" rel="noreferrer noopener nofollow">[email protected]</a>
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b2c7dfd3d19f8486f2ddc2d7dcc1c1da9cd1dddf" rel="noreferrer noopener nofollow">[email protected]</a>,hmac-ripemd160,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="294144484a045b40594c444d181f196946594c475a5a41074a4644" rel="noreferrer noopener nofollow">[email protected]</a>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="95e0f8f4f6b8a3a1d5fae5f0fbe6e6fdbbf6faf8" rel="noreferrer noopener nofollow">[email protected]</a>,hmac-ripemd160,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="563e3b37357b243f26333b32676066163926333825253e7835393b" rel="noreferrer noopener nofollow">[email protected]</a>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="93e9fffaf1d3fce3f6fde0e0fbbdf0fcfe" rel="noreferrer noopener nofollow">[email protected]</a>,zlib
debug2: kex_parse_kexinit: none,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="7d0711141f3d120d18130e0e15531e1210" rel="noreferrer noopener nofollow">[email protected]</a>,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="46342f2c282227232a6b252425062a3f3527322934682a2f33683523" rel="noreferrer noopener nofollow">[email protected]</a>
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="fc8e959692989d9990d19f9e9fbc90858f9d88938ed2909589d28f99" rel="noreferrer noopener nofollow">[email protected]</a>
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="80f5ede1e3adb6b4c0eff0e5eef3f3e8aee3efed" rel="noreferrer noopener nofollow">[email protected]</a>,hmac-ripemd160,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ef87828e8cc29d869f8a828bded9dfaf809f8a819c9c87c18c8082" rel="noreferrer noopener nofollow">[email protected]</a>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="087d65696b253e3c4867786d667b7b60266b6765" rel="noreferrer noopener nofollow">[email protected]</a>,hmac-ripemd160,hmac-ri<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="6e1e0b030a5f585e2e011e0b001d1d06400d0103" rel="noreferrer noopener nofollow">[email protected]</a>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="bdc7d1d4dffdd2cdd8d3ceced593ded2d0" rel="noreferrer noopener nofollow">[email protected]</a>
debug2: kex_parse_kexinit: none,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="dfa5b3b6bd9fb0afbab1acacb7f1bcb0b2" rel="noreferrer noopener nofollow">[email protected]</a>
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 837
debug2: dh_gen_key: priv key bits set: 128/256
debug2: bits set: 512/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 981
debug3: check_host_in_hostfile: filename /home/oracle/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /home/oracle/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'myazureserver' is known and matches the RSA host key.
debug1: Found key in /home/oracle/.ssh/known_hosts:1
debug2: bits set: 507/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 997
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1045
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/oracle/.ssh/identity ((nil))
debug2: key: /home/oracle/.ssh/id_rsa (0x7f81f3a5dd70)
debug2: key: /home/oracle/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1109
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 10.0.0.4.
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_54321' not found
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_54321' not found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_54321' not found
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/oracle/.ssh/identity
debug3: no such identity: /home/oracle/.ssh/identity
debug1: Offering public key: /home/oracle/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1477
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /home/oracle/.ssh/id_dsa
debug3: no such identity: /home/oracle/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: Wrote 96 bytes for a total of 1573
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
这是作为普通用户连接的 ssh 的输出:
[oracle@myazureserver ~]$ ssh -vvv jziabick@myazureserver
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to myazureserver [10.0.0.4] port 22.
debug1: Connection established.
debug1: identity file /home/oracle/.ssh/identity type -1
debug3: Not a RSA1 key file /home/oracle/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
...
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/oracle/.ssh/id_rsa type 1
debug1: identity file /home/oracle/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 813
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0f7d6665616b6e6a63226c6d6c4f63767c6e7b607d2163667a217c6a" rel="noreferrer noopener nofollow">[email protected]</a>
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0d7f646763696c6861206e6f6e4d61747e6c79627f23616478237e68" rel="noreferrer noopener nofollow">[email protected]</a>
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="89fce4e8eaa4bfbdc9e6f9ece7fafae1a7eae6e4" rel="noreferrer noopener nofollow">[email protected]</a>,hmac-ripemd160,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="bbd3d6dad896c9d2cbded6df8a8d8bfbd4cbded5c8c8d395d8d4d6" rel="noreferrer noopener nofollow">[email protected]</a>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="6411090507495250240b14010a17170c4a070b09" rel="noreferrer noopener nofollow">[email protected]</a>,hmac-ripemd160,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="acc4c1cdcf81dec5dcc9c1c89d9a9cecc3dcc9c2dfdfc482cfc3c1" rel="noreferrer noopener nofollow">[email protected]</a>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="255f494c47654a55404b56564d0b464a48" rel="noreferrer noopener nofollow">[email protected]</a>,zlib
debug2: kex_parse_kexinit: none,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="9fe5f3f6fddff0effaf1ececf7b1fcf0f2" rel="noreferrer noopener nofollow">[email protected]</a>,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="f7859e9d999396929bda949594b79b8e8496839885d99b9e82d98492" rel="noreferrer noopener nofollow">[email protected]</a>
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="6e1c0704000a0f0b02430d0c0d2e02171d0f1a011c4002071b401d0b" rel="noreferrer noopener nofollow">[email protected]</a>
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="2f5a424e4c02191b6f405f4a415c5c47014c4042" rel="noreferrer noopener nofollow">[email protected]</a>,hmac-ripemd160,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="a0c8cdc1c38dd2c9d0c5cdc4919690e0cfd0c5ced3d3c88ec3cfcd" rel="noreferrer noopener nofollow">[email protected]</a>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1d68707c7e302b295d726d78736e6e75337e7270" rel="noreferrer noopener nofollow">[email protected]</a>,hmac-ripemd160,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="076f6a66642a756e77626a63363137476877626974746f2964686a" rel="noreferrer noopener nofollow">[email protected]</a>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d6acbabfb496b9a6b3b8a5a5bef8b5b9bb" rel="noreferrer noopener nofollow">[email protected]</a>
debug2: kex_parse_kexinit: none,<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="2d5741444f6d425d48435e5e45034e4240" rel="noreferrer noopener nofollow">[email protected]</a>
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 837
debug2: dh_gen_key: priv key bits set: 119/256
debug2: bits set: 535/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 981
debug3: check_host_in_hostfile: filename /home/oracle/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /home/oracle/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'myazureserver' is known and matches the RSA host key.
debug1: Found key in /home/oracle/.ssh/known_hosts:1
debug2: bits set: 529/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 997
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1045
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/oracle/.ssh/identity ((nil))
debug2: key: /home/oracle/.ssh/id_rsa (0x7f2ae500fd70)
debug2: key: /home/oracle/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1109
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 10.0.0.4.
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_54321' not found
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_54321' not found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_54321' not found
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/oracle/.ssh/identity
debug3: no such identity: /home/oracle/.ssh/identity
debug1: Offering public key: /home/oracle/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1477
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: SHA1 fp b6:aa:fd:7b:bf:d2:99:78:48:38:cc:9e:b0:26:05:dc:1c:4e:83:35
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug3: Wrote 640 bytes for a total of 2117
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d0bebffdbdbfa2b5fda3b5a3a3b9bfbea390bfa0b5bea3a3b8feb3bfbd" rel="noreferrer noopener nofollow">[email protected]</a>
debug1: Entering interactive session.
debug3: Wrote 128 bytes for a total of 2245
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env HOSTNAME
debug3: Ignored env SELINUX_ROLE_REQUESTED
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env HISTSIZE
debug3: Ignored env SSH_CLIENT
debug3: Ignored env SELINUX_USE_CURRENT_RANGE
debug3: Ignored env SSH_TTY
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env MAIL
debug3: Ignored env PATH
debug3: Ignored env PWD
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env SELINUX_LEVEL_REQUESTED
debug3: Ignored env HISTCONTROL
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env LOGNAME
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env LESSOPEN
debug3: Ignored env G_BROKEN_FILENAMES
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: Wrote 448 bytes for a total of 2693
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
编辑 - 下面的附加日志文件信息。在/var/log/secure 中,我看到成功登录的信息:
Mar 17 18:55:09 myazureserver sshd[1196]: Server listening on :: port 22.
Mar 17 19:08:18 myazureserver sshd[1383]: Accepted publickey for jziabick from xx.xx.xx.xx port 53533 ssh2
Mar 17 19:08:19 myazureserver sshd[1383]: pam_unix(sshd:session): session opened for user jziabick by (uid=0)
对于登录失败(以 root 身份),我在/var/log/secure 中看到
Mar 18 10:52:24 myazureserver sshd[1992]: Server listening on :: port 22.
Mar 18 10:53:02 myazureserver sshd[1997]: Received disconnect from xx.xx.xx.xx: 14: No supported authentication methods available
在/var/log/audit/audit.log 中我发现(对于以 root 身份登录失败的情况):
type=AVC msg=audit(1458311548.677:733): avc: denied { read } for pid=1948 comm="sshd" name="authorized_keys" dev=sda3 ino=259748 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
type=SYSCALL msg=audit(1458311548.677:733): arch=c000003e syscall=2 success=no exit=-13 a0=7f8c6621d470 a1=800 a2=1 a3=4 items=0 ppid=1196 pid=1948 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=USER_AUTH msg=audit(1458311548.679:734): user pid=1948 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="root" exe="/usr/sbin/sshd" hostname=? addr=xx.xx.xx.xx terminal=ssh res=failed'
type=USER_AUTH msg=audit(1458311668.148:735): user pid=1950 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=c-xx-xx-xx-xx.hsd1.il.comcast.net addr=xx.xx.xx.xx terminal=ssh res=failed'
我错过了什么?我已经在 Oracle Linux 上多次设置了带有公钥身份验证的 SSH(包括以 root 身份登录)。这必须是特定于 Azure 配置的内容。
最佳答案
你可以责怪 SELinux。您的 authorized_keys
文件标记错误(也可能是其他文件)。
type=AVC msg=audit(1458311548.677:733): avc: denied { read } for pid=1948 comm="sshd" name="authorized_keys" dev=sda3 ino=259748 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
安全的解决方案是重新标记 /root/
:
restorecon -rf /root/
或者如果没有帮助,只需修复该特定文件的标签:
chcon -t ssh_home_t /root/.ssh/authorized_keys
这应该可以做到。如果没有,请使用当前结果更新问题(来自审核的 AVC
消息通常很有用)。
关于linux - 在 Azure 中以 root 身份 SSH 登录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36051793/
我在我的实验室中通过终端使用 ROOT,我们经常收集数据并且每小时都有一个文件夹,其中包含微小的 .root 文件。 我正在尝试创建一个每日 .root 文件,其中包含某一天获取的所有数据,目前我有许
我正在创建一些 Docker 镜像,并且正在阅读其他人是如何做到这一点的。当涉及到在容器内运行进程的用户时,我已经确定了三种一般模式: 它使用 root 用户 处理一切(在 root 下运行的容器内生
使用此命令设置密码后: mysqladmin.exe --user=root password 我在“根”用户的用户表中看到 3 行: http://i.stack.imgur.com/Y4Rkd.
我有这个秒表,我试图在计数达到 0 后重置它。但是我在使用“after_cancel”功能时遇到了问题。谁能帮忙? 发生的是它无休止地继续,我想杀死“之后”功能。 def countdown(self
if(file_exists( $_SERVER['DOCUMENT_ROOT'] . "/index.html")) echo '文件存在'; 当文件的所有者和组设置为 root:root 时,仅返
我尝试在 AWS 和 Google Drive 上的 Redhat 7 上安装 MySQL,但是在安装 mysql-server 5.7 后,我收到了相同的错误。 [root@localhost ~]
我试图仅将根域(而不是其子文件夹)重定向到另一个 URL,而不更改地址。我正在使用 .htaccess 并使用 [P] 标志进行重定向,这适用于子目录但不适用于根目录。 编写以下 .htaccess
我正在使用 Apache CGI mod 来允许通过 HTTP(S) 请求执行 python 脚本。问题是我想要执行的脚本 backup.py 在某个时刻执行一个子进程调用,其中 mysqldump
我有一个 script.sh 文件执行以下命令: chown -R apache:apache /var/www/html/my/data 如果我尝试使用非 root 用户(用户名 = marco)执
我目前正在开发一款可以在开车时读出短信/电子邮件的应用程序。许多用户希望支持 WhatsApp/KakaoTalk。 但是,由于没有“官方”方式来接收他们的消息,因此只有三个选项,都需要 root:
我已经看到这个问题问了几次,但从未得到完全回答(我能找到)。 需要说明的是,我的手机已 root。 我需要做的是在 root 拥有的目录下读取和写入文件,例如 /data。我知道我需要使用 super
我有一个 Google Compute Engine VM 实例,上面运行着 Asterisk Server。当我尝试运行 sudo 时收到此消息: sudo: parse error in /etc
我正在使用sail 并尝试以root 身份使用shell,这是不可能的。 切换到 root 用户要求输入密码,我不知道。 我尝试更改 dockerfile: ARG WWWROOTGROUP RUN
rvm 的全部意义在于能够安装多个 ruby 并从用户帐户访问它们。当您需要从 root 访问任何这些 ruby 时,您会怎么做?或者使用安装在其中一个 rvms 中的 gems? 有没有一种优雅的(
我正在尝试在 Openshift 中运行 SonarQube pod,但它似乎正在以 root 作为所有者安装持久卷。 我们如何将其更改为非 root 用户? 我用“hostPath”创建了我的持久卷
我是 Ansible 的新手,我已经创建了我的第一个 Ansible 角色剧本,当我尝试运行它时,它抛出了下面的错误,而角色之外的其他模块(如处理程序、模板)工作正常。我仅通过剧本中的角色观察到这个问
对“以非 root 用户和 root 用户身份运行 docker”感到困惑。 第一个问题(以非root用户运行):基于Post-installation steps for Linux ,要以非 ro
在我的项目中,我发现需要以分层方式打破我的聚合,使用顶级根级别聚合,以确保根级别的规则一致性,然后我的根下的对象可以分组为各种聚合。在计算根级聚合的完整性时,根验证自己的规则,然后委托(delegat
我不知道我是怎么做到的,但在过去几天的某个时候,我设法将我的 MAMP Pro 用户名和密码更改为 root:root 以外的其他名称。我一直在本地开发 Wordpress 版本,所以它一定是我当时做
update user set host='%' where user='root 之后,我失去了我的 MySQL root 用户的一些权限。所以我停止了服务器并用 --skip-grant-tabl
我是一名优秀的程序员,十分优秀!