linux – 不允许用户通过SSH登录(Bash,OpenSSH,CentOS 6.5)

概述我通过SSH远程运行CentOS 6.5计算机.我使用RSA密钥并禁用密码验证.我遇到的问题是,每当我添加一个新用户并希望他/她通过SSH登录时,他们就会被拒绝访问. 起初这似乎是一个简单的问题.这些是我已经尝试过的： >检查pub键是否有明显错误 >确保authorized_keys和〜/ .ssh的权限 >确保它们位于ssh_config中的AllowUsers列表中 >检查防火墙权限 >确保 我通过SSH远程运行CentOS 6.5计算机.我使用RSA密钥并禁用密码验证.我遇到的问题是,每当我添加一个新用户并希望他/她通过SSH登录时,他们就会被拒绝访问.

起初这似乎是一个简单的问题.这些是我已经尝试过的：

>检查pub键是否有明显错误
>确保authorized_keys和〜/ .ssh的权限
>确保它们位于ssh_config中的AllowUsers列表中
>检查防火墙权限
>确保使用他们的私钥
>重新启动SSHD

这是我在sshd_config中设置的内容：

PermitRootLogin noAllowUsers keving moman muser

这就是我的日志告诉我的：

Login attempted when not in AllowUsers List:    muser : 3 Time(s)    root : 127 Time(s)

为什么SSH不允许登录,而AllowUsers列表显然列出了muser？还有另一个地方可以设置吗？

更新：我在使用详细标志-v将pub键添加到用户的authorized_keys文件后尝试在我的机器上登录该帐户.这些是结果(出于安全原因,使用虚假的IP和服务器主机密钥)：

$ssh -v [email protected]_6.6.1,OpenSSL 1.0.1i 6 Aug 2014deBUG1: Reading configuration data /c/Users/[user]/.ssh/configdeBUG1: Connecting to 111.111.111.111 [111.111.111.111] port 22.deBUG1: Connection established.deBUG1: IDentity file /c/Users/[user]/.ssh/ID_rsa type 1deBUG1: IDentity file /c/Users/[user]/.ssh/ID_rsa-cert type -1deBUG1: IDentity file /c/Users/[user]/.ssh/ID_dsa type -1deBUG1: IDentity file /c/Users/[user]/.ssh/ID_dsa-cert type -1deBUG1: IDentity file /c/Users/[user]/.ssh/ID_ecdsa type -1deBUG1: IDentity file /c/Users/[user]/.ssh/ID_ecdsa-cert type -1deBUG1: IDentity file /c/Users/[user]/.ssh/ID_ed25519 type -1deBUG1: IDentity file /c/Users/[user]/.ssh/ID_ed25519-cert type -1deBUG1: Enabling compatibility mode for protocol 2.0deBUG1: Local version string SSH-2.0-OpenSSH_6.6.1deBUG1: Remote protocol version 2.0,remote software version OpenSSH_5.3deBUG1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000deBUG1: SSH2_MSG_KEXINIT sentdeBUG1: SSH2_MSG_KEXINIT receiveddeBUG1: kex: server->clIEnt aes128-ctr hmac-md5 nonedeBUG1: kex: clIEnt->server aes128-ctr hmac-md5 nonedeBUG1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sentdeBUG1: expecting SSH2_MSG_KEX_DH_GEX_GROUPdeBUG1: SSH2_MSG_KEX_DH_GEX_INIT sentdeBUG1: expecting SSH2_MSG_KEX_DH_GEX_REPLYdeBUG1: Server host key: RSA [censored]deBUG1: Host '111.111.111.111' is kNown and matches the RSA host key.deBUG1: Found key in /c/Users/[user]/.ssh/kNown_hosts:4deBUG1: ssh_rsa_verify: signature correctdeBUG1: SSH2_MSG_NEWKEYS sentdeBUG1: expecting SSH2_MSG_NEWKEYSdeBUG1: SSH2_MSG_NEWKEYS receiveddeBUG1: Roaming not allowed by serverdeBUG1: SSH2_MSG_SERVICE_REQUEST sentdeBUG1: SSH2_MSG_SERVICE_ACCEPT receiveddeBUG1: Authentications that can continue: publickey,gssAPI-keyex,gssAPI-with-micdeBUG1: Next authentication method: publickeydeBUG1: Offering RSA public key: /c/Users/[user]/.ssh/ID_rsadeBUG1: Authentications that can continue: publickey,gssAPI-with-micdeBUG1: Trying private key: /c/Users/[user]/.ssh/ID_dsadeBUG1: Trying private key: /c/Users/[user]/.ssh/ID_ecdsadeBUG1: Trying private key: /c/Users/[user]/.ssh/ID_ed25519deBUG1: No more authentication methods to try.Permission denIEd (publickey,gssAPI-with-mic).

解决方法 正如toppleDWagon在我的问题的评论中建议的那样,我检查了/ var / log / security,并确定在homedir / .ssh / authorized_keys树上有一个错误权限的条目.

进行这些编辑后,我可以通过带有RSA密钥的ssh登录用户的帐户：

$chmod g-w /home/your_user$chmod 700 /home/your_user/.ssh$chmod 600 /home/your_user/.ssh/authorized_keys

参考：http://www.daveperrett.com/articles/2010/09/14/ssh-authentication-refused/

调整这些权限后,我能够登录.有趣的是,我已经将.ssh dir和authkey文件分别设置为700和600.由于某种原因,homedir没有正确设置.

感谢所有在评论中提供帮助的人.

总结

以上是内存溢出为你收集整理的linux – 不允许用户通过SSH登录(Bash,OpenSSH,CentOS 6.5)全部内容，希望文章能够帮你解决linux – 不允许用户通过SSH登录(Bash,OpenSSH,CentOS 6.5)所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。