| ssh登录出现Permission denied, please try again可能的解决方案 | 您所在的位置:网站首页 › ssh代码 › ssh登录出现Permission denied, please try again可能的解决方案 |
ssh登录出现Permission denied, please try again可能的解决方案
|
问题描述
环境:ubuntu 20.04问题描述:在已经设置免密登录后,ssh登录时(例如ssh localhost)还需要输入密码,并且输入密码后出现下面一系列的报错:
xxx(用户名)@localhost's password:
Permission denied, please try again.
xxx@localhost's password:
Permission denied, please try again.
xxx@localhost's password:
xxx@localhost: Permission denied (publickey,password).
问题排查
首先使用命令ssh localhost -v查看登录时的日志: OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020 debug1: Reading configuration data /home/yhy/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files debug1: /etc/ssh/ssh_config line 21: Applying options for * debug1: Connecting to localhost [127.0.0.1] port 22. debug1: Connection established. debug1: identity file /home/yhy/.ssh/id_rsa type 0 debug1: identity file /home/yhy/.ssh/id_rsa-cert type -1 debug1: identity file /home/yhy/.ssh/id_dsa type 1 debug1: identity file /home/yhy/.ssh/id_dsa-cert type -1 debug1: identity file /home/yhy/.ssh/id_ecdsa type -1 debug1: identity file /home/yhy/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/yhy/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/yhy/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/yhy/.ssh/id_ed25519 type -1 debug1: identity file /home/yhy/.ssh/id_ed25519-cert type -1 debug1: identity file /home/yhy/.ssh/id_ed25519_sk type -1 debug1: identity file /home/yhy/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/yhy/.ssh/id_xmss type -1 debug1: identity file /home/yhy/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.5 debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.5 pat OpenSSH* compat 0x04000000 debug1: Authenticating to localhost:22 as 'yhy' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: [email protected] MAC: compression: none debug1: kex: client->server cipher: [email protected] MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-ed25519 SHA256:KgNVsJSzDmK9KHR57LTY2Xarsui27l0FIm9CY2fUO6o debug1: Host 'localhost' is known and matches the ED25519 host key. debug1: Found key in /home/yhy/.ssh/known_hosts:1 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 134217728 blocks debug1: Will attempt key: /home/yhy/.ssh/id_dsa DSA SHA256:G/HRSEJY5SzAo4ejVp+GVHkIp+UjzMTETklcP2P0ym4 agent debug1: Will attempt key: /home/yhy/.ssh/id_rsa RSA SHA256:ysy/bD0PakYR49V2kxCs95GxfpHjLifTAPqNJ5yH480 agent debug1: Will attempt key: /home/yhy/.ssh/id_ecdsa debug1: Will attempt key: /home/yhy/.ssh/id_ecdsa_sk debug1: Will attempt key: /home/yhy/.ssh/id_ed25519 debug1: Will attempt key: /home/yhy/.ssh/id_ed25519_sk debug1: Will attempt key: /home/yhy/.ssh/id_xmss debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering public key: /home/yhy/.ssh/id_dsa DSA SHA256:G/HRSEJY5SzAo4ejVp+GVHkIp+UjzMTETklcP2P0ym4 agent debug1: Authentications that can continue: publickey,password debug1: Offering public key: /home/yhy/.ssh/id_rsa RSA SHA256:ysy/bD0PakYR49V2kxCs95GxfpHjLifTAPqNJ5yH480 agent debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/yhy/.ssh/id_ecdsa debug1: Trying private key: /home/yhy/.ssh/id_ecdsa_sk debug1: Trying private key: /home/yhy/.ssh/id_ed25519 debug1: Trying private key: /home/yhy/.ssh/id_ed25519_sk debug1: Trying private key: /home/yhy/.ssh/id_xmss debug1: Next authentication method: password从日志上看,应该还是配置的问题。 可能的原因 配置问题:如果是ssh配置的问题首先可以尝试这里修改配置。(如果之前从未修改过相关配置,大概率不是这里的问题) 进行上面的方法后,如果还不行,说明不是配置文件的问题。文件权限问题:有时文件权限也可能会导致登录失败,按照上述方法查看日志后,如果日志中出现有关文件权限的错误badownership,那么就要考虑.ssh文件夹和authorized_keys文件的权限问题了。 进入.ssh文件夹下,使用如下命令查看文件夹的信息:ll -ld drwx------ 3 xxx xxx 4096 5月 3 08:41 ./ 该目录必须具有上面所示的读(r)、写(w)、执行(x) 权限,如果没有则需要使用命令:chmod 0700 /home/your_home/.ssh 修改权限; 使用命令:/home/xxx/.ssh$ ls -ld authorized_keys -rw------- 1 yhy yhy 564 5月 3 07:08 authorized_keys 查看文件authorized_keys的文件权限。该文件必须有上面所示的读写(rw) 权限,否则使用命令:chmod 0600 /home/[username]/.ssh/authorized_keys 修改权限。zsh问题:如果上述方法都不奏效,且你正在/曾经使用zsh那么恭喜你可能遇到了和我相同的问题。这个问题可以通过命令service sshd status 查看ssh服务运行状态发现,如果运行日志中有:User xxx not allowed because shell /bin/zsh 那么就是由于zsh使用问题导致。我的问题是之前使用过 zsh,卸载后忘记修改默认终端,导致ssh出现问题。 首先查看系统可用终端: $ cat /etc/shells # /etc/shells: valid login shells /bin/sh /bin/bash /usr/bin/bash /bin/rbash /usr/bin/rbash /bin/dash /usr/bin/dash /bin/zsh /usr/bin/zsh可以看到由于之前设置过该文件,所以里面有bin/zsh和usr/bin/zsh,如果zsh已经卸载的话,可以删除后面这两行。 通过命令sudo nautilus可以以管理员身份打开文件夹,并且任意对里面的文件进行修改。 接下来查看系统默认shell: $ echo $SHELL /bin/zsh可以看到还是因为之前的设置,默认shell是zsh。通过命令: grep xxx(你的用户名) /etc/passwd #这条命令显示/etc/passwd中用户的终端设置 sudo chsh --shell /bin/bash xxx #这条命令修改用户的默认终端为/bin/bash grep xxx /etc/passwd #再次查看,默认终端已经变成/bin/bash在用户登录时,系统会根据/etc/passwd中的设置为用户设置默认终端,所以执行完上述操作后重启,再次检查默认终端: echo $SHELL /bin/bash会发现终端已经改成了/bin/bash。 这时候再试一试ssh localhost,会发现登录成功: 如果上面的方法都不能解决,就要根据日志和服务状态信息中的其它内容进行排查了。 总结这个ssh登录失败问题困扰了我很长时间,试了网上很多种方法都没有奏效,最后查看系统服务日志才发现问题所在。以后删除某个软件的时候,一定要把相关的配置还原成为默认的,否则不知道哪天会出问题! |
问题得到解决。【本文地址】
公司简介
联系我们