在两个不同的帐户上使用相同的公共 ssh 密钥
情况是这样的:我家里有一台机器(我们称之为 house_machine),我的办公室有另一台机器(称之为 office_machine)。我使用带有 dsa 密钥身份验证且无需密码身份验证的 ssh 从 office_machine 访问 home_machine。我已经在home_machine上设置了一个ssh服务器,并将在office_machine上生成的公钥添加到home_machine上的authorized_keys文件中。这工作正常 - 我可以仅使用密钥而不使用密码从office_machine ssh 到home_machine。
现在的问题是:当我访问其他办公室时,我希望能够通过使用属于office_machine的公钥来访问home_machine。即我想将公钥 (id_dsa.pub) 放在 USB 驱动器上,然后将其复制到另一个办公室的 .ssh 目录中。从我在这个网站上读到的内容来看,其他人似乎能够做这种类型的事情,但它不起作用。当我尝试简单地将 id_dsa.pub 放在新机器上并执行 ssh -v user@home_machine 时,调试消息以以下内容结尾:
debug1: Offering public key: .ssh/id_dsa debug1: Server accepts key: pkalg ssh-dss blen 433 debug1: read PEM private key done: type DSA debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. Permission denied (publickey).
我的临时解决方案是在 home_machine 上的 sshd_config 中设置“PasswordAuthentication yes”,并且只需使用密码即可访问 home_machine。然而,这失去了使用密钥授权的意义。
提前致谢!
here is the situation: i have one machine which lives at my house (lets call it house_machine) and i have another machine at my office (call this one office_machine). im using ssh with dsa key authentication and without password authentication to access home_machine from office_machine. i have set up an ssh server on home_machine and added the public key generated on office_machine to the authorized_keys file on home_machine. this works fine - i can ssh in to home_machine from office_machine just using the key and no password.
now the question: i would like to be able to access home_machine when i visit other offices simply by using the public key belonging to office_machine. ie i would like to put the public key (id_dsa.pub) on a usb drive and just copy it to the .ssh directory at another office. from what i have read on this site, others seem to have been able to do this type of thing, however it isnt working. when i try simply placing id_dsa.pub on a new machine and doing ssh -v user@home_machine the debug message ends with:
debug1: Offering public key: .ssh/id_dsa debug1: Server accepts key: pkalg ssh-dss blen 433 debug1: read PEM private key done: type DSA debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. Permission denied (publickey).
my temporary solution has been to set "PasswordAuthentication yes" in sshd_config on home_machine, and just use a password to get to home_machine. however this voids the point of using key-authorisation.
thanks in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您需要复制的不仅仅是公钥 - 您还需要私钥。
在 ssh 中,您将公钥放在服务器端,但客户端需要拥有私钥。
您想要将 id_dsa 文件(不是 id_dsa.pub)复制到 USB 密钥(确保它受到密码保护,以防丢失!)。
然后,您可以使用该密钥从任何有权访问该密钥的计算机登录 home_machine:
ssh -i /path/to/id_dsa user@home_machine
(看起来您可能已经在 office_machine 上拥有不同的私钥,根据什么来判断您粘贴 - 您可能会考虑使用 ssh-agent)
另外,请检查 /var/log/secure了解为什么您的 sshd 可能会拒绝密钥身份验证(这通常是 .ssh 目录及其祖先的权限问题)。
You need to copy more than just the public key - you need the private key.
In ssh, you place the public on the server side but the client side needs to have the private key.
You want to copy over the id_dsa file (not id_dsa.pub) to your USB key (make sure it's protected with a passphrase, in case it gets lost!).
You can then use that key to login to home_machine from any machine that has access to the key:
ssh -i /path/to/id_dsa user@home_machine
(it looks like you might already have a different private key on office_machine, judging by what you pasted - You might look into using ssh-agent)
Also, check /var/log/secure to see why your sshd might be rejecting key authentication (it's often an issue of permissions on the .ssh directory and its ancestors).