SSH 无法连接,提示 Permission denied (keyboard-interactive)
killerv · 2015-01-03 21:36:34 +08:00 · 14973 次点击这是一个创建于 3604 天前的主题,其中的信息可能已经有所发展或是发生改变。
在conoha买的vps,远程服务器的时候出现了错误,弄了好久,没有解决,还望大家能帮忙分析一下:
执行ssh -vvv serverip命令,下面是详细信息:
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to serverip port 22.
debug1: Connection established.
debug1: identity file /home/killer/.ssh/id_rsa type -1
debug1: identity file /home/killer/.ssh/id_rsa-cert type -1
debug1: identity file /home/killer/.ssh/id_dsa type -1
debug1: identity file /home/killer/.ssh/id_dsa-cert type -1
debug1: identity file /home/killer/.ssh/id_ecdsa type -1
debug1: identity file /home/killer/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/killer/.ssh/id_ed25519 type -1
debug1: identity file /home/killer/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.1
debug1: match: OpenSSH_6.1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host serverip from file "/home/killer/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/killer/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: setup hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 73:fd:66:03:e5:72:75:35:71:e7:f9:dc:fa:46:38:b6
debug3: load_hostkeys: loading entries for host "console1001.cnode.jp" from file "/home/killer/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/killer/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "203.189.102.197" from file "/home/killer/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/killer/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'console1001.cnode.jp' is known and matches the RSA host key.
debug1: Found key in /home/killer/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/killer/.ssh/id_rsa ((nil)),
debug2: key: /home/killer/.ssh/id_dsa ((nil)),
debug2: key: /home/killer/.ssh/id_ecdsa ((nil)),
debug2: key: /home/killer/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: keyboard-interactive
debug3: start over, passed a different list keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (keyboard-interactive).
以上是错误日志,下面贴一下配置文件sshd_config:
$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
This is the sshd server system-wide configuration file. See
sshd_config(5) for more information.
This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
The strategy used for options in the default sshd_config shipped with
OpenSSH is to specify options with their default value where
possible, but leave them commented. Uncommented options change a
default value.
Port 22
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
Disable legacy (protocol version 1) support in the server for new
installations. In future the default will change to require explicit
activation of protocol 1
Protocol 2
HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 1h
ServerKeyBits 1024
Logging
obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
SyslogFacility AUTHPRIV
LogLevel INFO
Authentication:
LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
MaxAuthTries 6
MaxSessions 10
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
AuthorizedKeysCommand none
AuthorizedKeysCommandRunAs nobody
For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
similar for protocol version 2
HostbasedAuthentication no
Change to yes if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts no
Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication yes
Change to no to disable s/key passwords
ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
Kerberos options
KerberosAuthentication no
KerberosOrLocalPasswd yes
KerberosTicketCleanup yes
KerberosGetAFSToken no
KerberosUseKuserok yes
GSSAPI options
GSSAPIAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
GSSAPIStrictAcceptorCheck yes
GSSAPIKeyExchange no
Set this to 'yes' to enable PAM authentication, account processing,
and session processing. If this is enabled, PAM authentication will
be allowed through the ChallengeResponseAuthentication and
PasswordAuthentication. Depending on your PAM configuration,
PAM authentication via ChallengeResponseAuthentication may bypass
the setting of "PermitRootLogin without-password".
If you just want the PAM account and session checks to run without
PAM authentication, then enable this but set PasswordAuthentication
and ChallengeResponseAuthentication to 'no'.
UsePAM no
UsePAM yes
Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
AllowAgentForwarding yes
AllowTcpForwarding yes
GatewayPorts no
X11Forwarding no
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
PrintMotd yes
PrintLastLog yes
TCPKeepAlive yes
UseLogin no
UsePrivilegeSeparation yes
PermitUserEnvironment no
Compression delayed
ClientAliveInterval 0
ClientAliveCountMax 3
ShowPatchLevel no
UseDNS no
PidFile /var/run/sshd.pid
MaxStartups 10:30:100
PermitTunnel no
ChrootDirectory none
no default banner path
Banner none
override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
Example of overriding settings on a per-user basis
Match User anoncvs
X11Forwarding no
AllowTcpForwarding no
ForceCommand cvs server
 |
1
haozhang 2015-01-03 21:44:48 +08:00
你在自己的机子上用ssh-keygen生成rsa,把公钥复制到远程的linux的某个账户下的~/.ssh/authorized_keys里面就可以了吧
|
 |
2
killerv OP @haozhang 我现在用的是password方式验证,以前尝试过使用公钥的方式登陆,但是还是会有这个提示,而且服务器上的/var/log/secure也没有失败记录。
|
|
3
haozhang 2015-01-03 23:26:40 +08:00 via iPad  1
那不知道了,你把情况往baidu里送送。看看能不能搜索到。
|
 |
4
churchmice 2015-01-04 00:24:17 +08:00 via Android
1.公钥登录用ssh-keygen,拷贝可以用ssh-copyid
2.你试试看用默认的sshd_config 信得过我的,可以开个账号给我我试试看 |
 |
5
002jnm 2015-01-04 09:30:33 +08:00
key 600
|
|
6
killerv OP @churchmice 感谢你的热心帮助,貌似IP被墙掉了,国外可以ping通,国内无法ping通。
|
 |
7
lancegin 2016-07-09 14:34:42 +08:00
hi 你这个问题最后解决了吗?
|
Select Language