使用密钥而不是密码在 ssh 中连接 2 Pi
Connecting 2 Pi in ssh using keys instead of password
我在 2 个独立的网络上有 2 个 Pi,运行 raspbian,一个是 Web 服务器,另一个用于备份(假设 pi-server 和 pi-backup),并且我想让 pi-server ssh 到 pi-backup 以备份数据。我设法在 pi-server 上输入这个:
ssh -p 4444 userBackup@pibackup.fr
userBackup@pibackup.fr's password :
我输入密码,然后系统提示我进行 pi-backup,一切正常(pi-backup 的 ssh 监听 22,但我用路由器将 4444 重定向到 22,听说它更安全)
因为我想编写连接脚本以便能够每天对其进行 cron,我无法通过密码进行身份验证,所以我尝试了密钥:我使用
在 pi-server 上生成了一个密钥
ssh-keygen
然后我copy/pasted id_rsa_pub in /home/userBackup/.ssh/authorized_keys...但是当我尝试连接时仍然要求我输入密码
令我惊讶的是,我已经使用主 PC 的密钥(当然不同)连接到 pi-backup,主 PC 与 pi-backup 在同一本地网络上。所以我在 authorized_keys.
中有两行
你知道哪里出了问题吗?不在同一个本地网络上应该不是问题,对吗?
[edit] 当我尝试时
ssh -v -i ~/.ssh/id_rsa -p 4444 userBackup@pibackup.fr
这是我得到的:
OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to pibackup.fr [90.10.1.1] port 4444.
debug1: Connection established.
debug1: identity file /home/userServer/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/userServer/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Raspbian-5
debug1: match: OpenSSH_6.7p1 Raspbian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 6b:5f:aa:aa:aa0c:aa:33:97:aa:56:aa:39:00:6f:79
debug1: Host '[pibackup.fr]:4444' is known and matches the ECDSA host key.
debug1: Found key in /home/userBackup/.ssh/known_hosts:2
Warning: Permanently added the ECDSA host key for IP address '[90.10.1.1]:4444' to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/userServer/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
userBackup@piBackup.fr's password:
我注意到在最后几行中,他说 "Offering RSA public key: /home/userServer/.ssh/id_rsa" 所以我尝试使用我的 public 密钥,但没有任何改变。
您必须在 ssh 行中指定使用 ssh-keygen 生成的密钥。你可以这样做:
ssh -i ~/.ssh/blah.key -p 4444 userBackup@pibackup.fr 它将加载您的密钥。
希望对你有所帮助
我终于找到了问题所在:在 serverBackup 上,userBackup 不是 authorized_keys 的所有者...仅此而已 ;)。我仍然不明白为什么当我从我的局域网 PC 连接时它可以工作,但现在一切都很好! Ankirama,谢谢你的时间和建议。
我在 2 个独立的网络上有 2 个 Pi,运行 raspbian,一个是 Web 服务器,另一个用于备份(假设 pi-server 和 pi-backup),并且我想让 pi-server ssh 到 pi-backup 以备份数据。我设法在 pi-server 上输入这个:
ssh -p 4444 userBackup@pibackup.fr
userBackup@pibackup.fr's password :
我输入密码,然后系统提示我进行 pi-backup,一切正常(pi-backup 的 ssh 监听 22,但我用路由器将 4444 重定向到 22,听说它更安全)
因为我想编写连接脚本以便能够每天对其进行 cron,我无法通过密码进行身份验证,所以我尝试了密钥:我使用
在 pi-server 上生成了一个密钥ssh-keygen
然后我copy/pasted id_rsa_pub in /home/userBackup/.ssh/authorized_keys...但是当我尝试连接时仍然要求我输入密码
令我惊讶的是,我已经使用主 PC 的密钥(当然不同)连接到 pi-backup,主 PC 与 pi-backup 在同一本地网络上。所以我在 authorized_keys.
中有两行你知道哪里出了问题吗?不在同一个本地网络上应该不是问题,对吗?
[edit] 当我尝试时
ssh -v -i ~/.ssh/id_rsa -p 4444 userBackup@pibackup.fr
这是我得到的:
OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to pibackup.fr [90.10.1.1] port 4444.
debug1: Connection established.
debug1: identity file /home/userServer/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/userServer/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Raspbian-5
debug1: match: OpenSSH_6.7p1 Raspbian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 6b:5f:aa:aa:aa0c:aa:33:97:aa:56:aa:39:00:6f:79
debug1: Host '[pibackup.fr]:4444' is known and matches the ECDSA host key.
debug1: Found key in /home/userBackup/.ssh/known_hosts:2
Warning: Permanently added the ECDSA host key for IP address '[90.10.1.1]:4444' to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/userServer/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
userBackup@piBackup.fr's password:
我注意到在最后几行中,他说 "Offering RSA public key: /home/userServer/.ssh/id_rsa" 所以我尝试使用我的 public 密钥,但没有任何改变。
您必须在 ssh 行中指定使用 ssh-keygen 生成的密钥。你可以这样做:
ssh -i ~/.ssh/blah.key -p 4444 userBackup@pibackup.fr 它将加载您的密钥。
希望对你有所帮助
我终于找到了问题所在:在 serverBackup 上,userBackup 不是 authorized_keys 的所有者...仅此而已 ;)。我仍然不明白为什么当我从我的局域网 PC 连接时它可以工作,但现在一切都很好! Ankirama,谢谢你的时间和建议。