关于linux上面ssh和sftp到某台服务器出现Permission denied please try again

首先给大家推荐一下我老师大神的人工智能教学网站。教学不仅零基础,通俗易懂,而且非常风趣幽默,还时不时有内涵黄段子!点这里可以跳转到网站

最近在阿里云上面部署了两台服务器。服务器a(图片服务器)和服务器b(主程序),b是通过java的jsch这个框架来往a传送图片的,但是最近发送在b上面操作sftp的时候一直在报

[root@iZ23h0vz72uZ ~]# sftp root@192.168.1.11Connecting to 192.168.1.11...root@192.168.1.11's password: Permission denied, please try again.

一直报以上的错误,通过各种配置都不行,最后调通了b到a无密码登录的,但是通过程序java的jsch去连的时候会报

Apr 20 10:55:35 iZ2380a1u1tZ sshd[27326]: Failed password for ftp_1 from *.*.*.* port 33118 ssh2Apr 20 10:55:35 iZ2380a1u1tZ sshd[27327]: Received disconnect from *.*.*.*: 3: com.jcraft.jsch.JSchException: Auth fail

以下是sshd的debug日志

 : Apr 20 10:55:33 iZ2380a1u1tZ sshd[25188]: debug1: Forked child 27326.Apr 20 10:55:33 iZ2380a1u1tZ sshd[27326]: Set /proc/self/oom_score_adj to 0Apr 20 10:55:33 iZ2380a1u1tZ sshd[27326]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7Apr 20 10:55:33 iZ2380a1u1tZ sshd[27326]: debug1: inetd sockets after dupping: 3, 3Apr 20 10:55:33 iZ2380a1u1tZ sshd[27326]: Connection from 192.168.1.11 port 33118Apr 20 10:55:33 iZ2380a1u1tZ sshd[27326]: debug1: Client protocol version 2.0; client software version JSCH-0.1.51Apr 20 10:55:33 iZ2380a1u1tZ sshd[27326]: debug1: no match: JSCH-0.1.51Apr 20 10:55:33 iZ2380a1u1tZ sshd[27326]: debug1: Enabling compatibility mode for protocol 2.0Apr 20 10:55:33 iZ2380a1u1tZ sshd[27326]: debug1: Local version string SSH-2.0-OpenSSH_5.3Apr 20 10:55:33 iZ2380a1u1tZ sshd[27327]: debug1: permanently_set_uid: 74/74Apr 20 10:55:33 iZ2380a1u1tZ sshd[27327]: debug1: list_hostkey_types: ssh-rsa,ssh-dssApr 20 10:55:33 iZ2380a1u1tZ sshd[27327]: debug1: SSH2_MSG_KEXINIT sentApr 20 10:55:33 iZ2380a1u1tZ sshd[27327]: debug1: SSH2_MSG_KEXINIT receivedApr 20 10:55:33 iZ2380a1u1tZ sshd[27327]: debug1: kex: client->server aes128-ctr hmac-md5 noneApr 20 10:55:33 iZ2380a1u1tZ sshd[27327]: debug1: kex: server->client aes128-ctr hmac-md5 noneApr 20 10:55:33 iZ2380a1u1tZ sshd[27327]: debug1: expecting SSH2_MSG_KEXDH_INITApr 20 10:55:33 iZ2380a1u1tZ sshd[27327]: debug1: SSH2_MSG_NEWKEYS sentApr 20 10:55:33 iZ2380a1u1tZ sshd[27327]: debug1: expecting SSH2_MSG_NEWKEYSApr 20 10:55:33 iZ2380a1u1tZ sshd[27327]: debug1: SSH2_MSG_NEWKEYS receivedApr 20 10:55:33 iZ2380a1u1tZ sshd[27327]: debug1: KEX doneApr 20 10:55:33 iZ2380a1u1tZ sshd[27327]: debug1: userauth-request for user test_1 service ssh-connection method noneApr 20 10:55:33 iZ2380a1u1tZ sshd[27327]: debug1: attempt 0 failures 0Apr 20 10:55:33 iZ2380a1u1tZ sshd[27326]: debug1: PAM: initializing for "test_1"Apr 20 10:55:33 iZ2380a1u1tZ sshd[27327]: debug1: userauth-request for user test_1 service ssh-connection method gssapi-with-micApr 20 10:55:33 iZ2380a1u1tZ sshd[27327]: debug1: attempt 1 failures 0Apr 20 10:55:33 iZ2380a1u1tZ sshd[27326]: debug1: PAM: setting PAM_RHOST to "192.168.1.11"Apr 20 10:55:33 iZ2380a1u1tZ sshd[27326]: debug1: PAM: setting PAM_TTY to "ssh"Apr 20 10:55:33 iZ2380a1u1tZ sshd[27326]: debug1: Unspecified GSS failure.  Minor code may provide more information\nKey table file '/etc/krb5.keytab' not found\nApr 20 10:55:33 iZ2380a1u1tZ sshd[27327]: debug1: userauth-request for user test_1 service ssh-connection method passwordApr 20 10:55:33 iZ2380a1u1tZ sshd[27327]: debug1: attempt 2 failures 0Apr 20 10:55:35 iZ2380a1u1tZ sshd[27326]: debug1: PAM: password authentication failed for test_1: Authentication failureApr 20 10:55:35 iZ2380a1u1tZ sshd[27326]: Failed password for test_1 from 192.168.1.11 port 33118 ssh2Apr 20 10:55:35 iZ2380a1u1tZ sshd[27327]: Received disconnect from 192.168.1.11: 3: com.jcraft.jsch.JSchException: Auth failApr 20 10:55:35 iZ2380a1u1tZ sshd[27327]: debug1: do_cleanupApr 20 10:55:35 iZ2380a1u1tZ sshd[27326]: debug1: do_cleanupApr 20 10:55:35 iZ2380a1u1tZ sshd[27326]: debug1: PAM: cleanup

以下是/etc/sshd/sshd_config的配置

#       $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ # This is the sshd server system-wide configuration file.  See# sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with# OpenSSH is to specify options with their default value where# possible, but leave them commented.  Uncommented options change a# default value. #Port 22#ListenAddress 0.0.0.0#ListenAddress :: # Disable legacy (protocol version 1) support in the server for new# installations. In future the default will change to require explicit# activation of protocol 1Protocol 2 # HostKey for protocol version 1#HostKey /etc/ssh/ssh_host_key# HostKeys for protocol version 2#HostKey /etc/ssh/ssh_host_rsa_key#HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key#KeyRegenerationInterval 1h#ServerKeyBits 1024 # Logging# obsoletes QuietMode and FascistLoggingLogLevel debug # Authentication: #LoginGraceTime 2m#StrictModes yes#MaxAuthTries 6#MaxSessions 10 #RSAAuthentication yes#PubkeyAuthentication yes#AuthorizedKeysFile     .ssh/authorized_keys#AuthorizedKeysCommand none#AuthorizedKeysCommandRunAs nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts#RhostsRSAAuthentication no# similar for protocol version 2#HostbasedAuthentication no# Change to yes if you don't trust ~/.ssh/known_hosts for# RhostsRSAAuthentication and HostbasedAuthentication#IgnoreUserKnownHosts no# Don't read the user's ~/.rhosts and ~/.shosts files#IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here!#PermitEmptyPasswords no # Change to no to disable s/key passwords#ChallengeResponseAuthentication yesChallengeResponseAuthentication no # Kerberos options#KerberosAuthentication no#KerberosOrLocalPasswd yes#KerberosTicketCleanup yes#KerberosGetAFSToken no#KerberosUseKuserok yes # GSSAPI optionsGSSAPIAuthentication no#GSSAPIAuthentication yes#GSSAPICleanupCredentials yesGSSAPICleanupCredentials yes#GSSAPIStrictAcceptorCheck yes#GSSAPIKeyExchange no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and# PAM authentication via ChallengeResponseAuthentication may bypass# If you just want the PAM account and session checks to run without# and ChallengeResponseAuthentication to 'no'.#UsePAM noUsePAM yes # Accept locale-related environment variablesAcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGESAcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENTAcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGEAcceptEnv XMODIFIERS #AllowAgentForwarding yes#AllowTcpForwarding yes#GatewayPorts no#X11Forwarding noX11Forwarding yes#X11DisplayOffset 10#X11UseLocalhost yes#PrintMotd yes#PrintLastLog yes#TCPKeepAlive yesUseLogin yes#UsePrivilegeSeparation yes#PermitUserEnvironment no#Compression delayed#ClientAliveInterval 0#ClientAliveCountMax 3#ShowPatchLevel no#PidFile /var/run/sshd.pid#MaxStartups 10:30:100#PermitTunnel no#ChrootDirectory none # no default banner path#Banner none # override default of no subsystemsSubsystem       sftp    /usr/libexec/openssh/sftp-server#Subsystem sftp internal-sftp # Example of overriding settings on a per-user basis#Match User anoncvs#       X11Forwarding no#       AllowTcpForwarding no#       ForceCommand cvs server#UseDNS yesUseDns noAddressFamily inetPermitRootLogin yesSyslogFacility AUTHPRIVPasswordAuthentication yes

最后是把use PAM设置成为no才能正常的sftp和ssh到a服务器,真是太辛苦了,整整搞了一天

点这里可以跳转到人工智能网站

0 0 投票数
文章评分
订阅评论
提醒
0 评论
内联反馈
查看所有评论
0
希望看到您的想法,请发表评论。x
()
x