全球最新的免费资源发布区
增强VPS SSH账号安全:改端口,禁用Root,密钥登录,Denyhosts防暴力攻击
& 日 17:20 &
VPS SSH账号是我们日常管理VPS的主要登入方式，尤其是Root账号，对Linux系统安全至关重要。以前好多站长喜欢用Putty中文版，这实际是别人修改官方Putty汉化而来，这些软件被植入了后门，导致好几个有名的站点信息泄露，损失惨重。
如何知道自己的VPS账号正在遭受坏人的扫描和暴力破解呢？简单的方法就是查看日志：cat /var/log/auth.log。如何来增强VPS SSH账号的安全性呢？除了养成使用正规软件的好习惯外，还要从VPS本身来加强VPS SSH账号的安全性。
默认的SSH端口都是22，通过修改自己的VPS的端口先为扫描者增加一道端口门槛，VPS默认的账号是Root，如果我们禁用了Root，那么要攻破账号又得先暴力猜测VPS的账号，难度又增加几分。如果还不放心，我们可以直接禁用密码登录验证VPS的方式，改用密钥登录，这样安全系数是相当高了。
Linux还有一个自动统计VPS登录错误工具：，一旦登录VPS账号错误次数超过了Denyhosts安全设置，Denyhosts就会将该IP记录下来，同时将其放入黑名单当中，禁止该IP在某一段时间内继续访问VPS，通过Denyhosts可以实现自动封锁恶意IP。
VPS主机和网站安全优化是一个持久的问题，没有一劳永逸的“安全设置”，道高一尺，魔高一丈，我们只有不断地发现问题，才能最大限度地保护自己网站和：
1、VPS加速模块：
2、SSL加密：
3、WP账号：
增强VPS SSH账号安全:改端口,禁止Root,密钥登录,Denyhosts防暴力攻击
一、增强VPS SSH账号安全方法一：修改SSH登录端口
1、用下面命令进入配置文件。
vi /etc/ssh/sshd_config
2、找到#port 22，将前面的#去掉，然后修改端口 port 123（自己设定）。
3、然后重启ssh服务。
/etc/init.d/ssh restart
二、增强VPS SSH账号安全方法二：使用密钥登录SSH
1、SSH登录方式有账号+密码和密钥两种形式，为了阻止暴力破解VPS的账号和密码，我们可以放弃密码验证的方式，改用密钥文件验证。
2、执行以下命令在VPS上生成密钥文件。
ssh-keygen -t rsa
3、生成密钥时会询问你密钥保存的位置，默认即可，还有你可以为你的密钥还设置一个密码，默认为空。
4、密钥生成后，进入密钥存放的目录中，执行以下命令，将公钥生成一个新的文件。
cat id_rsa.pub >> authorized_keys
5、将id-rsa这个私钥文件下载到本地，打开软件，执行Conversions-&Import Key，导入这个私钥文件。
6、Putty使用密钥登录SSH方法：如果你要使用，在PuTTYGen中选择Save private key，这时会在本地生成一个PPK文件。
7、然后在Putty中填入服务器名，在SSH授权方式中选择密钥，导入刚刚保存的PPK文件。
8、使用Xshell通过密钥登录VPS方法：如果要使用，请在PuTTYGen的Conversions中选择Export Open#SSH Key，设置一个名称保存。
9、然后启用Xshell，填入服务器IP，在用户身份验证中选择“Public Key”，然后浏览导入刚刚你保存的Key文件。
10、导入了Key后，你就可以直接打开登录VPS了，不需要输入密码，即可进入VPS。
11、有了密钥登录VPS，我们就可以禁止用密码登录这种验证方式了，还是编辑配置：vim /etc/ssh/sshd_config，添加一行：PasswordAuthentication no，如果有了这一行，请把yes改成no，保存，重启SSH服务，生效。
三、增强VPS SSH账号安全方法三：禁用Root账号
1、如果你已经设置SSH密钥登录的方式，就可以禁用Root账号了，或者你可以新建一个VPS账号。执行以下命令：
useradd freehao123 #添加用户名
passwd freehao123 #为freehao123用户名设置密码
2、然后编辑进入配置：vim /etc/ssh/sshd_config，找到PermitRootLogin yes，然后后面的Yes改no，如果没有这一行命令，直接将：PermitRootLogin no 加进去。
3、保存后，重启SSH服务，生效。
四、增强VPS SSH账号安全方法四：Denyhosts防暴力攻击
1、Linux各平台现在基本上都可以直接安装Denyhosts了，执行以下命令：
Debian/Ubuntu：
sudo apt-get install denyhosts
RedHat/CentOS
yum install denyhosts
yaourt denyhosts
emerge -av denyhosts
2、安装好了Denyhosts，默认的配置基本上就可以防御一定的暴力攻击了，/etc/hosts.deny 文件里保存了被屏蔽的记录。
3、如果你要自定义Denyhosts的相关配置，执行：vim /etc/denyhosts.conf，以下是相关参数的说明：
SECURE_LOG = /var/log/auth.log #ssh 日志文件，它是根据这个文件来判断的。
HOSTS_DENY = /etc/hosts.deny #控制用户登陆的文件
PURGE_DENY = #过多久后清除已经禁止的，空表示永远不解禁
BLOCK_SERVICE = sshd #禁止的服务名，如还要添加其他服务，只需添加逗号跟上相应的服务即可
DENY_THRESHOLD_INVALID = 5 #允许无效用户失败的次数
DENY_THRESHOLD_VALID = 10 #允许普通用户登陆失败的次数
DENY_THRESHOLD_ROOT = 1 #允许root登陆失败的次数
DENY_THRESHOLD_RESTRICTED = 1
WORK_DIR = /var/lib/denyhosts #运行目录
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES #是否进行域名反解析
LOCK_FILE = /var/run/denyhosts.pid #程序的进程ID
ADMIN_EMAIL = root@localhost #管理员邮件地址,它会给管理员发邮件
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts
SMTP_SUBJECT = DenyHosts Report
AGE_RESET_VALID=5d #用户的登录失败计数会在多久以后重置为0，(h表示小时，d表示天，m表示月，w表示周，y表示年)
AGE_RESET_ROOT=25d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
RESET_ON_SUCCESS = yes #如果一个ip登陆成功后，失败的登陆计数是否重置为0
五、增强VPS SSH账号小结
1、上面讲到了四个方法来增强VPS SSH账号的安全性，那么如何得知自己的VPS曾经或正在遭受账号暴力破解登录呢？执行以下命令，查询出来的结果中包含了“ip地址=数量”就是攻击者信息。
cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}'
2、目前在Putty官网上没有看到中文版本的Putty，所以网上流行的一些汉化版本的Putty很有可能被植入了后门，大家在使用时一定要特别留心。Xshell官网直接提供了多国语言，包括中文在内。
文章出自：
版权所有。本站文章除注明出处外，皆为作者原创文章，可自由引用，但请注明来源。
真的，我猜你也会喜欢的：
您或许对下面这些文章有兴趣:&&&&&&&&&&&&&&&&&&&&本月吐槽辛苦排行榜
免费资源部落博客、论坛、问答和优惠网的创建者
经常混迹于各种免费资源中，尝鲜后乐于分享给他人。用WP搭建了部落博客，没事儿就折腾Wordpress，喜欢找免费空间，但只求精，稳定，耐用。有时也会介绍一点关于建站的知识和主机、服务器的使用心得与体会。PS：此人为男。
TA的专栏：&&|&&
关于本文的作者
所属分类：
链接地址：
浏览前页：
浏览后页：
部落快速搜索栏
热门点击排行榜
网站导航栏
免费资源重点推荐
最新文章推荐
部落最新评论列表
不得不看的秘密
部落本月最受关注的热点
(热度169℃) (热度126℃) (热度109℃) (热度98℃) (热度95℃) (热度87℃) (热度83℃) (热度79℃) (热度78℃) (热度72℃) (热度67℃) (热度61℃) (热度60℃) (热度57℃) (热度56℃) (热度55℃) (热度49℃)
部落本月踩得最多的宝贝
(踩16,780次) (踩12,030次) (踩4,510次) (踩3,900次) (踩2,980次) (踩1,900次) (踩1,890次) (踩1,750次) (踩1,660次) (踩1,640次)
免费资源部落，是一个致力发布和推广来自世界各地的免费资源，包括多样实用的免费空间、各种优秀的免费软件、各样可用的免费网盘等个人博客网站。站长qi是一位很普通不过的人，长期关注网络空间、互联网、软件应用、程序开发与设计、网络应用等。免费资源部落成立的目的就是希望与更多人分享网络快乐与精彩！本站持续修改完善中，如遇不便还请谅解^_^ssh keygen后登陆无效解决
ssh keygen后登陆无效解决
设置无密码登陆,结果出错无效.&
ssh-keygen,&
错误的设置方式:&
登陆到远程主机:mkdir .ssh && chmod 700 .ssh&
本地:scp .ssh/id_rsa.pub root@your_remote_host&
结果登陆还是提示要求输入密码.... ++ 试了好多次,权限啥的都是完全正确的...就是不行...&
后来发现,正确的设置方式:&
登陆到远程主机:mkdir .ssh && chmod 700 .ssh&
本地:ssh-copy-id -i .ssh/id_rsa.pub root@your_remote_host&
ok成功了~~&
错误的设置时,ssh显示调试信息:ssh -vvv -oPreferredAuthentications=publickey root@your_remote_host&
错误的调试信息如下,供参考:&
OpenSSH_5.2p1, OpenSSL 1.0.1c 10 May 2012&
debug1: Reading configuration data /usr/local/etc/ssh_config&
debug2: ssh_connect: needpriv 0&
debug1: Connecting to 192.168.0.113 [192.168.0.113] port 22.&
debug1: Connection established.&
debug1: identity file ~/.ssh/identity type -1&
debug3: Not a RSA1 key file /home/gototouch/.ssh/id_rsa.&
debug2: key_type_from_name: unknown key type '-----BEGIN'&
debug3: key_read: missing keytype&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug3: key_read: missing whitespace&
debug2: key_type_from_name: unknown key type '-----END'&
debug3: key_read: missing keytype&
debug1: identity file ~/.ssh/id_rsa type 1&
debug1: identity file ~/.ssh/id_dsa type -1&
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3&
debug1: match: OpenSSH_5.3 pat OpenSSH*&
debug1: Enabling compatibility mode for protocol 2.0&
debug1: Local version string SSH-2.0-OpenSSH_5.2&
debug2: fd 3 setting O_NONBLOCK&
debug1: SSH2_MSG_KEXINIT sent&
debug1: SSH2_MSG_KEXINIT received&
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1&
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss&
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se&
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se&
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-,hmac-ripemd160,hmac-,hmac-sha1-96,hmac-md5-96&
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-,hmac-ripemd160,hmac-,hmac-sha1-96,hmac-md5-96&
debug2: kex_parse_kexinit: none,,zlib&
debug2: kex_parse_kexinit: none,,zlib&
debug2: kex_parse_kexinit:&
debug2: kex_parse_kexinit:&
debug2: kex_parse_kexinit: first_kex_follows 0&
debug2: kex_parse_kexinit: reserved 0&
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1&
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss&
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se&
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se&
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-,hmac-ripemd160,hmac-,hmac-sha1-96,hmac-md5-96&
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-,hmac-ripemd160,hmac-,hmac-sha1-96,hmac-md5-96&
debug2: kex_parse_kexinit: none,&
debug2: kex_parse_kexinit: none,&
debug2: kex_parse_kexinit:&
debug2: kex_parse_kexinit:&
debug2: kex_parse_kexinit: first_kex_follows 0&
debug2: kex_parse_kexinit: reserved 0&
debug2: mac_setup: found hmac-md5&
debug1: kex: server-&client aes128-ctr hmac-md5 none&
debug2: mac_setup: found hmac-md5&
debug1: kex: client-&server aes128-ctr hmac-md5 none&
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(92) sent&
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP&
debug2: dh_gen_key: priv key bits set: 121/256&
debug2: bits set: 499/1024&
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent&
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY&
debug3: check_host_in_hostfile: filename /home/gototouch/.ssh/known_hosts&
debug3: check_host_in_hostfile: match line 6&
debug1: Host '192.168.0.113' is known and matches the RSA host key.&
debug1: Found key in ~/.ssh/known_hosts:6&
debug2: bits set: 522/1024&
debug1: ssh_rsa_verify: signature correct&
debug2: kex_derive_keys&
debug2: set_newkeys: mode 1&
debug1: SSH2_MSG_NEWKEYS sent&
debug1: expecting SSH2_MSG_NEWKEYS&
debug2: set_newkeys: mode 0&
debug1: SSH2_MSG_NEWKEYS received&
debug1: SSH2_MSG_SERVICE_REQUEST sent&
debug2: service_accept: ssh-userauth&
debug1: SSH2_MSG_SERVICE_ACCEPT received&
debug2: key: ~/.ssh/id_rsa (0x15fce10)&
debug2: key:
(0x1604210)&
debug2: key: ~/.ssh/identity ((nil))&
debug2: key: ~/.ssh/id_dsa ((nil))&
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password&
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password&
debug3: preferred publickey&
debug3: authmethod_lookup publickey&
debug3: remaining preferred:&
debug3: authmethod_is_enabled publickey&
debug1: Next authentication method: publickey&
debug1: Offering public key: ~/.ssh/id_rsa&
debug3: send_pubkey_test&
debug2: we sent a publickey packet, wait for reply&
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password&
debug1: Offering public key: &
debug3: send_pubkey_test&
debug2: we sent a publickey packet, wait for reply&
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password&
debug1: Trying private key: ~/.ssh/identity&
debug3: no such identity: ~/.ssh/identity&
debug1: Trying private key: ~/.ssh/id_dsa&
debug3: no such identity: ~/.ssh/id_dsa&
debug2: we did not send a packet, disable method&
debug1: No more authentication methods to try.&
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
后记:本人仔细看了下/usr/bin/ssh-copy-id的脚步,发现了centos的restorecon命令起的作用,测试了下如下方式也是可以有效的不用密码登陆:&
远程执行:mkdir .ssh && chmod 700 .ssh&
本地执行:cat ~/.ssh/id_rsa.pub | ssh root@your_host 'cat - &&& .ssh/authorized_keys'&
远程执行:restorecon .ssh .ssh/authorized_keys&
最后一步是成功的保证&
您对本文章有什么意见或着疑问吗？请到您的关注和建议是我们前行的参考和动力&&
您的浏览器不支持嵌入式框架，或者当前配置为不显示嵌入式框架。3908人阅读
问题现象：
serverA机器已经生产rsa密钥
且已经将public key添加到serverB机器/root/.ssh/authorized_keys
但是ssh root@135.251.208.141机器时仍然需要输入密码，即无密码认证失败
分析与处理：
用ssh -v debug访问，日志如下，但是从日志看不到失败原因，只知道在用publickey认证时，对端没有
此时百度时，有文章提到可以查看/var/log/secure日志
通过查看serverB机器/var/log/secure，发现报错如下
Jan& 8 13:31:34 wng-141 sshd[32366]: Authentication refused: bad ownership or modes for directory /root
Jan& 8 13:31:34 wng-141 sshd[32367]: Connection closed by 135.251.218.231
由此日志，可以是/root目录的权限不对，再百度搜索&Authentication refused: bad ownership or modes for directory /root&
发现所有用户的HOME目录应该是700权限，否则会引起很多问题，这个问题同样是由于这个原因
最终，执行chmod 700 root后解决
[root@wng-231 ~]# /usr/bin/ssh -vvv -i /opt/aware/Central/.sshkey/id_rsa -oConnectTimeout=1 -o StrictHostKeyChecking=no -o PasswordAuthentication=no root@135.251.208.141
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 135.251.208.141 [135.251.208.141] port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug3: timeout: 1000 ms remain after connect
debug1: permanently_set_uid: 0/0
debug3: Not a RSA1 key file /opt/aware/Central/.sshkey/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /opt/aware/Central/.sshkey/id_rsa type 1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 813
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-,hmac-ripemd160,hmac-,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-,hmac-ripemd160,hmac-,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,,zlib
debug2: kex_parse_kexinit: none,,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-,hmac-ripemd160,hmac-,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-,hmac-ripemd160,hmac-,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,
debug2: kex_parse_kexinit: none,
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server-&client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client-&server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(92) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 837
debug2: dh_gen_key: priv key bits set: 120/256
debug2: bits set: 537/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 981
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 7
debug1: Host '135.251.208.141' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:7
debug2: bits set: 505/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 997
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1045
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /opt/aware/Central/.sshkey/id_rsa (0x7f09ff288620)
debug3: Wrote 64 bytes for a total of 1109
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 135.251.208.141.
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An invalid name was supplied
debug1: An invalid name was supplied
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /opt/aware/Central/.sshkey/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1477
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
版权声明：本文为博主原创文章，未经博主允许不得转载。
* 以上用户言论只代表其个人观点，不代表CSDN网站的观点或立场
访问：185386次
积分：2233
积分：2233
排名：第8650名
原创：35篇
转载：81篇
评论：21条
(1)(1)(2)(1)(1)(6)(14)(1)(4)(1)(3)(5)(6)(3)(2)(5)(4)(4)(1)(4)(10)(2)(1)(5)(10)(8)(2)(1)(1)(2)(1)(1)(2)(1)