家里一臺2011年的老機(jī)器(Acer x3960承匣,i5-2300, 8G RAM, 120G SSD)放了很久沒有用戴卜,現(xiàn)在突然有需求在墻外部署一臺機(jī)器給國內(nèi)的小伙伴用颤殴。這機(jī)器老歸老杭跪,比t2.micro還是強(qiáng)得多通惫。收拾一下茂翔,裝個ubuntu準(zhǔn)備接客,發(fā)揮余熱履腋。
因為放在家里珊燎,用電視當(dāng)顯示器,想著哪天沒事自己還會在本地用一下遵湖,再加上那么多年和CDNS悔政、SNPS廝混的X window情節(jié),就裝了個桌面版ubuntu延旧。
安裝沒有問題谋国,配置上線也沒有問題,裝上ZeroTier迁沫,加入私網(wǎng)芦瘾,不用在費(fèi)心去做uPnP的路由器端口映射打洞。
上線后需要解決幾個問題:
- 開通ssh服務(wù)集畅,加入ssh key近弟。略過
- 修改suder
sudu visudo
加入下面這一行
ubuntu ALL=(ALL) NOPASSWD: ALL
參考 https://askubuntu.com/questions/147241/execute-sudo-without-password - 奇怪的密碼登錄
做完上面兩步,遠(yuǎn)程可以正常ssh免密碼登錄挺智,第一次用ansible playbook配置環(huán)境也全部成功祷愉。
但是,日常使用卻時不時提示輸入密碼,很奇怪二鳄。有時要求輸入赴涵,有時直接進(jìn)去。自己用也就算了订讼,小伙伴們用起來很難受髓窜,而且還有ansible呢。
開始debug:
ssh 登錄時使用-v 選項躯嫉,打印log纱烘,(敏感信息略過)
$ ssh -v ubuntu@10.10.10.10
OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 53: Applying options for *
debug1: Connecting to 10.10.10.10 [10.10.10.10] port 22.
debug1: Connection established.
debug1: identity file /Users/perebor/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/perebor/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/perebor/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/perebor/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/perebor/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/perebor/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/perebor/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/perebor/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 10.10.10.10:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
debug1: Host '10.10.10.10' is known and matches the ECDSA host key.
debug1: Found key in /Users/perebor/.ssh/known_hosts:66
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/perebor/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/perebor/.ssh/id_dsa
debug1: Trying private key: /Users/perebor/.ssh/id_ecdsa
debug1: Trying private key: /Users/perebor/.ssh/id_ed25519
debug1: Next authentication method: password
ubuntu@10.10.10.10's password:
發(fā)現(xiàn)問題是本地ssh client會使用不同的key嘗試登錄杨拐,但是三次以后服務(wù)器就返回提示輸入密碼祈餐。
因為服務(wù)器上sshd里面有密碼登錄這個選項。那我們關(guān)上他就好了哄陶。
到/etc/ssh/sshd_config 里面帆阳,把PasswordAuthentication改成no,
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
然后重啟ssh服務(wù)
sudo service ssh restart
再次登錄屋吨,直接進(jìn)入蜒谤。
$ ssh -v ubuntu@10.10.10.10
OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 53: Applying options for *
debug1: Connecting to 10.10.10.10 [10.10.10.10] port 22.
debug1: Connection established.
debug1: identity file /Users/perebor/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/perebor/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/perebor/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/perebor/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/perebor/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/perebor/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/perebor/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/perebor/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 10.10.10.10:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
debug1: Host '10.10.10.10' is known and matches the ECDSA host key.
debug1: Found key in /Users/perebor/.ssh/known_hosts:66
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/perebor/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 535
debug1: Authentication succeeded (publickey).
Authenticated to 10.10.10.10 ([10.10.10.10]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.10.0-33-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
0 packages can be updated.
0 updates are security updates.
