zhengchiliu/wiki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
wiki/运维/操作系统/Linux/排障/ssh免密无法登录.md
zhengchiliu eaafab9114 20250808
2025-08-08 00:41:18 +08:00

127 lines
5.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# SSH免密无法登录
时间2025年8月8日
------
记录一次SSH免密无法登录处理过程
## 现象
提交git仓代码时发现需要输入密码检查git公钥私钥正常怀疑gitea bug删除gitea账户的密钥后仍失败
![image-20250808001918017](C:\Users\85749\AppData\Roaming\Typora\typora-user-images\image-20250808001918017.png)
## 排查过程
1、查看本机密钥权限是否存在异常
```
root@VM-2-16-ubuntu:~/.ssh# ll
total 24
drwx------ 2 root root 4096 Aug 7 23:56 ./
drwx------ 25 root root 4096 Aug 7 23:51 ../
-rw------- 1 root root 777 Dec 13 2024 authorized_keys
-rw------- 1 root root 411 Nov 19 2024 id_ed25519
###权限正常600 -> 411
-rw-r--r-- 1 root root 101 Nov 19 2024 id_ed25519.pub
-rw-r--r-- 1 root root 142 Aug 7 23:56 known_hosts
```
2、查看本机公钥私钥是否匹配
```
root@VM-2-16-ubuntu:~/.ssh# cat id_ed25519.pub
ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA root@VM-2-16-ubuntu
ssh-keygen -y -f ~/.ssh/id_ed25519
ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAA root@VM-2-16-ubuntu
###密钥结果匹配,本机无异常
```
3、查看本机debug日志
```
root@VM-2-16-ubuntu:~/.ssh# ssh -vT -i ~/.ssh/id_ed25519 git@git.lzcwy.cn
OpenSSH_9.6p1 Ubuntu-3ubuntu13.5, OpenSSL 3.0.13 30 Jan 2024
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to git.lzcwy.cn [82.157.64.204] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_ed25519 type 3
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.6p1 Ubuntu-3ubuntu13.13
debug1: compat_banner: match: OpenSSH_9.6p1 Ubuntu-3ubuntu13.13 pat OpenSSH* compat 0x04000000
debug1: Authenticating to git.lzcwy.cn:22 as 'git'
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:KeQo88NlFRuNnUykhPUh2o0dyWazhH9OIvIPklUD4w4
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'git.lzcwy.cn' is known and matches the ED25519 host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: Sending SSH2_MSG_EXT_INFO
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256>
debug1: kex_ext_info_check_ver: publickey-hostbound@openssh.com=<0>
debug1: kex_ext_info_check_ver: ping@openssh.com=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256>
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Will attempt key: /root/.ssh/id_ed25519 ED25519 SHA256:w2mqdrO/ZGBBofMzBXHkEIyuoSudfgtF3rTr5Tlr6eE explicit
debug1: Offering public key: /root/.ssh/id_ed25519 ED25519 SHA256:w2mqdrO/ZGBBofMzBXHkEIyuoSudfgtF3rTr5Tlr6eE explicit
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
git@git.lzcwy.cn's password:
###debug1: Offering public key: /root/.ssh/id_ed25519 ED25519 说明本机可以识别到密钥并正确发送,查看对端日志
```
4、查看对端ssh日志
```
root@VM-24-13-ubuntu:/home/ubuntu# tail -f /var/log/auth.log
2025-08-07T23:50:16.251031+08:00 localhost sshd[553036]: User git not allowed because account is locked
###账号被锁定了
```
5、查看账号状态
```
root@VM-24-13-ubuntu:/home/ubuntu# passwd -S git
git L 2024-12-31 -1 -1 -1 -1
###L为被Lock解锁账号
```
6、解锁账号恢复
```
usermod -p 密码 git
```
Reference in New Issue View Git Blame Copy Permalink