19,615
社区成员
发帖
与我相关
我的任务
分享紧急求助:ssh登录时提示permission denied please try again
移植了一个openssh到自己板子上(arm板),结果登录时,总是报permission denied please try again的错误。按照网上的办法,尝试了好多,但还是没有解决,紧急求助大家帮忙解决一下,深表感谢!
说明几点:
用户名和密码都是root,不存在密码错误,因为就是用root 账户登录的,无法登录成功。
防火墙(iptables)没有开启。
sshd已经开启。
[root@OK2440 /root]# ps | grep sshd
942 root 3812 S /usr/local/sbin/sshd
按照网上的说法,修改/etc/ssh/sshd_config文件,设置如下:
PasswordAuthentication yes
PermitRootLogin yes
UsePrivilegeSeparation no
但仍然没有解决问题。
清除/root/.ssh/known_hosts(rm –f /root/.ssh/known_hosts)也不行。
更改root 账户密码,重启sshd。不报permission denied please try again,但是报Your password has expired. You must change your password now and login again!
192.168.0.15是我自己板子的ip地址,是可以ping通的。
实在找不到原因,急切等待答案,求大侠们帮忙解决一下这个小问题。
下面是我的具体操作以及调试信息。
/usr/local/bin/ssh -v 192.168.0.15
OpenSSH_4.7p1, OpenSSL 1.0.0d 8 Feb 2011
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to 192.168.0.15 [192.168.0.15] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7
debug1: match: OpenSSH_4.7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
The authenticity of host '192.168.0.15 (192.168.0.15)' can't be established.
RSA key fingerprint is fd:9f:c7:78:af:1f:e1:82:ee:ca:59:af:8b:21:46:b6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.15' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
root@192.168.0.15's password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
root@192.168.0.15's password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
root@192.168.0.15's password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).
[root@OK2440 .ssh]# /usr/local/bin/ssh -vv 192.168.0.15
OpenSSH_4.7p1, OpenSSL 1.0.0d 8 Feb 2011
debug1: Reading configuration data /usr/local/etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.15 [192.168.0.15] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7
debug1: match: OpenSSH_4.7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 115/256
debug2: bits set: 549/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug2: no key of type 0 for host 192.168.0.15
debug2: no key of type 2 for host 192.168.0.15
The authenticity of host '192.168.0.15 (192.168.0.15)' can't be established.
RSA key fingerprint is fd:9f:c7:78:af:1f:e1:82:ee:ca:59:af:8b:21:46:b6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.15' (RSA) to the list of known hosts.
debug2: bits set: 514/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
root@192.168.0.15's password:
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
root@192.168.0.15's password:
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
root@192.168.0.15's password:
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).
说明几点:
用户名和密码都是root,不存在密码错误,因为就是用root 账户登录的,无法登录成功。
防火墙(iptables)没有开启。
sshd已经开启。
[root@OK2440 /root]# ps | grep sshd
942 root 3812 S /usr/local/sbin/sshd
按照网上的说法,修改/etc/ssh/sshd_config文件,设置如下:
PasswordAuthentication yes
PermitRootLogin yes
UsePrivilegeSeparation no
但仍然没有解决问题。
清除/root/.ssh/known_hosts(rm –f /root/.ssh/known_hosts)也不行。
更改root 账户密码,重启sshd。不报permission denied please try again,但是报Your password has expired. You must change your password now and login again!
192.168.0.15是我自己板子的ip地址,是可以ping通的。
实在找不到原因,急切等待答案,求大侠们帮忙解决一下这个小问题。
下面是我的具体操作以及调试信息。
/usr/local/bin/ssh -v 192.168.0.15
OpenSSH_4.7p1, OpenSSL 1.0.0d 8 Feb 2011
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to 192.168.0.15 [192.168.0.15] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7
debug1: match: OpenSSH_4.7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
The authenticity of host '192.168.0.15 (192.168.0.15)' can't be established.
RSA key fingerprint is fd:9f:c7:78:af:1f:e1:82:ee:ca:59:af:8b:21:46:b6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.15' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
root@192.168.0.15's password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
root@192.168.0.15's password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
root@192.168.0.15's password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).
[root@OK2440 .ssh]# /usr/local/bin/ssh -vv 192.168.0.15
OpenSSH_4.7p1, OpenSSL 1.0.0d 8 Feb 2011
debug1: Reading configuration data /usr/local/etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.15 [192.168.0.15] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7
debug1: match: OpenSSH_4.7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 115/256
debug2: bits set: 549/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug2: no key of type 0 for host 192.168.0.15
debug2: no key of type 2 for host 192.168.0.15
The authenticity of host '192.168.0.15 (192.168.0.15)' can't be established.
RSA key fingerprint is fd:9f:c7:78:af:1f:e1:82:ee:ca:59:af:8b:21:46:b6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.15' (RSA) to the list of known hosts.
debug2: bits set: 514/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
root@192.168.0.15's password:
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
root@192.168.0.15's password:
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
root@192.168.0.15's password:
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).
...全文
请发表友善的回复…
发表回复
Zhaozetu 2014-02-17
- 打赏
- 举报
vi /etc/passwd
root行最后的true修改为sh
congbujiujie 2013-12-20
- 打赏
- 举报
ssh xxx.xxx.xxx.xxx -l 用户名
宇佐见丶泓彦 2013-07-12
- 打赏
- 举报
错了……
是 ssh usr@host 这个格式么?
宇佐见丶泓彦 2013-07-12
- 打赏
- 举报
ssh usr@passwd
是这个格式么?
noted2011 2011-10-19
- 打赏
- 举报
也不行。不过,我后来换了较新的交叉编译器和busybox就可以了。至于这个原因就不太清楚了。
o06v90o 2011-09-20
- 打赏
- 举报
看下 /etc/hosts.allow 跟 /etc/hosts.deny里面的内容。
在allow文件中把你IP加入可以访问,code:
ssh:IP:allow
在allow文件中把你IP加入可以访问,code:
ssh:IP:allow
yanyiwei2003 2011-09-19
- 打赏
- 举报
[Quote=引用 1 楼 zhu419282948 的回复:]
PermitRootLogin yes
UsePrivilegeSeparation no
注释掉这两行看看
[/Quote]之前这两行是注释掉的,也是报permission denied please try again的错误。
PermitRootLogin yes
UsePrivilegeSeparation no
注释掉这两行看看
[/Quote]之前这两行是注释掉的,也是报permission denied please try again的错误。
noted2011 2011-09-19
- 打赏
- 举报
[Quote=引用 2 楼 yiyaaixuexi 的回复:]
openssh需要openssl支持,好像sshd没有得到相应的钥匙.
ssh-agent 试试
[/Quote] 也不行,谁遇到过这种情况呀?麻烦答疑一下,谢谢!
openssh需要openssl支持,好像sshd没有得到相应的钥匙.
ssh-agent 试试
[/Quote] 也不行,谁遇到过这种情况呀?麻烦答疑一下,谢谢!
念茜 2011-09-19
- 打赏
- 举报
openssh需要openssl支持,好像sshd没有得到相应的钥匙.
ssh-agent 试试
ssh-agent 试试
linux菜鸟 2011-09-19
- 打赏
- 举报
PermitRootLogin yes
UsePrivilegeSeparation no
注释掉这两行看看
UsePrivilegeSeparation no
注释掉这两行看看
