用户目录权限问题导致 SSH 免密码登录失败

正确配置了公钥到远程机器,并且 /root/.ssh/authorized_keys存在公钥

1
ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.3.20

权限确认无误

1
2
3
4
5
6
7
8
ls -al /root/.ssh
total 24
drwxr-xr-x 2 root root 4096 Nov 13 16:09 .
drwx------ 24 root root 4096 Feb 28 15:16 ..
-rw------- 1 root root 785 Oct 9 18:23 authorized_keys
-rw------- 1 root root 1679 Jul 29 2017 id_rsa
-rw-r--r-- 1 root root 395 Jul 29 2017 id_rsa.pub
-rw-r--r-- 1 root root 3548 Feb 7 18:22 known_hosts

然而登录还是需要输入密码,key不生效

最后查看log文件,发现很重要的一行Authentication refused: bad ownership or modes for directory /root

1
2
3
4
5
6
7
8
vim /var/log/auth.log

Feb 28 15:00:45 ubuntu sshd[6209]: Connection closed by 192.168.3.30 port 11364 [preauth]
Feb 28 15:03:12 ubuntu sshd[6206]: Received signal 15; terminating.
Feb 28 15:03:12 ubuntu sshd[6217]: Server listening on 0.0.0.0 port 22.
Feb 28 15:03:12 ubuntu sshd[6217]: Server listening on :: port 22.
Feb 28 15:03:37 ubuntu sshd[6224]: Authentication refused: bad ownership or modes for directory /root
Feb 28 15:03:37 ubuntu sshd[6224]: message repeated 3 times: [ Authentication refused: bad ownership or modes for directory /root]

/root的权限为

1
drwxr-xr-x   6  501 staff  4096 Feb 28 15:03 root/

f*ck,系统是硬盘clone过来的,样本为啥要修改/root权限?!

最后修改/root权限为700完美解决!