解決ssh添加用戶公鑰到~/.ssh/authorized_keys文件後任然沒法無密碼登陸的問題

最近一開發同事找我幫忙，說他在一臺服務器上添加了本身電腦的ssh公鑰，可是登陸服務器的時候仍然要求輸入密碼。剛開始我覺得是他添加ssh公鑰的時候粘貼有問題，好比，ssh公鑰原本應該是一行，結果粘貼成了多行，或者是粘貼出現了其餘問題。通過我從新添加一次公鑰後，仍然讓輸入密碼，我就開始懷疑是~/.ssh/authorized_keys文件權限的問題。再經過/var/log/secure查看日誌，提示authorized_keys的權限不是600。而後我再查看authorized_keys這個文件的權限被修改爲了664，再查看/etc/ssh/sshd_config文件中設置有StrictModes yes 難怪添加了公鑰仍然被要求輸入密碼。這裏提一點，若是本身可以看懂英文說明的話，出了問題，能夠首先看看相關服務的man手冊，軟件自身的說明文檔纔是最權威，最原始的，其餘的資料都只是參考而已，參雜着各類片面的理解。

經過man ssh查看ssh相關的說明

The file ~/.ssh/authorized_keys lists the public keys that are permitted for logging in. When the user logs in, the ssh program tells the server which key pair it would like to use for authentication.  The client proves that it has access to the private key and the server checks that the corresponding public key is authorized to accept the account.

 ~/.ssh/authorized_keys

Lists the public keys (RSA/DSA) that can be used for logging in as this user.  The format of this file is described in the sshd(8) manual page.  This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others。If this file, the ~/.ssh directory, or the user’s home directory are writable by other users,then the file could be modified or replaced by unauthorized users.  In this case, sshd will not allow it to be used unless the StrictModes option has been set to 「no」.

查看man sshd_config

  StrictModes

            Specifies whether sshd(8) should check file modes and ownership of the user’s files and home directory before accepting login.  This is normally desirable because novices sometimes accidentally leave their directory or files world-writable.  The default is 「yes」.

經過man手冊能夠知道系統默認~/.ssh/authorized_keys這個文件的權限應該是owner具備讀寫權限，其餘的都不能讀寫，即權限應該是600.若是在/etc/ssh/sshd_config 中設置了StrictModes yes 則sshd會去檢查~/.ssh/authorized_keys這個文件的文件權限。若是~/.ssh目錄和owner的home目錄能夠被其餘用戶寫，那也會出現問題。