1

I want to implement the password-free login from my Mac to remote-server.

In my mac, there have several pairs of keys.

dele-MBP:.ssh ldl$ ls
authorized_keys         github_rsa_172653569
config              github_rsa_172653569.pub
github_172653569        id_rsa
github_rsa          id_rsa.pub
github_rsa.pub          known_hosts

I chosen the id_rsa.pub to send to remote-server:

​$ ssh-copy-id -i .ssh/id_rsa.pub root@192.168.1.253

the remote-server already have the pub-key:

[root@remote-server ~]# more .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvZzEsVmMvx06dj8jw7ivzISndINGcscm98EHpTmpGlA4CHSrUL1DJ9VOLSUap1Ginl0V8IF8Q873WbsbAuDAEHKEqM8ynmKpS3iz
yUBmT8lmQ0Gqm+XzuK43uyfKkV9PL+xuxYct4BKykCFu1vhluceC+Q8pgrM6LzrVZsC88CamJsFLbXnhcbOLwgNI2mAZZXtpSsaptszyLp6+OCT5+Wyp5rpQdtwNBOcmqdmheiN0AQz
8YrEVX3Te2BxYdnNKV9nfMtl4AhkrsZ0pSaxL0AOZI5mkyK6OhkgKNI0vh+sRCfEaZBd86H9u/Hn/ycMBARHpK/VjHEYSTUHcpGoJn dele123@gmail.com

but now when I login, there still needs manually input password.

remote-server version is CentOS 7.2, and my macOS is 10.15.2 (19C57).

EDIT-01

When display the detail logs, there get this information we did not send a packet, disable method.

$ ssh -Tvv root@192.168.1.253
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/luowensheng/.ssh/config
debug1: /Users/luowensheng/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 51: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.1.253 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.1.253 [192.168.1.253] port 22.
debug1: Connection established.
debug1: identity file /Users/luowensheng/.ssh/github_rsa_726535609 type 0
debug1: identity file /Users/luowensheng/.ssh/github_rsa_726535609-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.253:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: MACs ctos: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:DqAKjbw7po5n2Jr8Q8M2RntwO5nTSTyxyhpPnfPdJy4
debug1: Host '192.168.1.253' is known and matches the ECDSA host key.
debug1: Found key in /Users/luowensheng/.ssh/known_hosts:385
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: Will attempt key: /Users/luowensheng/.ssh/github_rsa_726535609 RSA SHA256:JSG4qxcRvp52EQl5hebdR23Nf7LwcDxwUAXXpxCpNk4 explicit
debug2: pubkey_prepare: done
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/luowensheng/.ssh/github_rsa_726535609 RSA SHA256:JSG4qxcRvp52EQl5hebdR23Nf7LwcDxwUAXXpxCpNk4 explicit
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
user7693832
  • 6,119
  • 19
  • 63
  • 114

1 Answers1

0

Start with ssh -Tvv root@192.168.1.253 to check it does try and offer your id_rsa key.
Also make sure it does ask for root password, and not for your private key passphrase (if said key was created with a passphrase)

I would also create, for testing, a new key with the old PEM format instead of the current OpenSSH one:

ssh-keygen -t rsa -m PEM -f ~/.ssh/test

Copy the test.pub, and try ssh -i ~/.ssh/test root@192.168.1.253

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250