SSH公钥认证失败排错

我用ssh-copy-id [host]成功添加公钥到远程主机后,ssh [host]依旧需要输入密码,ssh -vvv,发现

debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51

公钥确实发出去了,但是服务器拒绝了。现在来debug sshd
首先将sshd的log改为DEBUG模式:

#SyslogFacility AUTHPRIV
LogLevel DEBUG

然后重启sshdsystemctl restart sshd
网上说的什/var/log/secure /var/log/auth.log都没有。
最后用journalctl -u sshd |tail -300 看到了日志:

Nov 07 06:49:39 7b145539c77d sshd[4726]: debug1: fd 5 clearing O_NONBLOCK
Nov 07 06:49:39 7b145539c77d sshd[4726]: Authentication refused: bad ownership or modes for directory /root
Nov 07 06:49:39 7b145539c77d sshd[4726]: debug1: restore_uid: 0/0
Nov 07 06:49:39 7b145539c77d sshd[4726]: Failed publickey for root from 127.0.0.1 port 44590 ssh2: RSA SHA256:ARFVQJxh4pxPs/gExtP6zH4tChIgwi++uTK2mZzmZY0

显然 /root的权限不对,改成700成功解决。

推荐阅读更多精彩内容