解决ssh添加用户公钥到~/.ssh/authorized_keys文件后任然没法无密码登陆的问题

最近一开发同事找我帮忙，说他在一台服务器上添加了本身电脑的ssh公钥，可是登陆服务器的时候仍然要求输入密码。刚开始我觉得是他添加ssh公钥的时候粘贴有问题，好比，ssh公钥原本应该是一行，结果粘贴成了多行，或者是粘贴出现了其余问题。通过我从新添加一次公钥后，仍然让输入密码，我就开始怀疑是~/.ssh/authorized_keys文件权限的问题。再经过/var/log/secure查看日志，提示authorized_keys的权限不是600。而后我再查看authorized_keys这个文件的权限被修改为了664，再查看/etc/ssh/sshd_config文件中设置有StrictModes yes 难怪添加了公钥仍然被要求输入密码。这里提一点，若是本身可以看懂英文说明的话，出了问题，能够首先看看相关服务的man手册，软件自身的说明文档才是最权威，最原始的，其余的资料都只是参考而已，参杂着各类片面的理解。

经过man ssh查看ssh相关的说明

The file ~/.ssh/authorized_keys lists the public keys that are permitted for logging in. When the user logs in, the ssh program tells the server which key pair it would like to use for authentication.  The client proves that it has access to the private key and the server checks that the corresponding public key is authorized to accept the account.

 ~/.ssh/authorized_keys

Lists the public keys (RSA/DSA) that can be used for logging in as this user.  The format of this file is described in the sshd(8) manual page.  This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others。If this file, the ~/.ssh directory, or the user’s home directory are writable by other users,then the file could be modified or replaced by unauthorized users.  In this case, sshd will not allow it to be used unless the StrictModes option has been set to “no”.

查看man sshd_config

  StrictModes

            Specifies whether sshd(8) should check file modes and ownership of the user’s files and home directory before accepting login.  This is normally desirable because novices sometimes accidentally leave their directory or files world-writable.  The default is “yes”.

经过man手册能够知道系统默认~/.ssh/authorized_keys这个文件的权限应该是owner具备读写权限，其余的都不能读写，即权限应该是600.若是在/etc/ssh/sshd_config 中设置了StrictModes yes 则sshd会去检查~/.ssh/authorized_keys这个文件的文件权限。若是~/.ssh目录和owner的home目录能够被其余用户写，那也会出现问题。