今天我们同事说他有台北京的服务器登不上去，我说你先用securecrt登来试试，发个报错给我。

如下；

public-key authentication with the server for user gzsun failed. Please verify username and public/private key pair.从这个简单的报错看不出有些什么不同，好像是公钥不对，但是我给他重新生成了公钥还是不行，看来报错的信息太简单了。

 

     后来我让他在一个服务器上登这个：

然后出现这个，如下：

gzsun]$ ssh -l gzsun 220.181.29.253 -p18822 -v
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 220.181.29.253 [220.181.29.253] port 18822.
debug1: Connection established.
debug1: identity file /home/gzsun/.ssh/identity type -1
debug1: identity file /home/gzsun/.ssh/id_rsa type -1
debug1: identity file /home/gzsun/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.4
debug1: match: OpenSSH_4.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '220.181.29.253' is known and matches the RSA host key.
debug1: Found key in /home/gzsun/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key:
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/gzsun/.ssh/identity
debug1: Trying private key: /home/gzsun/.ssh/id_rsa
debug1: Trying private key: /home/gzsun/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
[gzsun@bjxd gzsun]$

 

上面的报错中注意到：

   debug1: Found key in /home/gzsun/.ssh/known_hosts:2

    推测跟原来那个机器相关，也就是所以删去现在这个服务器的known_hosts

但是有出现新的报错：

[gzsun@bjxd gzsun]$ ssh -l gzsun 220.181.29.253 -p18822 -v
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 220.181.29.253 [220.181.29.253] port 18822.
debug1: Connection established.
debug1: identity file /home/gzsun/.ssh/identity type -1
debug1: identity file /home/gzsun/.ssh/id_rsa type -1
debug1: identity file /home/gzsun/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.4
debug1: match: OpenSSH_4.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
The authenticity of host '220.181.29.253 (220.181.29.253)' can't be established.
RSA key fingerprint is d9:16:1f:9a:4b:01:59:20:88:15:fb:18:75:ca:49:5f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '220.181.29.253' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key:
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/gzsun/.ssh/identity
debug1: Trying private key: /home/gzsun/.ssh/id_rsa
debug1: Trying private key: /home/gzsun/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
[gzsun@bjxd gzsun]$

于是推测是usermod -U gzsun
这个是用户的帐号被锁了。把他打开。

因为默认情况下：useradd 建的用户是锁定状态的。