ssh 故障排查和免密登陆

ssh 故障

你是某金融科技公司的 Linux 运维工程师，负责维护核心生产服务器集群。

发现某台服务器无法通过ssh远程登录。

请排查故障，并修复问题。

故障模拟

server设置

[root@server ~ 11:38:53]# usermod -s /sbin/nologin zhangsan
[root@server ~ 11:44:22]# echo 123 | passwd --stdin zhangsan
更改用户 zhangsan 的密码 。
passwd：所有的身份验证令牌已经成功更新。
[root@server ~ 11:44:43]# systemctl stop sshd

client设置

[dyx@client ~ 10:52:07]$ chmod 666 .ssh/config
[dyx@client ~ 11:45:20]$ cat > .ssh/config <<EOF
> Host *
>   User zhangsan
>   StrictHostKeyChecking yes
> EOF
[dyx@client ~ 11:45:55]$ > .ssh/known_hosts

排故故障

1. 错误现象：

[dyx@client ~ 11:46:10]$ ssh server
Bad owner or permissions on /home/dyx/.ssh/config

1. 处理方法：

[dyx@client ~ 11:48:05]$ ll .ssh/config
-rw-rw-rw- 1 dyx dyx 51 9月  15 11:45 .ssh/config
[dyx@client ~ 11:48:23]$ chmod 600 .ssh/config
[dyx@client ~ 11:48:36]$ ll .ssh/config
-rw------- 1 dyx dyx 51 9月  15 11:45 .ssh/config

2. 错误现象：

[dyx@client ~ 11:48:39]$ ssh server
ssh: connect to host server port 22: Connection refused

2. 处理方法：

[root@server ~ 11:44:53]# systemctl status sshd
● sshd.service - OpenSSH server daemonLoaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)Active: inactive (dead) since 一 2025-09-15 11:44:53 CST; 5min agoDocs: man:sshd(8)man:sshd_config(5)Process: 2059 ExecStart=/usr/sbin/sshd -D $OPTIONS (code=exited, status=0/SUCCESS)Main PID: 2059 (code=exited, status=0/SUCCESS)[root@server ~ 11:50:00]# systemctl start sshd[root@server ~ 11:50:21]# systemctl status sshd
● sshd.service - OpenSSH server daemonLoaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)Active: active (running) since 一 2025-09-15 11:50:21 CST; 3s agoDocs: man:sshd(8)man:sshd_config(5)Main PID: 2086 (sshd)CGroup: /system.slice/sshd.service└─2086 /usr/sbin/sshd -D

3. 错误现象：

[dyx@client ~ 11:49:30]$ ssh server
No ECDSA host key is known for server and you have requested strict checking.
Host key verification failed.

3. 处理方法：

[dyx@client ~ 11:50:46]$ vim .ssh/config
[dyx@client ~ 12:31:20]$ cat .ssh/config
Host *User zhangsanStrictHostKeyChecking no

4. 错误现象：

[dyx@client ~ 12:31:24]$ ssh server
Warning: Permanently added 'server,10.1.8.10' (ECDSA) to the list of known hosts.
zhangsan@server's password: 
Last failed login: Mon Sep 15 10:34:32 CST 2025 from client.dyx.cloud on ssh:notty
There were 2 failed login attempts since the last successful login.
This account is currently not available.
Connection to server closed.

4. 处理方法：

[root@server ~ 11:50:25]# cat /etc/passwd | grep zhangsan
zhangsan:x:1001:1001::/home/zhangsan:/sbin/nologin
[root@server ~ 12:32:06]# usermod -s /bin/bash zhangsan

处理结果

[dyx@client ~ 12:31:40]$ ssh server
zhangsan@server's password: 
Last login: Mon Sep 15 12:31:40 2025 from client.dyx.cloud

免密登陆

[dyx@client ~ 12:33:31]$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/dyx/.ssh/id_rsa): 
/home/dyx/.ssh/id_rsa already exists.
Overwrite (y/n)? 
[dyx@client ~ 12:33:47]$ ssh-copy-id zhangsan@server
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/dyx/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
zhangsan@server's password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'zhangsan@server'"
and check to make sure that only the key(s) you wanted were added.[dyx@client ~ 12:34:04]$ ssh server
Last login: Mon Sep 15 12:32:56 2025 from client.dyx.cloud
[zhangsan@server ~ 12:34:10]$