Troubleshooting "ssh 添加公钥失效 error in libcrypto"
The error message "ssh 添加公钥失效 error in libcrypto" typically occurs when trying to connect to a remote server via SSH using a newly added public key, and the connection fails. This error message suggests an issue within the OpenSSL library ("libcrypto") that's responsible for handling encryption and decryption during SSH communication.
Let's explore common causes and solutions to address this "ssh 添加公钥失效 error in libcrypto":
Possible Causes:
-
Incorrect Public Key Format: Double-check that your public key is in the correct format. SSH keys should be in OpenSSH format, typically ending with ".pub". Ensure the public key you are attempting to add is formatted correctly.
-
Permissions Issues: The SSH server might have restrictive permissions on the authorized_keys file, preventing the newly added public key from being read properly.
-
Missing or Incorrect SSH Configuration: Your SSH client or server might have outdated or incorrect configurations, leading to incompatibility with the public key format or encryption methods.
-
OpenSSL Library Errors: The "error in libcrypto" message might indicate a specific issue within the OpenSSL library itself. This could be due to a bug, corrupted library files, or conflicts with other software.
-
Network Connectivity Problems: Temporary network connectivity issues can disrupt the SSH handshake process, resulting in connection failures and "error in libcrypto" messages.
Troubleshooting Steps:
-
Verify Public Key Format:
- Ensure your public key is in the correct OpenSSH format. It should usually start with "ssh-rsa" or "ssh-eddsa" followed by a long string of characters.
- Use a text editor to open the public key file and verify its contents.
-
Check Authorized Keys Permissions:
- Log in to the server via SSH using a different, working account.
- Navigate to the authorized_keys file (usually found in the home directory of the user you're trying to access).
- Use the
ls -lcommand to check the permissions of the authorized_keys file. Ensure it has at least read and write permissions for the owner. - If necessary, change permissions with
chmod 600 ~/.ssh/authorized_keys.
-
Review SSH Configuration:
- On the server, check the
sshd_configfile. It's usually found in/etc/ssh/sshd_config. - Ensure that the
PubkeyAuthenticationoption is set to "yes". - Also, confirm that
PasswordAuthenticationis set to "no" if you want to enforce key-based authentication.
- On the server, check the
-
Update OpenSSL:
- If you suspect a problem with the OpenSSL library, try updating it to the latest version.
- On Ubuntu or Debian, use
sudo apt update && sudo apt upgrade. - On CentOS or RHEL, use
sudo yum update.
-
Re-add the Public Key:
- After addressing potential issues, try adding the public key again using the correct commands.
- On the server, use
ssh-copy-id username@server_addressto copy the public key to the authorized_keys file.
-
Test the Connection:
- Try connecting to the server via SSH again using your public key.
Example:
Problem:
You've added a new public key to your server using ssh-copy-id. However, when you try to connect to the server, you encounter the error: "ssh 添加公钥失效 error in libcrypto".
Troubleshooting:
- You check your public key format and confirm it is in OpenSSH format.
- You verify the authorized_keys file's permissions and they are correctly set to
600. - You inspect the
sshd_configfile and confirm thatPubkeyAuthenticationis set to "yes". - You update the OpenSSL library on your server.
- You try adding the public key again using
ssh-copy-idcommand. - You test the SSH connection, and it succeeds without the error.
Conclusion:
The "ssh 添加公钥失效 error in libcrypto" error is often caused by issues with the SSH client or server configuration, public key format, or OpenSSL library. By thoroughly reviewing these aspects and following the troubleshooting steps outlined above, you can usually resolve the problem and successfully connect to your remote server using your public key.