Master
[root@kvm-master ~]# ssh-copy-id -i .ssh/id_rsa.pub root@kvm-slave
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'kvm-slave (192.168.2.200)' can't be established.
ECDSA key fingerprint is SHA256:2ifq+lQqr/kP6PBjhxKQ9RsorjWLB0mZq9SzFObsENk.
ECDSA key fingerprint is MD5:9e:72:a7:ea:1f:25:7e:80:07:84:b8:3d:c0:e4:3b:7a.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@kvm-slave's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@kvm-slave'"
and check to make sure that only the key(s) you wanted were added.
[root@kvm-master ~]# ssh root@kvm-slave
sign_and_send_pubkey: signing failed: agent refused operation
root@kvm-slave's password:Slave
[root@kvm-slave ~]# ssh-copy-id -i .ssh/id_rsa.pub root@kvm-master
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'kvm-master (192.168.2.100)' can't be established.
ECDSA key fingerprint is SHA256:uMkV2AroNFWNsOLBwjhKiBIAIJ70C/BHK75t6thnAEE.
ECDSA key fingerprint is MD5:f1:f8:13:65:a9:13:46:35:fb:b8:f8:6e:e9:99:44:08.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@kvm-master's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@kvm-master'"
and check to make sure that only the key(s) you wanted were added.
[root@kvm-slave ~]# ssh root@kvm-master
Last login: Tue Aug 20 09:28:18 2024
[root@kvm-master ~]# exit
登出
Connection to kvm-master closed.
[root@kvm-slave ~]# :::info
表示ssh-agent 已经在运行了,但是找不到附加的任何keys,就是说你生成的key,没有附加到ssh-agent上,需要附加一下,执行
:::
SSH 代理拒绝签名:
- 错误消息
sign_and_send_pubkey: signing failed: agent refused operation表示 SSH 代理(ssh-agent)拒绝为您的私钥签名。 - 这通常发生在没有正确加载私钥到 SSH 代理中时,或者私钥没有密码保护。
- 错误消息
需要输入密码:
当您尝试使用 SSH 登录到
kvm-slave时,系统提示您输入密码。这意味着公钥认证尚未设置成功。解决方案
方案一、确保私钥已加载到 SSH 代理中:
- 如果您的私钥有密码保护,确保您已经使用
ssh-add命令将私钥加载到 SSH 代理中,并输入了正确的密码。 - 如果私钥没有密码保护,您也需要使用
ssh-add命令将其加载到 SSH 代理中。
方案二、重新加载私钥:(—
- 使用
ssh-add命令加载私钥到 SSH 代理中。 - 如果私钥有密码保护,您需要输入密码。
- 如果私钥没有密码保护,可以直接加载。
实际应用
特别方案
重启可解决
[root@kvm-master ~]# ssh root@kvm-slave
sign_and_send_pubkey: signing failed: agent refused operation
root@kvm-slave's password:
[root@kvm-master ~]#
[root@kvm-master ~]#
[root@kvm-master ~]# reboot [root@kvm-master ~]# ssh root@kvm-slave
Last login: Tue Aug 20 18:31:04 2024 from kvm-master
[root@kvm-slave ~]# exit
登出
Connection to kvm-slave closed.
[root@kvm-master ~]# 方案一、启动 SSH 代理:
如果您不确定 SSH 代理是否正在运行,可以运行以下命令:
eval "$(ssh-agent -s)"[root@kvm-master ~]# ssh root@kvm-slave sign_and_send_pubkey: signing failed: agent refused operation root@kvm-slave's password: [root@kvm-master ~]# eval "$(ssh-agent -s)" Agent pid 8709 [root@kvm-master ~]# ssh root@kvm-slave Last login: Tue Aug 20 18:41:02 2024 from kvm-master [root@kvm-slave ~]# exit 登出 Connection to kvm-slave closed. [root@kvm-master ~]#![image.png]( "image.png")
方案二、加载私钥:
查看已加载的私钥
ssh-add -l- 加载私钥到 SSH 代理中:
ssh-add ~/.ssh/id_rsa- 如果私钥位于其他位置,请使用完整的路径:
ssh-add /path/to/your/private/key
验证私钥是否已加载:
运行以下命令来确认私钥已经被加载:
ssh-add -l
- SHA256:h9IyYKURXoeXCNETEBdS5LcW4NWOzh/qaMZpMIveiZs root@kvm-master (RSA)
[root@kvm-master ~]# ssh-add ~/.ssh/id_rsa
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
[root@kvm-master ~]# ssh-add -l - SHA256:h9IyYKURXoeXCNETEBdS5LcW4NWOzh/qaMZpMIveiZs /root/.ssh/id_rsa (RSA)
SHA256:h9IyYKURXoeXCNETEBdS5LcW4NWOzh/qaMZpMIveiZs root@kvm-master (RSA)
[root@kvm-master ~]# ssh root@kvm-slave
Last login: Tue Aug 20 18:38:26 2024 from kvm-master ### 总结 可以按照上述指导来进行操作。这应该能够解决遇到的 `sign_and_send_pubkey: signing failed: agent refused operation` 错误,并能够顺利完成无密码登录。如果问题依然存在,请检查私钥文件是否有密码保护,并确保SSH 代理正确加载了私钥。