客户端：OS Ubuntu，git版本2.7.4。
服务器：OS Centos，git版本2.7.4。
我的客户机中有一个专用ssh密钥，服务器中有一个公钥。
我可以使用shell输入我的服务器（没有密码）。
但不能推原主！
sudo ssh-i/path/to/key/-vT [email protected]
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /etc/ssh/ssh_configdebug1: /etc/ssh/ssh_config line 19: Applying options for *debug1: Connecting to xxx.xx.xxx.xxx [xxx.xx.xxx.xxx] port 22.debug1: Connection established.debug1: permanently_set_uid: 0/0debug1: identity file /home/whj/.ssh/whjwebsite type 1debug1: key_load_public: No such file or directorydebug1: identity file /home/whj/.ssh/whjwebsite-cert type -1debug1: Enabling compatibility mode for protocol 2.0debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1 debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000debug1: Authenticating to xxx.xx.xxx.xxx:22 as 'git'debug1: SSH2_MSG_KEXINIT sentdebug1: SSH2_MSG_KEXINIT receiveddebug1: kex: algorithm: [email protected]: kex: host key algorithm: ecdsa-sha2-nistp256debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: nonedebug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: nonedebug1: expecting SSH2_MSG_KEX_ECDH_REPLYdebug1: Server host key: ecdsa-sha2-nistp256 SHA256:aC1Ydp+6x8IP+TV5jEl7WwqW6sEycbznbfL09qON/OAdebug1: Host 'xxx.xx.xxx.xxx' is known and matches the ECDSA host key.debug1: Found key in /root/.ssh/known_hosts:1debug1: rekey after 134217728 blocksdebug1: SSH2_MSG_NEWKEYS sentdebug1: expecting SSH2_MSG_NEWKEYSdebug1: rekey after 134217728 blocksdebug1: SSH2_MSG_NEWKEYS receiveddebug1: SSH2_MSG_SERVICE_ACCEPT receiveddebug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-debug1: Next authentication method: gssapi-keyexdebug1: No valid Key exchange contextdebug1: Next authentication method: gssapi-with-micdebug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials availabledebug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials availabledebug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials availabledebug1: Next authentication method: publickeydebug1: Offering RSA public key: /home/whj/.ssh/whjwebsitedebug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-debug1: No more authentication methods to try. Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
“whjwebsite”是我的私钥。
drwx——宋承宪/
-rw-----whj网站
服务器：sshd_配置：
```
RSA认证是
PubkeyAuthentication是
GSSAPIAuthentication是
GSSAPICleanupCredentials编号
使用dns否
地址系列inet
允许登录是
SyslogFacility身份验证
密码验证号
挑战者身份验证否
客户端：ssh_config
enter image description here

我的2分：在服务器端，禁用GSSAPIAuthentication（即由Kerberos支持的SSO），除非您在公司防火墙内使用Linux上的Active Directory身份验证（使用Centrify或SSSD）。
如果您确实处于SSO场景中，但由于某些原因，单点登录无法正常工作，那么请使用客户端选项绕过Kerberos，例如。
ssh -o GSSAPIAuthentication=no -o GSSAPIKeyExchange=no