问题:使用ssh-keygen生成了密钥对后,把公钥直接重命名成authorized_keys拷贝到服务器~/.ssh目录,发现vscode ssh登录还是提示需要输入密码,还以为密钥对搞错了,反复重试都一样,这就费解了。

解决

Make sure the permissions on the ~/.ssh directory and its contents are proper. When I first set up my ssh key auth, I didn’t have the ~/.ssh folder properly set up, and it yelled at me.

  • Your home directory ~, your ~/.ssh directory and the ~/.ssh/authorized_keys file on the remote machine must be writable only by you: rwx------ and rwxr-xr-x are fine, but rwxrwx--- is no good¹, even if you are the only user in your group (if you prefer numeric modes: 700 or 755, not 775).
    If ~/.ssh or authorized_keys is a symbolic link, the canonical path (with symbolic links expanded) is checked.
  • Your ~/.ssh/authorized_keys file (on the remote machine) must be readable (at least 400), but you’ll need it to be also writable (600) if you will add any more keys to it.
  • Your private key file (on the local machine) must be readable and writable only by you: rw-------, i.e. 600.
  • Also, if SELinux is set to enforcing, you may need to run restorecon -R -v ~/.ssh (see e.g. Ubuntu bug 965663 and Debian bug report #658675; this is patched in CentOS 6).

¹ Except on some distributions (Debian and derivatives) which have patched the code to allow group writability if you are the only user in your group.

原文链接:https://unix.stackexchange.com/questions/36540/why-am-i-still-getting-a-password-prompt-with-ssh-with-public-key-authentication

意思就是,一般情况下要求 authorized_keys 文件最好设置为只有所有者有读权限或者读写权限(400或者600),其他情况可能导致不能访问。某些打了补丁的系统也允许当属组成员只有你一个时,authorized_keys设置属组写权限,也允许ssh登录。

果然我服务器authorized_keys权限是-rwxr--r--(744).我是通过samba把服务器目录共享到Windows的,拷贝过去默认变成了-rwxr--r--

所以一句 

1
chmod 600 authorized_keys

解决