Windows OpenSSH 서버 기능을 설치하려고 시도했으며 C:/Program Files/OpenSSH에 OpenSSH를 수동으로 설치하려고 시도했지만 둘 다 연결하려고 할 때 비밀번호를 묻는 메시지가 표시되지만 올바른 권한이 거부되었습니다. 항상 표시됩니다. 잘 작동했지만 얼마 후 이 문제에 직면하기 시작했습니다. -d 옵션을 사용하여 sshd 서버를 수동으로 실행하려고 시도했는데 다음 로그가 표시됩니다.
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Debian-10+deb10u2
debug1: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH* compat 0x04000000
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: rekey out after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: Sending SSH2_MSG_EXT_INFO [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey in after 134217728 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user aawais@domain service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: user domain\\aawais matched group list administrators at line 84
User domain\\aawais not allowed because shell c:\\program files\\powershell\\7\\pwsh.exe does not exist
debug1: userauth-request for user aawais@domain service ssh-connection method keyboard-interactive [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: keyboard-interactive devs [preauth]
debug1: auth2_challenge: user=aawais@domain devs= [preauth]
debug1: kbdint_alloc: devices '' [preauth]
debug1: userauth-request for user aawais@domain service ssh-connection method password [preauth]
debug1: attempt 2 failures 1 [preauth]
debug1: Windows authentication failed for user: NOUSER domain: . error: 1326
다음은 내 sshd_config 파일입니다
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
MaxAuthTries 600
#MaxSessions 10
PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp sftp-server.exe
# Example of overriding settings on a per-user basis
#Match User anoncvs
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
Match Group administrators
AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
이 문제의 원인은 무엇일까요?
답변1
로그인이 안되는 이유:
debug1: user domain\\aawais matched group list administrators at line 84
User domain\\aawais not allowed because shell c:\\program files\\powershell\\7\\pwsh.exe does not exist
Sshd는 비밀번호를 요청하기 전에 사용자의 유효성을 확인합니다.
답변2
기본 셸 위치가 잘못되었으며 문제에서 언급된 서버 디버그 로그에서 이를 발견했습니다.
User domain\\aawais not allowed because shell c:\\program files\\powershell\\7\\pwsh.exe does not exist
다음 명령을 실행하여 기본 쉘을 설정하십시오.
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
답변3
문제는 "Microsoft" 클라우드 계정을 사용하고 있다는 것일 수도 있습니다. 이 문제에 대한 두 가지 수정 사항이 있습니다.
Microsoft 계정 비밀번호(예:https://www.microsoft.com/)를 사용하여 로컬 컴퓨터에 로그인하는 비밀번호 대신.
로그인 시 비밀번호 대신 키를 사용하세요. (예를 들어 여기 가이드를 따르세요.https://archive.is/VXPE8)
대신 Microsoft 계정을 로컬 계정으로 변경하세요. 설정->계정->로컬 계정을 사용하는 경우 정보는 다음과 같습니다.
