Windows 10 sshd - 無密碼傳入 ssh 需要密碼

tag-icon tag-icon linux windows permissions sshd
Windows 10 sshd - 無密碼傳入 ssh 需要密碼

我正在嘗試設定從 Linux Mint 19.1 主機到 Windows 10 主機的無密碼、無密碼 ssh。 Windows 10 主機上有 OpenSSH_for_Windows_7.7p1。這是微軟的 OpenSSH 連接埠。

我可以為管理員帳戶進行此設置,但非特權帳戶不適用於我。管理員帳戶的操作方式有所不同。

我嘗試了很多不同的方法,但這是我認為應該有效的方法,以及它的問題:

我使用 mkdir 和 echo > 建立一個 /Users/Alden Stromberg/.ssh/authorized_keys 檔案(或 mkdir 和 cygwin vi - 相同的結果)。

然後我使用 OpenSSHUtils試圖設定正確的權限:

PS C:\Users\Alden Stromberg\.ssh> Import-Module 'C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psd1'

PS C:\Users\Alden Stromberg\.ssh> Repair-AuthorizedKeyPermission .\authorized_keys                                                   
  [*] .\authorized_keys 

'NT AUTHORITY\SYSTEM' has the following access to '.\authorized_keys': 'Deny'-'ExecuteFile'.
Shall I make it Allow FullControl?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):  
Exception calling "SetAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot be  
modified."
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:399 char:17
+                 $acl.SetAccessRule($ace)
+                 ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : InvalidOperationException

'NT AUTHORITY\SYSTEM' now has FullControl access to '.\authorized_keys'. 

'DESKTOP-A31M9SV\None' should not have access to '.\authorized_keys'..
Shall I remove this access?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):
Exception calling "RemoveAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot  
be modified."
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:490 char:20
+                 if(-not ($acl.RemoveAccessRule($ace)))
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : InvalidOperationException


'Everyone' should not have access to '.\authorized_keys'..
Shall I remove this access?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):  
Exception calling "RemoveAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot  
be modified."
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:490 char:20
+                 if(-not ($acl.RemoveAccessRule($ace)))
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : InvalidOperationException


'NT SERVICE\sshd' needs Read access to '.\authorized_keys'.
Shall I make the above change?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):
Exception calling "AddAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot be  
modified."
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:564 char:21
+                     $acl.AddAccessRule($ace)
+                     ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : InvalidOperationException

'NT SERVICE\sshd' now has Read access to '.\authorized_keys'.
Set-Acl : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:582 char:9 
+         Set-Acl -Path $FilePath -AclObject $acl -Confirm:$false
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (C:\Users\Alden ...authorized_keys:String) [Set-Acl], PrivilegeNotHeldException      
    + FullyQualifiedErrorId : System.Security.AccessControl.PrivilegeNotHeldException,Microsoft.PowerShell.Commands.SetAclCommand    

      Repaired permissions

為了修復非規範的 ACL,我嘗試了:

icacls.exe .\authorized_keys /reset /T /C /L /Q

……但隨後重新運行 Repair-AuthorizedKeyPermission 並沒有帶來任何樂趣。

我究竟做錯了什麼? 0.0.2.0\OpenSSHUtils.psm1 是否已過時?

為了完整起見,以下是適用於管理員帳戶的內容:

get-acl c:\ProgramData\ssh\ssh_host_dsa_key | set-acl c:\ProgramData\ssh\administrators_authorized_keys

謝謝!

答案1

對我來說解決這個問題的是comment out文件末尾的這兩行C:\ProgramData\ssh\sshd_config

Match Group administrators
      AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

然後重新啟動sshd。之後(並將 pub 金鑰新增至 ~/.ssh/authorized_keys 並確保該檔案具有正確的權限)我不再提示輸入密碼。

答案2

對非管理員帳戶進行無密碼身份驗證的一種方法如下所述: https://www.techpaste.com/2015/06/windows-ssh-server-setup-and-configuration/

簡而言之,將它們放入您的 中sshd_config,根據需要取消註釋預先存在的條目,可以在下面找到c:\ProgramData\ssh\

PermitRootLogin yes
StrictModes no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
IgnoreUserKnownHosts yes

然後net stop sshdnet start sshd

這可能意味著電腦上的每個人都可以讀取您的authorized_keys,但至少它可以工作。

相關內容