OpenSSH for Windows 拒絕使用 AD 使用者進行公鑰登入

OpenSSH for Windows 拒絕使用 AD 使用者進行公鑰登入

Windows 10, v 1903系統上,我正在運行v 8.0.0.0OpenSSH for Windows 並嘗試使用公鑰從遠端位置連接到它

使用者名稱和密碼驗證工作正常。SecureFX SFTP客戶端使用公鑰進行報告AUTH_SUCCESS,但連線立即關閉並出現TCP錯誤。

檢查伺服器日誌SSH,發現在無法找到登入使用者(可能在 Active Directory 中)後立即分叉非特權子層級時出現致命錯誤。

14036 2019-09-26 13:06:28.265 debug1: trying public key file C:\\Users\\abc\\.ssh/authorized_keys
14036 2019-09-26 13:06:28.265 debug1: C:\\Users\\abc\\.ssh/authorized_keys:5: matching key found: RSA SHA256:ajHmaaQPXU3VIPnMFJcz8ce2pwHZodRfudLtdLLmgJg
14036 2019-09-26 13:06:28.265 debug1: C:\\Users\\abc\\.ssh/authorized_keys:5: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
14036 2019-09-26 13:06:28.265 Accepted key RSA SHA256:ajHmaaQPXU3VIPnMFJcz8ce2pwHZodRfudLtdLLmgJg found at C:\\Users\\abc\\.ssh/authorized_keys:5
14036 2019-09-26 13:06:28.265 debug3: mm_answer_keyallowed: publickey authentication: RSA key is allowed
14036 2019-09-26 13:06:28.265 debug3: mm_request_send entering: type 23
14036 2019-09-26 13:06:28.265 debug3: mm_sshkey_verify entering [preauth]
14036 2019-09-26 13:06:28.265 debug3: mm_request_send entering: type 24 [preauth]
14036 2019-09-26 13:06:28.265 debug3: mm_sshkey_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth]
14036 2019-09-26 13:06:28.265 debug3: mm_request_receive_expect entering: type 25 [preauth]
14036 2019-09-26 13:06:28.265 debug3: mm_request_receive entering [preauth]
14036 2019-09-26 13:06:28.265 debug3: mm_request_receive entering
14036 2019-09-26 13:06:28.265 debug3: monitor_read: checking request 24
14036 2019-09-26 13:06:28.265 debug3: mm_answer_keyverify: publickey 00000252D826D600 signature verified
14036 2019-09-26 13:06:28.265 debug1: auth_activate_options: setting new authentication options
14036 2019-09-26 13:06:28.265 debug3: mm_request_send entering: type 25
14036 2019-09-26 13:06:28.265 Accepted publickey for abc from 127.0.0.1 port 62042 ssh2: RSA SHA256:ajHmaaQPXU3VIPnMFJcz8ce2pwHZodRfudLtdLLmgJg
14036 2019-09-26 13:06:28.265 debug1: monitor_child_preauth: abc has been authenticated by privileged process
14036 2019-09-26 13:06:28.265 debug3: mm_get_keystate: Waiting for new keys
14036 2019-09-26 13:06:28.265 debug3: mm_request_receive_expect entering: type 26
14036 2019-09-26 13:06:28.265 debug3: mm_request_receive entering
14036 2019-09-26 13:06:28.280 debug3: mm_get_keystate: GOT new keys
14036 2019-09-26 13:06:28.280 debug1: auth_activate_options: setting new authentication options [preauth]
14036 2019-09-26 13:06:28.280 debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa [preauth]
14036 2019-09-26 13:06:28.280 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
14036 2019-09-26 13:06:28.280 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 8.339ms (requested 8.339ms) [preauth]
14036 2019-09-26 13:06:28.280 debug3: send packet: type 52 [preauth]
14036 2019-09-26 13:06:28.280 debug3: mm_request_send entering: type 26 [preauth]
14036 2019-09-26 13:06:28.280 debug3: mm_send_keystate: Finished sending state [preauth]
14036 2019-09-26 13:06:28.280 debug1: monitor_read_log: child log fd closed
14036 2019-09-26 13:06:28.280 error: lookup_principal_name: User principal name lookup failed for user 'abc\\def' (explicit: 1355, implicit: 1355)
14036 2019-09-26 13:06:28.280 debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'abc\\def' Status: 0xC0000062 SubStatus 0.
14036 2019-09-26 13:06:28.280 debug3: get_user_token - unable to generate token for user abc\\def
14036 2019-09-26 13:06:28.280 error: lookup_principal_name: User principal name lookup failed for user 'abc\\def' (explicit: 1355, implicit: 1355)
14036 2019-09-26 13:06:28.280 debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'abc\\def' Status: 0xC0000062 SubStatus 0.
14036 2019-09-26 13:06:28.280 error: get_user_token - unable to generate token on 2nd attempt for user abc\\def
14036 2019-09-26 13:06:28.280 error: unable to get security token for user abc\\def
14036 2019-09-26 13:06:28.280 fatal: fork of unprivileged child failed
14036 2019-09-26 13:06:28.280 debug1: do_cleanup

我檢查了他們的GitHub頁面是否有類似問題 -- 看起來像類似的問題,但在OpenSSH最新版本中已修復。我獲取了最新版本並安裝了它,但相同的問題仍然存在。

這是一個不同的問題,還是我需要在我這邊啟用......?

相關內容