這裡的場景是,我收到了 AWS 產生的私鑰 - ED25519 金鑰 - 並使用 Windows 10/1809 的內建 ssh(OpenSSH_for_Windows_7.7p1、LibreSSL 2.6.5)進行了嘗試,效果很好。
我在同一台 PC 上嘗試了相同的金鑰,但在 WSL Ubuntu 18.04.3 (OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017) 中,它抱怨該金鑰的格式無效。
呼叫 ssh -v 顯示:
....snip a bit here....
debug1: Authenticating to xxxxxxxx.demo.com:22 as 'jgauthier'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:fCykR67cJynMNYYYv9jEO5PhYQgcaU0WRy/xmSsTxYQ
debug1: Host 'xxxxxxxx.demo.com' is known and matches the ECDSA host key.
debug1: Found key in /home/jgauthier/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
------------------------------------------------------------------------------
NOTICE
This IT system is provided for business use in accordance with approved
Policies and Procedures. By logging in, users acknowledge their understanding
that authorized administrators monitors and stores all activity generated on
this system as appropriate for business and security operations and may
disclose such activity or information as permitted by law.
------------------------------------------------------------------------------
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: jgauthier_key.pem
Load key "jgauthier_key.pem": invalid format
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
這是有效的最後幾行相關內容:
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: jgauthier_key.pem
debug1: Authentication succeeded (publickey).
Authenticated to xxxxxxx.demo.com ([nn.nn.nn.nn]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: console supports the ansi parsing
debug1: client_input_global_request: rtype [email protected] want_reply 0
Last login: Fri Oct 18 21:30:10 2019 from mm.mm.mm.mm
Last login: Fri Oct 18 21:30:10 2019 from mm.mm.mm.mm
[jgauthier@xxxxxxx ~]$
有任何想法嗎?我還沒有在同一台 PC 上運行 Ubuntu 18.04.3 的 VirtualBox VM 中嘗試過,也沒有從另一個 Linux 系統中嘗試過...
我連接的主機是 CentOS 7.6。這是伺服器報告
Remote protocol version 2.0, remote software version OpenSSH_7.4
當我連接時,如果這很重要的話。
我認為這可能是 CR/LF 與 LF,但在 WSL Linux 中,我手動編輯了 .pem 檔案以刪除任何可能的 CR/LF,並確保在檔案的最後一行後留下一個 LF - 但沒有繼續。我甚至對 Windows .ssh 目錄中的副本和 WSL ~/.ssh 中的副本進行了比較,它們是相同的。
這是關於 ssh 的兩個版本 - LibreSSL 2.6.5 vs OpenSSL 1.0.2n?